diff --git a/CefSharp/Enums/CefErrorCode.cs b/CefSharp/Enums/CefErrorCode.cs
index 3b6a56ecf2..68c5d25a3d 100644
--- a/CefSharp/Enums/CefErrorCode.cs
+++ b/CefSharp/Enums/CefErrorCode.cs
@@ -44,7 +44,7 @@ public enum CefErrorCode
Failed = -2,
///
- /// A request was aborted, possibly by the user.
+ /// An operation was aborted (due to user action).
///
Aborted = -3,
@@ -74,7 +74,8 @@ public enum CefErrorCode
FileTooBig = -8,
///
- /// An unexpected error. This may be caused by a programming mistake or an invalid assumption
+ /// An unexpected error. This may be caused by a programming mistake or an
+ /// invalid assumption.
///
Unexpected = -9,
@@ -157,25 +158,43 @@ public enum CefErrorCode
///
BlockedEnrollmentCheckPending = -24,
- // The upload failed because the upload stream needed to be re-read, due to a
- // retry or a redirect, but the upload stream doesn't support that operation.
+ ///
+ /// The upload failed because the upload stream needed to be re-read, due to a
+ /// retry or a redirect, but the upload stream doesn't support that operation.
+ ///
UploadStreamRewindNotSupported = -25,
- // The request failed because the URLRequestContext is shutting down, or has
- // been shut down.
+ ///
+ /// The request failed because the URLRequestContext is shutting down, or has
+ /// been shut down.
+ ///
ContextShutDown = -26,
- // The request failed because the response was delivered along with requirements
- // which are not met ('X-Frame-Options' and 'Content-Security-Policy' ancestor
- // checks and 'Cross-Origin-Resource-Policy', for instance).
+ ///
+ /// The request failed because the response was delivered along with requirements
+ /// which are not met ('X-Frame-Options' and 'Content-Security-Policy' ancestor
+ /// checks and 'Cross-Origin-Resource-Policy', for instance).
+ ///
BlockedByResponse = -27,
// Error -28 was removed (BLOCKED_BY_XSS_AUDITOR).
- // The request was blocked by system policy disallowing some or all cleartext
- // requests. Used for NetworkSecurityPolicy on Android.
+ ///
+ /// The request was blocked by system policy disallowing some or all cleartext
+ /// requests. Used for NetworkSecurityPolicy on Android.
+ ///
CleartextNotPermitted = -29,
+ ///
+ /// The request was blocked by a Content Security Policy
+ ///
+ BlockedByCsp = -30,
+
+ ///
+ /// The request was blocked because of no H/2 or QUIC session.
+ ///
+ H2OrQuicRequired = -31,
+
///
/// A connection was closed (corresponding to a TCP FIN).
///
@@ -218,12 +237,14 @@ public enum CefErrorCode
SslProtocolError = -107,
///
- /// The IP address or port number is invalid (e.g., cannot connect to the IP address 0 or the port 0).
+ /// The IP address or port number is invalid (e.g., cannot connect to the IP
+ /// address 0 or the port 0).
///
AddressInvalid = -108,
///
- /// The IP address is unreachable. This usually means that there is no route to the specified host or network.
+ /// The IP address is unreachable. This usually means that there is no route to
+ /// the specified host or network.
///
AddressUnreachable = -109,
@@ -243,7 +264,8 @@ public enum CefErrorCode
NoSslVersionsEnabled = -112,
///
- /// The client and server don't support a common SSL protocol version or cipher suite.
+ /// The client and server don't support a common SSL protocol version or
+ /// cipher suite.
///
SslVersionOrCipherMismatch = -113,
@@ -297,7 +319,7 @@ public enum CefErrorCode
///
/// The request to negotiate an alternate protocol failed.
///
- NpnNegotiationFailed = -122,
+ AlpnNegotiationFailed = -122,
///
/// The peer sent an SSL no_renegotiation alert message.
@@ -328,12 +350,6 @@ public enum CefErrorCode
///
ProxyAuthRequested = -127,
- ///
- /// A known TLS strict server didn't offer the renegotiation extension.
- ///
- //Removed
- //SslUnsafeNegotiation = -128,
-
// Error -129 was removed (SSL_WEAK_SERVER_EPHEMERAL_DH_KEY).
///
@@ -350,6 +366,8 @@ public enum CefErrorCode
///
MandatoryProxyConfigurationFailed = -131,
+ // -132 was formerly ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION
+
///
/// We've hit the max socket limit for the socket pool while preconnecting. We
/// don't bother trying to preconnect more sockets.
@@ -390,10 +408,13 @@ public enum CefErrorCode
///
/// A request to create an SSL tunnel connection through the HTTPS proxy
- /// received a non-200 (OK) and non-407 (Proxy Auth) response. The response
- /// body might include a description of why the request failed.
+ /// received a 302 (temporary redirect) response. The response body might
+ /// include a description of why the request failed.
+ ///
+ /// TODO(https://crbug.com/928551): This is deprecated and should not be used by
+ /// new code.
///
- HttpsProxyTunnelResponse = -140,
+ HttpsProxyTunnelResponseRedirect = -140,
///
/// We were unable to sign the CertificateVerify data of an SSL client auth
@@ -466,11 +487,7 @@ public enum CefErrorCode
///
WsThrottleQueueTooLarge = -154,
- ///
- /// There are too many active SocketStream instances, so the new connect request
- /// was rejected.
- ///
- TooManySocketStreams = -155,
+ // Error -155 was removed (TOO_MANY_SOCKET_STREAMS)
///
/// The SSL server certificate changed in a renegotiation.
@@ -613,7 +630,7 @@ public enum CefErrorCode
/// TLS-terminating proxy which implemented TLS 1.2 incorrectly. (See
/// https://crbug.com/boringssl/226.)
///
- Tls13DownGradeDetected = -180,
+ Tls13DowngradeDetected = -180,
///
/// The server's certificate has a keyUsage extension incompatible with the
@@ -625,83 +642,99 @@ public enum CefErrorCode
//
// The values of certificate error codes must be consecutive.
- // The server responded with a certificate whose common name did not match
- // the host name. This could mean:
- //
- // 1. An attacker has redirected our traffic to their server and is
- // presenting a certificate for which they know the private key.
- //
- // 2. The server is misconfigured and responding with the wrong cert.
- //
- // 3. The user is on a wireless network and is being redirected to the
- // network's login page.
- //
- // 4. The OS has used a DNS search suffix and the server doesn't have
- // a certificate for the abbreviated name in the address bar.
- //
-
///
- /// The server responded with a certificate whose common name did not match the host name.
- /// This could mean:
- /// 1. An attacker has redirected our traffic to his server and is presenting a certificate
- /// for which he knows the private key.
+ /// The server responded with a certificate whose common name did not match
+ /// the host name. This could mean:
+ ///
+ /// 1. An attacker has redirected our traffic to their server and is
+ /// presenting a certificate for which they know the private key.
+ ///
/// 2. The server is misconfigured and responding with the wrong cert.
- /// 3. The user is on a wireless network and is being redirected to the network's login page.
- /// 4. The OS has used a DNS search suffix and the server doesn't have a certificate for the
- /// abbreviated name in the address bar.
+ ///
+ /// 3. The user is on a wireless network and is being redirected to the
+ /// network's login page.
+ ///
+ /// 4. The OS has used a DNS search suffix and the server doesn't have
+ /// a certificate for the abbreviated name in the address bar.
+ ///
///
CertCommonNameInvalid = -200,
///
- /// The server responded with a certificate that, by our clock, appears to either not yet be valid or to have expired.
- /// This could mean:
- /// 1. An attacker is presenting an old certificate for which he has managed to obtain the private key
+ /// The server responded with a certificate that, by our clock, appears to
+ /// either not yet be valid or to have expired. This could mean:
+ ///
+ /// 1. An attacker is presenting an old certificate for which they have
+ /// managed to obtain the private key.
+ ///
/// 2. The server is misconfigured and is not presenting a valid cert.
+ ///
/// 3. Our clock is wrong.
+ ///
///
CertDateInvalid = -201,
///
- /// The server responded with a certificate that is signed by an authority we don't trust.
- /// The could mean:
+ /// The server responded with a certificate that is signed by an authority
+ /// we don't trust. The could mean:
+ ///
/// 1. An attacker has substituted the real certificate for a cert that
- /// contains his public key and is signed by his cousin.
- /// 2. The server operator has a legitimate certificate from a CA we don't know about, but should trust.
- /// 3. The server is presenting a self-signed certificate, providing no defense against active attackers (but foiling passive attackers).
+ /// contains their public key and is signed by their cousin.
+ ///
+ /// 2. The server operator has a legitimate certificate from a CA we don't
+ /// know about, but should trust.
+ ///
+ /// 3. The server is presenting a self-signed certificate, providing no
+ /// defense against active attackers (but foiling passive attackers).
+ ///
///
CertAuthorityInvalid = -202,
///
- /// The server responded with a certificate that contains errors. This error is not recoverable.
+ /// The server responded with a certificate that contains errors.
+ /// This error is not recoverable.
+ ///
/// MSDN describes this error as follows:
- /// "The SSL certificate contains errors."
+ /// "The SSL certificate contains errors."
/// NOTE: It's unclear how this differs from ERR_CERT_INVALID. For consistency,
/// use that code instead of this one from now on.
+ ///
///
CertContainsErrors = -203,
///
- /// The certificate has no mechanism for determining if it is revoked. In effect, this certificate cannot be revoked.
+ /// The certificate has no mechanism for determining if it is revoked. In
+ /// effect, this certificate cannot be revoked.
///
CertNoRevocationMechanism = -204,
///
- /// Revocation information for the security certificate for this site is not available.
- /// This could mean:
- /// 1. An attacker has compromised the private key in the certificate and is blocking our attempt to
- /// find out that the cert was revoked.
- /// 2. The certificate is unrevoked, but the revocation server is busy or unavailable.
+ /// Revocation information for the security certificate for this site is not
+ /// available. This could mean:
+ ///
+ /// 1. An attacker has compromised the private key in the certificate and is
+ /// blocking our attempt to find out that the cert was revoked.
+ ///
+ /// 2. The certificate is unrevoked, but the revocation server is busy or
+ /// unavailable.
+ ///
///
CertUnableToCheckRevocation = -205,
///
/// The server responded with a certificate has been revoked.
- /// We have the capability to ignore this error, but it is probably not the thing to do.
+ /// We have the capability to ignore this error, but it is probably not the
+ /// thing to do.
///
CertRevoked = -206,
///
- /// The server responded with a certificate that is invalid. This error is not recoverable.
+ /// The server responded with a certificate that is invalid.
+ /// This error is not recoverable.
+ ///
+ /// MSDN describes this error as follows:
+ /// "The SSL certificate is invalid."
+ ///
///
CertInvalid = -207,
@@ -760,12 +793,12 @@ public enum CefErrorCode
///
SslObsoleteVersion = -218,
+ // Add new certificate error codes here.
+ //
+ // Update the value of CERT_END whenever you add a new certificate error
+ // code.
+
///
- /// Add new certificate error codes here.
- ///
- /// Update the value of CERT_END whenever you add a new certificate error
- /// code.
- ///
/// The value immediately past the last certificate error code.
///
CertEnd = -219,
@@ -785,13 +818,19 @@ public enum CefErrorCode
///
UnknownUrlScheme = -302,
+ ///
+ /// Attempting to load an URL resulted in a redirect to an invalid URL.
+ ///
+ InvalidRedirect = -303,
+
///
/// Attempting to load an URL resulted in too many redirects.
///
TooManyRedirects = -310,
///
- /// Attempting to load an URL resulted in an unsafe redirect (e.g., a redirect to file:// is considered unsafe).
+ /// Attempting to load an URL resulted in an unsafe redirect (e.g., a redirect
+ /// to file:// is considered unsafe).
///
UnsafeRedirect = -311,
@@ -819,7 +858,8 @@ public enum CefErrorCode
MethodNotSupported = -322,
///
- /// The response was 407 (Proxy Authentication Required), yet we did not send the request to a proxy.
+ /// The response was 407 (Proxy Authentication Required), yet we did not send
+ /// the request to a proxy.
///
UnexpectedProxyAuth = -323,
@@ -886,9 +926,9 @@ public enum CefErrorCode
NoSupportedProxies = -336,
///
- /// There is a SPDY protocol error.
+ /// There is an HTTP/2 protocol error.
///
- SpdyProtocolError = -337,
+ Http2ProtocolError = -337,
///
/// Credentials could not be established during HTTP Authentication.
@@ -938,10 +978,10 @@ public enum CefErrorCode
ResponseHeadersMultipleContentLength = -346,
///
- /// SPDY Headers have been received, but not all of them - status or version
+ /// HTTP/2 headers have been received, but not all of them - status or version
/// headers are missing, so we're expecting additional frames to complete them.
///
- IncompleteSpdyHeaders = -347,
+ IncompleteHttp2Headers = -347,
///
/// No PAC URL configuration could be retrieved from DHCP. This can indicate
@@ -961,15 +1001,18 @@ public enum CefErrorCode
ResponseHeadersMultipleLocation = -350,
///
- /// SPDY server refused the stream. Client should retry. This should never be a
- /// user-visible error.
+ /// HTTP/2 server refused the request without processing, and sent either a
+ /// GOAWAY frame with error code NO_ERROR and Last-Stream-ID lower than the
+ /// stream id corresponding to the request indicating that this request has not
+ /// been processed yet, or a RST_STREAM frame with error code REFUSED_STREAM.
+ /// Client MAY retry (on a different connection). See RFC7540 Section 8.1.4.
///
- SpdyServerRefusedStream = -351,
+ Http2ServerRefusedStream = -351,
///
- /// SPDY server didn't respond to the PING message.
+ /// HTTP/2 server didn't respond to the PING message.
///
- SpdyPingFailed = -352,
+ Http2PingFailed = -352,
// Obsolete. Kept here to avoid reuse, as the old error can still appear on
// histograms.
@@ -1008,31 +1051,30 @@ public enum CefErrorCode
// NET_ERROR(REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC, -359)
///
- /// Transport security is inadequate for the SPDY version.
+ /// Transport security is inadequate for the HTTP/2 version.
///
- SpdyInadequateTransportSecurity = -360,
+ Http2InadequateTransportSecurity = -360,
///
- /// The peer violated SPDY flow control.
+ /// The peer violated HTTP/2 flow control.
///
- SpdyFlowControlError = -361,
+ Http2FlowControlError = -361,
///
- /// The peer sent an improperly sized SPDY frame.
+ /// The peer sent an improperly sized HTTP/2 frame.
///
- SpdyFrameSizeError = -362,
+ Http2FrameSizeError = -362,
///
- /// Decoding or encoding of compressed SPDY headers failed.
+ /// Decoding or encoding of compressed HTTP/2 headers failed.
///
- SpdyCompressionError = -363,
+ Http2CompressionError = -363,
///
/// Proxy Auth Requested without a valid Client Socket Handle.
///
ProxyAuthRequestedWithNoConnection = -364,
-
///
/// HTTP_1_1_REQUIRED error code received on HTTP/2 session.
///
@@ -1074,13 +1116,13 @@ public enum CefErrorCode
///
/// The pushed stream claimed by the request is no longer available.
///
- Http2PushedStreamNoAvailable = -373,
+ Http2PushedStreamNotAvailable = -373,
///
/// A pushed stream was claimed and later reset by the server. When this happens,
/// the request should be retried.
///
- Http2ClaimedPushStreamResetByServer = -374,
+ Http2ClaimedPushedStreamResetByServer = -374,
///
/// An HTTP transaction was retried too many times due for authentication or
@@ -1122,6 +1164,12 @@ public enum CefErrorCode
///
QuicCertRootNotKnown = -380,
+ ///
+ /// A GOAWAY frame has been received indicating that the request has not been
+ /// processed and is therefore safe to retry on a different connection.
+ ///
+ QuicGoawayRequestCanBeRetried = -381,
+
///
/// The cache does not have the requested entry.
///
@@ -1201,7 +1249,7 @@ public enum CefErrorCode
///
/// The disk cache is unable to open or create this entry.
///
- CacheOpenOrCreateFilure = -413,
+ CacheOpenOrCreateFailure = -413,
///
/// The server's response was insecure (e.g. there was a cert error).
@@ -1209,13 +1257,13 @@ public enum CefErrorCode
InsecureResponse = -501,
///
- /// The server responded to a <keygen> with a generated client cert that we
- /// don't have the matching private key for.
+ /// An attempt to import a client certificate failed, as the user's key
+ /// database lacked a corresponding private key.
///
NoPrivateKeyForCert = -502,
///
- /// An error adding to the OS certificate database (e.g. OS X Keychain).
+ /// An error adding a certificate to the OS certificate database.
///
AddUserCertFailed = -503,
@@ -1229,6 +1277,23 @@ public enum CefErrorCode
///
InvalidWebBundle = -505,
+ ///
+ /// A Trust Tokens protocol operation-executing request failed for one of a
+ /// number of reasons (precondition failure, internal error, bad response).
+ ///
+ TrustTokenOperationFailed = -506,
+
+ ///
+ /// When handling a Trust Tokens protocol operation-executing request, the system
+ /// was able to execute the request's Trust Tokens operation without sending the
+ /// request to its destination: for instance, the results could have been present
+ /// in a local cache (for redemption) or the operation could have been diverted
+ /// to a local provider (for "platform-provided" issuance).
+ ///
+ TrustTokenOperationSuccessWithoutSendingRequest = -507,
+
+ // *** Code -600 is reserved (was FTP_PASV_COMMAND_FAILED). ***
+
///
/// A generic error for failed FTP control connection command.
/// If possible, please use or add a more specific error code.
@@ -1326,11 +1391,7 @@ public enum CefErrorCode
///
KeyGenerationFailed = -710,
- ///
- /// Server-bound certificate generation failed.
- ///
- //Error -711 was removed (ORIGIN_BOUND_CERT_GENERATION_FAILED)
- //OriginBoundCertGenerationFailed = -711,
+ // Error -711 was removed (ORIGIN_BOUND_CERT_GENERATION_FAILED)
///
/// Failure to export private key.
@@ -1347,11 +1408,9 @@ public enum CefErrorCode
///
CertDatabaseChanged = -714,
- ///
- /// Failure to import Channel ID.
- ///
- //Error -715 was removed (CHANNEL_ID_IMPORT_FAILED)
- //ChannelIdImportFailed = -715,
+ // Error -715 was removed (CHANNEL_ID_IMPORT_FAILED)
+
+ // DNS error codes.
///
/// DNS resolver received a malformed response.
@@ -1382,7 +1441,10 @@ public enum CefErrorCode
DnsTimedOut = -803,
///
- /// The entry was not found in cache, for cache-only lookups.
+ /// The entry was not found in cache or other local sources, for lookups where
+ /// only local sources were queried.
+ /// TODO(ericorth): Consider renaming to DNS_LOCAL_MISS or something like that as
+ /// the cache is not necessarily queried either.
///
DnsCacheMiss = -804,
@@ -1401,6 +1463,6 @@ public enum CefErrorCode
///
/// Failed to resolve the hostname of a DNS-over-HTTPS server.
///
- DnsSecureResolverHostnameResolutionFailed = -808
+ DnsSecureResolverHostnameResolutionFailed = -808,
};
}