19 files changed, 177 insertions, 405 deletions

diff --git a/content/content.c b/content/content.c
index dc9805448..385847daf 100644
--- a/content/content.c
+++ b/content/content.c
@@ -176,12 +176,12 @@ nserror content_llcache_callback(llcache_handle *llcache,
 	case LLCACHE_EVENT_ERROR:
 		/** \todo Error page? */
 		c->status = CONTENT_STATUS_ERROR;
-		msg_data.errordata.errorcode = NSERROR_UNKNOWN;
-		msg_data.errordata.errormsg = event->data.msg;
+		msg_data.errordata.errorcode = event->data.error.code;
+		msg_data.errordata.errormsg = event->data.error.msg;
 		content_broadcast(c, CONTENT_MSG_ERROR, &msg_data);
 		break;
 	case LLCACHE_EVENT_PROGRESS:
-		content_set_status(c, event->data.msg);
+		content_set_status(c, event->data.progress_msg);
 		msg_data.explicit_status_text = NULL;
 		content_broadcast(c, CONTENT_MSG_STATUS, &msg_data);
 		break;
@@ -190,13 +190,6 @@ nserror content_llcache_callback(llcache_handle *llcache,
 		msg_data.redirect.to = event->data.redirect.to;
 		content_broadcast(c, CONTENT_MSG_REDIRECT, &msg_data);
 		break;
-	case LLCACHE_EVENT_QUERY:
-	case LLCACHE_EVENT_QUERY_FINISHED:
-		/* Should never happen, because the object can't query once
-		 * it has fetched enough that a migration to content happened.
-		 */
-		NSLOG(netsurf, DEBUG, "Encountered query related events during content handling");
-		break;
 	}
 
 	return error;
diff --git a/content/content.h b/content/content.h
index 6e298e045..a5bf46c61 100644
--- a/content/content.h
+++ b/content/content.h
@@ -61,8 +61,6 @@ typedef enum {
 typedef enum {
 	CONTENT_MSG_LOG,       /**< Content wishes to log something */
 	CONTENT_MSG_SSL_CERTS, /**< Content is from SSL and this is its chain */
-	CONTENT_MSG_QUERY,     /**< Something under the content has a query */
-	CONTENT_MSG_QUERY_FINISHED, /**< Something under the content finished its query */
 	CONTENT_MSG_LOADING,   /**< fetching or converting */
 	CONTENT_MSG_READY,     /**< may be displayed */
 	CONTENT_MSG_DONE,      /**< finished */
@@ -114,10 +112,6 @@ union content_msg_data {
 		const struct ssl_cert_info *certs; /**< The chain */
 		size_t num; /**< The number of certs in the chain */
 	} certs;
-	/** CONTENT_MSG_QUERY - Query from underlying object somewhere */
-	const struct llcache_query_msg *query_msg;
-	/** CONTENT_MSG_QUERY_FINISHED - Query from underlying object finished */
-	void *query_finished_pw;
 	/** CONTENT_MSG_ERROR - Error from content or underlying fetch */
 	struct {
 		nserror errorcode; /**< The error code to convey meaning */
diff --git a/content/handlers/css/css.c b/content/handlers/css/css.c
index 0ca47a2b6..af2a9bc88 100644
--- a/content/handlers/css/css.c
+++ b/content/handlers/css/css.c
@@ -641,14 +641,6 @@ nserror nscss_import(hlcache_handle *handle,
 		error = nscss_import_complete(ctx);
 		/* Already released handle */
 		break;
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		break;
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		break;
 	default:
 		break;
 	}
diff --git a/content/handlers/html/html_css.c b/content/handlers/html/html_css.c
index 37a70fa70..eb80c0e71 100644
--- a/content/handlers/html/html_css.c
+++ b/content/handlers/html/html_css.c
@@ -129,16 +129,6 @@ html_convert_css_callback(hlcache_handle *css,
 		/* Really don't want this to continue after the switch */
 		return NSERROR_OK;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
diff --git a/content/handlers/html/html_object.c b/content/handlers/html/html_object.c
index dc8524499..acd32565b 100644
--- a/content/handlers/html/html_object.c
+++ b/content/handlers/html/html_object.c
@@ -451,16 +451,6 @@ html_object_callback(hlcache_handle *object,
 	}
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
diff --git a/content/handlers/html/html_script.c b/content/handlers/html/html_script.c
index 6e037251c..f7131e2a2 100644
--- a/content/handlers/html/html_script.c
+++ b/content/handlers/html/html_script.c
@@ -193,16 +193,6 @@ convert_script_async_cb(hlcache_handle *script,
 
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
@@ -267,16 +257,6 @@ convert_script_defer_cb(hlcache_handle *script,
 
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
@@ -367,16 +347,6 @@ convert_script_sync_cb(hlcache_handle *script,
 
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
diff --git a/content/hlcache.c b/content/hlcache.c
index d2b612d05..aa782b2e1 100644
--- a/content/hlcache.c
+++ b/content/hlcache.c
@@ -515,8 +515,8 @@ static nserror hlcache_llcache_callback(llcache_handle *handle,
 			hlcache_event hlevent;
 
 			hlevent.type = CONTENT_MSG_ERROR;
-			hlevent.data.errordata.errorcode = NSERROR_UNKNOWN;
-			hlevent.data.errordata.errormsg = event->data.msg;
+			hlevent.data.errordata.errorcode = event->data.error.code;
+			hlevent.data.errordata.errormsg = event->data.error.msg;
 
 			ctx->handle->cb(ctx->handle, &hlevent, ctx->handle->pw);
 		}
@@ -534,28 +534,6 @@ static nserror hlcache_llcache_callback(llcache_handle *handle,
 			ctx->handle->cb(ctx->handle, &hlevent, ctx->handle->pw);
 		}
 		break;
-	case LLCACHE_EVENT_QUERY:
-		if (ctx->handle->cb != NULL) {
-			hlcache_event hlevent;
-
-			hlevent.type = CONTENT_MSG_QUERY;
-			hlevent.data.query_msg = &event->data.query;
-
-			ctx->handle->cb(ctx->handle, &hlevent, ctx->handle->pw);
-		} else {
-			return NSERROR_NOT_IMPLEMENTED;
-		}
-		break;
-	case LLCACHE_EVENT_QUERY_FINISHED:
-		if (ctx->handle->cb != NULL) {
-			hlcache_event hlevent;
-
-			hlevent.type = CONTENT_MSG_QUERY_FINISHED;
-			hlevent.data.query_finished_pw = event->data.query.cb_pw;
-
-			ctx->handle->cb(ctx->handle, &hlevent, ctx->handle->pw);
-		}
-		break;
 	}
 
 	return NSERROR_OK;
diff --git a/content/llcache.c b/content/llcache.c
index b0f22b7fa..07533f15e 100644
--- a/content/llcache.c
+++ b/content/llcache.c
@@ -116,8 +116,6 @@ typedef struct {
 
 	bool tried_with_tls_downgrade;	/**< Whether we've tried TLS <= 1.0 */
 
-	bool outstanding_query;		/**< Waiting for a query response */
-
 	bool tainted_tls;		/**< Whether the TLS transport is tainted */
 } llcache_fetch_ctx;
 
@@ -2004,7 +2002,8 @@ static nserror llcache_fetch_redirect(llcache_object *object,
 		NSLOG(llcache, INFO, "Too many nested redirects");
 
 		event.type = LLCACHE_EVENT_ERROR;
-		event.data.msg = messages_get("BadRedirect");
+		event.data.error.code = NSERROR_BAD_REDIRECT;
+		event.data.error.msg = messages_get("BadRedirect");
 
 		return llcache_send_event_to_users(object, &event);
 	}
@@ -2249,46 +2248,6 @@ llcache_fetch_process_data(llcache_object *object,
 	return NSERROR_OK;
 }
 
-/**
- * Handle a query response
- *
- * \param proceed  Whether to proceed with fetch
- * \param cbpw	   Our context for query
- * \return NSERROR_OK on success, appropriate error otherwise
- */
-static nserror llcache_query_handle_response(bool proceed, void *cbpw)
-{
-	llcache_event event;
-	llcache_object *object = cbpw;
-
-	if (object->fetch.outstanding_query == false) {
-		/* This object has already had its query answered */
-		return NSERROR_OK;
-	}
-
-	object->fetch.outstanding_query = false;
-
-	/* Tell all the users that we're leaving query state */
-	event.type = LLCACHE_EVENT_QUERY_FINISHED;
-	event.data.query.cb_pw = object;
-
-	/* Refetch, using existing fetch parameters, if client allows us to */
-	if (llcache_send_event_to_users(object, &event) == NSERROR_OK && proceed)
-		return llcache_object_refetch(object);
-
-	/* Invalidate cache-control data */
-	llcache_invalidate_cache_control_data(object);
-
-	/* Mark it complete */
-	object->fetch.state = LLCACHE_FETCH_COMPLETE;
-
-	/* Inform client(s) that object fetch failed */
-	event.type = LLCACHE_EVENT_ERROR;
-	/** \todo More appropriate error message */
-	event.data.msg = messages_get("FetchFailed");
-
-	return llcache_send_event_to_users(object, &event);
-}
 
 /**
  * Handle an authentication request
@@ -2320,32 +2279,20 @@ static nserror llcache_fetch_auth(llcache_object *object, const char *realm)
 	auth = urldb_get_auth_details(object->url, realm);
 
 	if (auth == NULL || object->fetch.tried_with_auth == true) {
-		llcache_query query;
 		llcache_event event;
-
 		/* No authentication details, or tried what we had, so ask */
 		object->fetch.tried_with_auth = false;
 
-		/* Emit query for authentication details */
-		query.type = LLCACHE_QUERY_AUTH;
-		query.url = object->url;
-		query.data.auth.realm = realm;
-
-		/* Construct the query event */
-		event.type = LLCACHE_EVENT_QUERY;
-		event.data.query.query = &query;
-		event.data.query.cb = llcache_query_handle_response;
-		event.data.query.cb_pw = object;
+		/* Mark object complete */
+		object->fetch.state = LLCACHE_FETCH_COMPLETE;
 
-		object->fetch.outstanding_query = true;
+		/* Inform client(s) that object fetch failed */
+		event.type = LLCACHE_EVENT_ERROR;
+		/** \todo More appropriate error message */
+		event.data.error.code = NSERROR_BAD_AUTH;
+		event.data.error.msg = messages_get("FetchFailed");
 
 		error = llcache_send_event_to_users(object, &event);
-
-		if (error != NSERROR_OK) {
-			/* do not continue if error querying user */
-			error = llcache_query_handle_response(false,
-							      object);
-		}
 	} else {
 		/* Flag that we've tried to refetch with credentials, so
 		 * that if the fetch fails again, we ask the user again */
@@ -2377,27 +2324,18 @@ static nserror llcache_fetch_cert_error(llcache_object *object)
 
 	/* Only give the user a chance if HSTS isn't in use for this fetch */
 	if (object->fetch.hsts_in_use == false) {
-		llcache_query query;
 		llcache_event event;
 
-		/* Emit query for TLS */
-		query.type = LLCACHE_QUERY_SSL;
-		query.url = object->url;
-
-		/* Construct the query event */
-		event.type = LLCACHE_EVENT_QUERY;
-		event.data.query.query = &query;
-		event.data.query.cb = llcache_query_handle_response;
-		event.data.query.cb_pw = object;
+		/* Mark object complete */
+		object->fetch.state = LLCACHE_FETCH_COMPLETE;
 
-		object->fetch.outstanding_query = true;
+		/* Inform client(s) that object fetch failed */
+		event.type = LLCACHE_EVENT_ERROR;
+		/** \todo More appropriate error message */
+		event.data.error.code = NSERROR_BAD_CERTS;
+		event.data.error.msg = messages_get("FetchFailed");
 
 		error = llcache_send_event_to_users(object, &event);
-
-		if (error != NSERROR_OK) {
-			/* do not continue if error querying user */
-			error = llcache_query_handle_response(false, object);
-		}
 	} else {
 		llcache_event event;
 
@@ -2407,7 +2345,8 @@ static nserror llcache_fetch_cert_error(llcache_object *object)
 		/* Inform client(s) that object fetch failed */
 		event.type = LLCACHE_EVENT_ERROR;
 		/** \todo More appropriate error message */
-		event.data.msg = messages_get("FetchFailed");
+		event.data.error.code = NSERROR_UNKNOWN;
+		event.data.error.msg = messages_get("FetchFailed");
 
 		error = llcache_send_event_to_users(object, &event);
 	}
@@ -2447,7 +2386,8 @@ static nserror llcache_fetch_ssl_error(llcache_object *object)
 		/* Inform client(s) that object fetch failed */
 		event.type = LLCACHE_EVENT_ERROR;
 		/** \todo More appropriate error message */
-		event.data.msg = messages_get("FetchFailed");
+		event.data.error.code = NSERROR_UNKNOWN;
+		event.data.error.msg = messages_get("FetchFailed");
 
 		error = llcache_send_event_to_users(object, &event);
 	} else {
@@ -2502,7 +2442,6 @@ build_candidate_list(struct llcache_object ***lst_out, int *lst_len_out)
 		 */
 		if ((object->candidate_count == 0) &&
 		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false) &&
 		    (object->store_state == LLCACHE_STATE_RAM) &&
 		    (remaining_lifetime > llcache->minimum_lifetime)) {
 			lst[lst_len] = object;
@@ -2862,7 +2801,8 @@ static void llcache_fetch_callback(const fetch_msg *msg, void *p)
 		/** \todo Consider using errorcode for something */
 
 		event.type = LLCACHE_EVENT_ERROR;
-		event.data.msg = msg->data.error;
+		event.data.error.code = NSERROR_UNKNOWN;
+		event.data.error.msg = msg->data.error;
 
 		error = llcache_send_event_to_users(object, &event);
 
@@ -2870,7 +2810,7 @@ static void llcache_fetch_callback(const fetch_msg *msg, void *p)
 	case FETCH_PROGRESS:
 		/* Progress update */
 		event.type = LLCACHE_EVENT_PROGRESS;
-		event.data.msg = msg->data.progress;
+		event.data.progress_msg = msg->data.progress;
 
 		error = llcache_send_event_to_users(object, &event);
 
@@ -3349,8 +3289,7 @@ void llcache_clean(bool purge)
 		/* The candidate count of uncacheable objects is always 0 */
 		if ((object->users == NULL) &&
 		    (object->candidate_count == 0) &&
-		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false)) {
+		    (object->fetch.fetch == NULL)) {
 			NSLOG(llcache, DEBUG, "Discarding uncachable object with no users (%p) %s",
 				    object, nsurl_access(object->url));
 
@@ -3375,7 +3314,6 @@ void llcache_clean(bool purge)
 		if ((object->users == NULL) &&
 		    (object->candidate_count == 0) &&
 		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false) &&
 		    (remaining_lifetime <= 0)) {
 			/* object is stale */
 			NSLOG(llcache, DEBUG, "discarding stale cacheable object with no "
@@ -3416,7 +3354,6 @@ void llcache_clean(bool purge)
 		if ((object->users == NULL) &&
 		    (object->candidate_count == 0) &&
 		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false) &&
 		    (object->store_state == LLCACHE_STATE_DISC)) {
 			guit->llcache->release(object->url, BACKING_STORE_NONE);
 
@@ -3441,7 +3378,6 @@ void llcache_clean(bool purge)
 		if ((object->users == NULL) &&
 		    (object->candidate_count == 0) &&
 		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false) &&
 		    (object->store_state == LLCACHE_STATE_DISC) &&
 		    (object->source_data == NULL)) {
 			NSLOG(llcache, DEBUG,
@@ -3473,7 +3409,6 @@ void llcache_clean(bool purge)
 		if ((object->users == NULL) &&
 		    (object->candidate_count == 0) &&
 		    (object->fetch.fetch == NULL) &&
-		    (object->fetch.outstanding_query == false) &&
 		    (object->store_state == LLCACHE_STATE_RAM)) {
 			NSLOG(llcache, DEBUG,
 			      "discarding fresh object len:%"PRIssizet" age:%ld (%p) %s",
diff --git a/content/llcache.h b/content/llcache.h
index b2577a6c1..8d2411e0a 100644
--- a/content/llcache.h
+++ b/content/llcache.h
@@ -63,44 +63,6 @@ enum llcache_retrieve_flag {
 	LLCACHE_RETRIEVE_STREAM_DATA    = (1 << 3)
 };
 
-/** Low-level cache query types */
-typedef enum {
-	LLCACHE_QUERY_AUTH,		/**< Need authentication details */
-	LLCACHE_QUERY_REDIRECT,		/**< Need permission to redirect */
-	LLCACHE_QUERY_SSL		/**< SSL chain needs inspection */
-} llcache_query_type;
-
-/** Low-level cache query */
-typedef struct {
-	llcache_query_type type;	/**< Type of query */
-
-	nsurl *url;			/**< URL being fetched */
-
-	union {
-		struct {
-			const char *realm;	/**< Authentication realm */
-		} auth;
-
-		struct {
-			const char *target;	/**< Redirect target */
-		} redirect;
-
-		struct {
-			const struct ssl_cert_info *certs;
-			size_t num;		/**< Number of certs in chain */
-		} ssl;
-	} data;
-} llcache_query;
-
-/**
- * Response handler for fetch-related queries
- *
- * \param proceed  Whether to proceed with the fetch or not
- * \param cbpw     Opaque value provided to llcache_query_callback
- * \return NSERROR_OK on success, appropriate error otherwise
- */
-typedef nserror (*llcache_query_response)(bool proceed, void *cbpw);
-
 /** Low-level cache event types */
 typedef enum {
 	LLCACHE_EVENT_GOT_CERTS,        /**< SSL certificates arrived */
@@ -111,22 +73,10 @@ typedef enum {
 	LLCACHE_EVENT_ERROR,		/**< An error occurred during fetch */
 	LLCACHE_EVENT_PROGRESS,		/**< Fetch progress update */
 
-	LLCACHE_EVENT_QUERY,            /**< Fetch has a query and is paused */
-	LLCACHE_EVENT_QUERY_FINISHED,   /**< Fetch had a query, but it is now finished */
-
 	LLCACHE_EVENT_REDIRECT		/**< Fetch URL redirect occured */
 } llcache_event_type;
 
 /**
- * Low-level cache query message
- */
-typedef struct llcache_query_msg {
-	llcache_query *query;    /**< Query information */
-	llcache_query_response cb; /**< Response callback */
-	void *cb_pw; /**< Response callback private word */
-} llcache_query_msg;
-
-/**
  * Low-level cache events.
  *
  * Lifetime of contained information is only for the duration of the event
@@ -139,7 +89,11 @@ typedef struct {
 			const uint8_t *buf;	/**< Buffer of data */
 			size_t len;	/**< Length of buffer, in bytes */
 		} data;			/**< Received data */
-		const char *msg;	/**< Error or progress message */
+		struct {
+			nserror code;		/**< The error code */
+			const char *msg;	/**< Error message */
+		} error;
+		const char *progress_msg;	/**< Progress message */
 		struct {
 			nsurl *from;	/**< Redirect origin */
 			nsurl *to;	/**< Redirect target */
@@ -148,7 +102,6 @@ typedef struct {
 			const struct ssl_cert_info *certs; /**< The chain */
 			size_t num;		/**< Number of certs in chain */
 		} certs;
-		llcache_query_msg query;/**< Query event */
 	} data;				/**< Event data */
 } llcache_event;
 
@@ -164,22 +117,6 @@ typedef nserror (*llcache_handle_callback)(llcache_handle *handle,
 		const llcache_event *event, void *pw);
 
 /**
- * Callback to handle fetch-related queries
- *
- * \param query  Object containing details of query
- * \param pw     Pointer to callback-specific data
- * \param cb     Callback that client should call once query is satisfied
- * \param cbpw   Opaque value to pass into \a cb
- * \return NSERROR_OK on success, appropriate error otherwise
- *
- * \note This callback should return immediately. Once a suitable answer to
- *       the query has been obtained, the provided response callback should be
- *       called. This is intended to be an entirely asynchronous process.
- */
-typedef nserror (*llcache_query_callback)(const llcache_query *query, void *pw,
-		llcache_query_response cb, void *cbpw);
-
-/**
  * Parameters to configure the low level cache backing store.
  */
 struct llcache_store_parameters {
@@ -230,9 +167,6 @@ struct llcache_store_parameters {
  * Parameters to configure the low level cache.
  */
 struct llcache_parameters {
-	llcache_query_callback cb; /**< Query handler for llcache */
-	void *cb_ctx; /**< Pointer to llcache query handler data */
-
 	size_t limit; /**< The target upper bound for the RAM cache size */
 	size_t hysteresis; /**< The hysteresis around the target size */
 
diff --git a/desktop/browser_private.h b/desktop/browser_private.h
index 7e2d7e76d..8838436fb 100644
--- a/desktop/browser_private.h
+++ b/desktop/browser_private.h
@@ -401,12 +401,9 @@ nserror browser_window_history_get_scroll(struct browser_window *bw,
  */
 void browser_window_history_destroy(struct browser_window *bw);
 
-
-/** \todo QUERY - Remove this include */
-#include "content/llcache.h"
-/** \todo QUERY - Remove this import */
-nserror netsurf_llcache_query_handler(
-	const llcache_query *query,
-	void *pw, llcache_query_response cb, void *cbpw);
+/**
+ * Type for handling query responses short-term
+ */
+typedef nserror (*browser_window_query_callback)(bool proceed, void *pw);
 
 #endif
diff --git a/desktop/browser_window.c b/desktop/browser_window.c
index 2adf8a9ca..debb4faf3 100644
--- a/desktop/browser_window.c
+++ b/desktop/browser_window.c
@@ -479,16 +479,6 @@ browser_window_favicon_callback(hlcache_handle *c,
 		}
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		break;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		break;
-
 	default:
 		break;
 	}
@@ -820,6 +810,110 @@ browser_window_content_done(struct browser_window *bw)
 	return NSERROR_OK;
 }
 
+/* Cheeky import for now */
+nserror netsurf__handle_login(const char * realm, nsurl *url,
+			      browser_window_query_callback cb, void *cbpw);
+
+/**
+ * Handle query responses from authentication or SSL requests
+ */
+static nserror
+browser_window__handle_query_response(bool proceed, void *pw)
+{
+	struct browser_window *bw = (struct browser_window *)pw;
+	nserror res = NSERROR_OK;
+
+	if (proceed) {
+		/* We want to restart the request, with the loading
+		 * context
+		 */
+		res = browser_window__navigate_internal(bw, &bw->loading_parameters);
+
+		if (res != NSERROR_OK) {
+			NSLOG(netsurf, WARNING, "Unable to navigate after query proceeds");
+		}
+	}
+
+	return res;
+}
+
+
+/**
+ * Handle errors during content fetch
+ */
+static nserror
+browser_window__handle_error(struct browser_window *bw,
+			     hlcache_handle *c,
+			     const hlcache_event *event)
+{
+	const char *message = event->data.errordata.errormsg;
+	nserror code = event->data.errordata.errorcode;
+	bool do_warning = true;
+	nserror res;
+	nsurl *url = hlcache_handle_get_url(c);
+
+	/* Unexpected OK? */
+	assert(code != NSERROR_OK);
+
+	switch (code) {
+	case NSERROR_BAD_AUTH:
+		do_warning = false;
+		break;
+	case NSERROR_BAD_CERTS:
+		do_warning = false;
+		break;
+	case NSERROR_BAD_REDIRECT:
+		/* The message is already filled out */
+		break;
+	case NSERROR_UNKNOWN:
+		message = messages_get_errorcode(code);
+		break;
+	default:
+		break;
+	}
+
+	if (do_warning) {
+		browser_window_set_status(bw, message);
+		/* Only warn the user about errors in top-level windows */
+		if (bw->browser_window_type == BROWSER_WINDOW_NORMAL) {
+			guit->misc->warning(message, NULL);
+		}
+	}
+
+	if (c == bw->loading_content) {
+		bw->loading_content = NULL;
+	} else if (c == bw->current_content) {
+		bw->current_content = NULL;
+		browser_window_remove_caret(bw, false);
+	}
+
+	hlcache_handle_release(c);
+
+	browser_window_stop_throbber(bw);
+
+	switch (code) {
+	case NSERROR_BAD_AUTH:
+		res = netsurf__handle_login(message, url,
+					    browser_window__handle_query_response,
+					    bw);
+		break;
+	case NSERROR_BAD_CERTS:
+		res = guit->misc->cert_verify(url,
+					      bw->loading_ssl_info.certs,
+					      bw->loading_ssl_info.num,
+					      browser_window__handle_query_response,
+					      bw);
+		if (res != NSERROR_OK) {
+			NSLOG(netsurf, DEBUG, "Unable to start GUI callback for SSL certs");
+		}
+		break;
+	default:
+		break;
+	}
+
+	return NSERROR_OK;
+}
+
 
 /**
  * Browser window content event callback handler.
@@ -885,30 +979,10 @@ browser_window_callback(hlcache_handle *c, const hlcache_event *event, void *pw)
 		res = browser_window_content_done(bw);
 		break;
 
-	case CONTENT_MSG_ERROR: {
-		const char *message = event->data.errordata.errormsg;
-		if (event->data.errordata.errorcode != NSERROR_UNKNOWN) {
-			message = messages_get_errorcode(event->data.errordata.errorcode);
-		}
-
-		browser_window_set_status(bw, message);
-		/* Only warn the user about errors in top-level windows */
-		if (bw->browser_window_type == BROWSER_WINDOW_NORMAL) {
-			guit->misc->warning(message, NULL);
-		}
-
-		if (c == bw->loading_content) {
-			bw->loading_content = NULL;
-		} else if (c == bw->current_content) {
-			bw->current_content = NULL;
-			browser_window_remove_caret(bw, false);
-		}
-
-		hlcache_handle_release(c);
-
-		browser_window_stop_throbber(bw);
+	case CONTENT_MSG_ERROR:
+		res = browser_window__handle_error(bw, c, event);
 		break;
-	}
+
 	case CONTENT_MSG_REDIRECT:
 		if (urldb_add_url(event->data.redirect.from))
 			urldb_update_url_visit_data(event->data.redirect.from);
@@ -1152,26 +1226,6 @@ browser_window_callback(hlcache_handle *c, const hlcache_event *event, void *pw)
 
 		break;
 
-	case CONTENT_MSG_QUERY: {
-		/** \todo QUERY - Decide what is right here */
-		/* For now, we directly invoke the known global handler for queries */
-		llcache_query query = *(event->data.query_msg->query);
-		if (query.type == LLCACHE_QUERY_SSL) {
-			query.data.ssl.certs = &bw->loading_ssl_info.certs[0];
-			query.data.ssl.num = bw->loading_ssl_info.num;
-		}
-
-		return netsurf_llcache_query_handler(
-			&query,
-			NULL,
-			event->data.query_msg->cb,
-			event->data.query_msg->cb_pw);
-		break;
-	}
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		break;
-
 	default:
 		break;
 	}
diff --git a/desktop/download.c b/desktop/download.c
index ba5d9bd65..e17855aa1 100644
--- a/desktop/download.c
+++ b/desktop/download.c
@@ -227,7 +227,7 @@ static nserror download_callback(llcache_handle *handle,
 
 	case LLCACHE_EVENT_ERROR:
 		if (ctx->window != NULL)
-			guit->download->error(ctx->window, event->data.msg);
+			guit->download->error(ctx->window, event->data.error.msg);
 		else
 			download_context_destroy(ctx);
 
@@ -238,13 +238,6 @@ static nserror download_callback(llcache_handle *handle,
 
 	case LLCACHE_EVENT_REDIRECT:
 		break;
-	case LLCACHE_EVENT_QUERY:
-	case LLCACHE_EVENT_QUERY_FINISHED:
-		/* It's *POSSIBLE* we might have to handle these here
-		 * but how?
-		 */
-		NSLOG(netsurf, DEBUG, "Encountered query related events during download handling");
-		return NSERROR_NOT_IMPLEMENTED;
 	}
 
 	return error;
diff --git a/desktop/netsurf.c b/desktop/netsurf.c
index 041e98aa7..706ca7be0 100644
--- a/desktop/netsurf.c
+++ b/desktop/netsurf.c
@@ -194,7 +194,7 @@ struct auth_data {
 	char *realm;
 	nsurl *url;
 
-	llcache_query_response cb;
+	browser_window_query_callback cb;
 	void *pw;
 };
 
@@ -235,6 +235,9 @@ static nserror netsurf__handle_login_response(
 	return err;
 }
 
+/* Cheeky */
+nserror netsurf__handle_login(const char * realm, nsurl *url,
+			      browser_window_query_callback cb, void *cbpw);
 /**
  * Helper for getting front end to handle logins.
  *
@@ -244,8 +247,8 @@ static nserror netsurf__handle_login_response(
  * \param[in] cbpw   Private data for continuation
  * \return NSERROR_OK, or appropriate error code.
  */
-static nserror netsurf__handle_login(const llcache_query *query,
-		void *pw, llcache_query_response cb, void *cbpw)
+nserror netsurf__handle_login(const char * realm, nsurl *url,
+			      browser_window_query_callback cb, void *cbpw)
 {
 	struct auth_data *ctx;
 	char *username;
@@ -253,19 +256,19 @@ static nserror netsurf__handle_login(const llcache_query *query,
 	nserror err;
 
 	NSLOG(llcache, INFO, "HTTP Auth for: %s: %s",
-			query->data.auth.realm, nsurl_access(query->url));
+			realm, nsurl_access(url));
 
 	ctx = malloc(sizeof(*ctx));
 	if (ctx == NULL) {
 		return NSERROR_NOMEM;
 	}
 
-	ctx->realm = strdup(query->data.auth.realm);
+	ctx->realm = strdup(realm);
 	if (ctx->realm == NULL) {
 		free(ctx);
 		return NSERROR_NOMEM;
 	}
-	ctx->url = nsurl_ref(query->url);
+	ctx->url = nsurl_ref(url);
 	ctx->cb = cb;
 	ctx->pw = cbpw;
 
@@ -294,43 +297,6 @@ static nserror netsurf__handle_login(const llcache_query *query,
 	return NSERROR_OK;
 }
 
-/**
- * Dispatch a low-level cache query to the frontend
- *
- * \todo QUERY - This should end up as part of browser_window_callback
- *
- * NOTE: Right now this is exported so that it can be invoked from the
- * browser window callback
- *
- * \param query  Query descriptor
- * \param pw     Private data
- * \param cb     Continuation callback
- * \param cbpw   Private data for continuation
- * \return NSERROR_OK
- */
-nserror netsurf_llcache_query_handler(const llcache_query *query,
-		void *pw, llcache_query_response cb, void *cbpw)
-{
-	nserror res = NSERROR_OK;
-
-	switch (query->type) {
-	case LLCACHE_QUERY_AUTH:
-		res = netsurf__handle_login(query, pw, cb, cbpw);
-		break;
-
-	case LLCACHE_QUERY_REDIRECT:
-		/** \todo Need redirect query dialog */
-		/* For now, do nothing, as this query type isn't emitted yet */
-		break;
-
-	case LLCACHE_QUERY_SSL:
-		res = guit->misc->cert_verify(query->url, query->data.ssl.certs,
-				query->data.ssl.num, cb, cbpw);
-		break;
-	}
-
-	return res;
-}
 
 /* exported interface documented in netsurf/netsurf.h */
 nserror netsurf_init(const char *store_path)
@@ -339,7 +305,6 @@ nserror netsurf_init(const char *store_path)
 	struct hlcache_parameters hlcache_parameters = {
 		.bg_clean_time = HL_CACHE_CLEAN_TIME,
 		.llcache = {
-			.cb = netsurf_llcache_query_handler,
 			.minimum_lifetime = LLCACHE_STORE_MIN_LIFETIME,
 			.minimum_bandwidth = LLCACHE_STORE_MIN_BANDWIDTH,
 			.maximum_bandwidth = LLCACHE_STORE_MAX_BANDWIDTH,
diff --git a/desktop/searchweb.c b/desktop/searchweb.c
index de38ef191..91a8118ca 100644
--- a/desktop/searchweb.c
+++ b/desktop/searchweb.c
@@ -305,16 +305,6 @@ search_web_ico_callback(hlcache_handle *ico,
 		provider->ico_handle = NULL;
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
@@ -473,16 +463,6 @@ default_ico_callback(hlcache_handle *ico,
 		ctx->default_ico_handle = NULL;
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
diff --git a/desktop/sslcert_viewer.c b/desktop/sslcert_viewer.c
index 2936e89e6..4d8725757 100644
--- a/desktop/sslcert_viewer.c
+++ b/desktop/sslcert_viewer.c
@@ -49,6 +49,7 @@ enum sslcert_viewer_field {
 	SSLCERT_V_N_FIELDS
 };
 
+typedef nserror (*response_cb)(bool proceed, void *pw);
 
 /**
  * ssl certificate verification context.
@@ -57,7 +58,7 @@ struct sslcert_session_data {
 	struct ssl_cert_info *certs; /**< Certificates */
 	unsigned long num;		/**< Number of certificates in chain */
 	nsurl *url;			/**< The url of the certificate */
-	llcache_query_response cb;	/**< Cert accept/reject callback */
+	response_cb cb;			/**< Cert accept/reject callback */
 	void *cbpw;			/**< Context passed to callback */
 
 	treeview *tree;			/**< The treeview object */
@@ -476,8 +477,8 @@ nserror sslcert_viewer_fini(struct sslcert_session_data *ssl_d)
 /* Exported interface, documented in sslcert_viewer.h */
 nserror
 sslcert_viewer_create_session_data(unsigned long num,
-				   nsurl *url,
-				   llcache_query_response cb,
+				   struct nsurl *url,
+				   nserror (*cb)(bool proceed, void *pw),
 				   void *cbpw,
 				   const struct ssl_cert_info *certs,
 				   struct sslcert_session_data **ssl_d)
diff --git a/desktop/sslcert_viewer.h b/desktop/sslcert_viewer.h
index 9a57b965c..6955e0167 100644
--- a/desktop/sslcert_viewer.h
+++ b/desktop/sslcert_viewer.h
@@ -25,13 +25,14 @@
 #ifndef NETSURF_DESKTOP_SSLCERT_VIEWER_H
 #define NETSURF_DESKTOP_SSLCERT_VIEWER_H
 
-#include "content/llcache.h"
 #include "netsurf/mouse.h"
 
 struct sslcert_session_data;
 struct redraw_context;
 struct core_window_callback_table;
 struct rect;
+struct nsurl;
+struct ssl_cert_info;
 
 /**
  * Create ssl certificate viewer session data.
@@ -48,7 +49,7 @@ struct rect;
  * sslcert_viewer_fini destroys the session data.
  */
 nserror sslcert_viewer_create_session_data(
-		unsigned long num, nsurl *url, llcache_query_response cb,
+		unsigned long num, struct nsurl *url, nserror (*cb)(bool proceed, void *pw),
 		void *cbpw, const struct ssl_cert_info *certs,
 		struct sslcert_session_data **ssl_d);
 
diff --git a/desktop/treeview.c b/desktop/treeview.c
index 22df7c964..258b54a52 100644
--- a/desktop/treeview.c
+++ b/desktop/treeview.c
@@ -4947,16 +4947,6 @@ treeview_res_cb(struct hlcache_handle *handle,
 		r->height = content_get_height(handle);
 		break;
 
-	case CONTENT_MSG_QUERY:
-		/** \todo QUERY - Decide what is right here */
-		/* For now, the only safe decision is to cancel the fetch */
-		event->data.query_msg->cb(false, event->data.query_msg->cb_pw);
-		return NSERROR_OK;
-
-	case CONTENT_MSG_QUERY_FINISHED:
-		/** \todo QUERY - Decide what is right here */
-		return NSERROR_OK;
-
 	default:
 		break;
 	}
diff --git a/utils/errors.h b/utils/errors.h
index 9a0a9bc04..a54351530 100644
--- a/utils/errors.h
+++ b/utils/errors.h
@@ -59,6 +59,9 @@ typedef enum {
 	NSERROR_NOSPACE,                /**< Insufficient space */
 	NSERROR_BAD_SIZE,               /**< Bad size */
 	NSERROR_NOT_IMPLEMENTED,        /**< Functionality is not implemented */
+	NSERROR_BAD_REDIRECT,           /**< Fetch encountered a bad redirect */
+	NSERROR_BAD_AUTH,               /**< Fetch needs authentication data */
+	NSERROR_BAD_CERTS,              /**< Fetch needs certificate chain check */
 } nserror;
 
 #endif
diff --git a/utils/messages.c b/utils/messages.c
index 2e22cc731..5beeba38d 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -321,6 +321,18 @@ const char *messages_get_errorcode(nserror code)
 	case NSERROR_UNKNOWN:
 		/* Unknown error */
 		return messages_get_ctx("Unknown", messages_hash);
+
+	case NSERROR_BAD_AUTH:
+		/* Authentication required */
+		return messages_get_ctx("BadAuth", messages_hash);
+
+	case NSERROR_BAD_REDIRECT:
+		/* To many redirects */
+		return messages_get_ctx("TooManyRedirects", messages_hash);
+
+	case NSERROR_BAD_CERTS:
+		/* Certificate chain verification failure */
+		return messages_get_ctx("CertificateVerificationNeeded", messages_hash);
 	}
 
 	/* The switch has no default, so the compiler should tell us when we