Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-27 21:00:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge m-c to m-i

Browse Source
This commit is contained in:
Phil Ringnalda 2017-02-20 20:34:02 -08:00
commit 0618bc2eb0
77 changed files with 15609 additions and 14394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
browser/app/profile/firefox.js
View File

@ -1535,8 +1535,9 @@ pref("browser.migrate.automigrate.enabled", false);
pref("browser.migrate.automigrate.daysToOfferUndo", 4);
pref("browser.migrate.automigrate.ui.enabled", true);
pref("browser.migrate.chrome.history.limit", 0);
pref("browser.migrate.chrome.history.maxAgeInDays", 0);
// See comments in bug 1340115 on how we got to these numbers.
pref("browser.migrate.chrome.history.limit", 2000);
pref("browser.migrate.chrome.history.maxAgeInDays", 180);
// Enable browser frames for use on desktop. Only exposed to chrome callers.
pref("dom.mozBrowserFramesEnabled", true);

71
browser/base/content/browser.js
View File

@ -6463,49 +6463,52 @@ var MailIntegration = {
function BrowserOpenAddonsMgr(aView) {
return new Promise(resolve => {
if (aView) {
let emWindow;
let browserWindow;
let emWindow;
let browserWindow;
var receivePong = function(aSubject, aTopic, aData) {
let browserWin = aSubject.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIWebNavigation)
.QueryInterface(Ci.nsIDocShellTreeItem)
.rootTreeItem
.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIDOMWindow);
if (!emWindow || browserWin == window /* favor the current window */) {
emWindow = aSubject;
browserWindow = browserWin;
}
var receivePong = function(aSubject, aTopic, aData) {
let browserWin = aSubject.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIWebNavigation)
.QueryInterface(Ci.nsIDocShellTreeItem)
.rootTreeItem
.QueryInterface(Ci.nsIInterfaceRequestor)
.getInterface(Ci.nsIDOMWindow);
if (!emWindow || browserWin == window /* favor the current window */) {
emWindow = aSubject;
browserWindow = browserWin;
}
Services.obs.addObserver(receivePong, "EM-pong", false);
Services.obs.notifyObservers(null, "EM-ping", "");
Services.obs.removeObserver(receivePong, "EM-pong");
}
Services.obs.addObserver(receivePong, "EM-pong", false);
Services.obs.notifyObservers(null, "EM-ping", "");
Services.obs.removeObserver(receivePong, "EM-pong");
if (emWindow) {
if (emWindow) {
if (aView) {
emWindow.loadView(aView);
browserWindow.gBrowser.selectedTab =
browserWindow.gBrowser._getTabForContentWindow(emWindow);
emWindow.focus();
resolve(emWindow);
return;
}
browserWindow.gBrowser.selectedTab =
browserWindow.gBrowser._getTabForContentWindow(emWindow);
emWindow.focus();
resolve(emWindow);
return;
}
switchToTabHavingURI("about:addons", true);
// This must be a new load, else the ping/pong would have
// found the window above.
let whereToOpen = (window.gBrowser && isTabEmpty(gBrowser.selectedTab)) ?
"current" :
"tab";
openUILinkIn("about:addons", whereToOpen);
if (aView) {
// This must be a new load, else the ping/pong would have
// found the window above.
Services.obs.addObserver(function observer(aSubject, aTopic, aData) {
Services.obs.removeObserver(observer, aTopic);
Services.obs.addObserver(function observer(aSubject, aTopic, aData) {
Services.obs.removeObserver(observer, aTopic);
if (aView) {
aSubject.loadView(aView);
resolve(aSubject);
}, "EM-loaded", false);
} else {
resolve();
}
}
aSubject.QueryInterface(Ci.nsIDOMWindow);
aSubject.focus();
resolve(aSubject);
}, "EM-loaded", false);
});
}

11
docshell/base/nsDocShell.cpp
View File

@ -4994,6 +4994,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
// 12.1, HPKP draft spec section 2.6).
uint32_t flags =
UsePrivateBrowsing() ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
OriginAttributes originAttributes;
originAttributes.Inherit(mOriginAttributes);
bool isStsHost = false;
bool isPinnedHost = false;
if (XRE_IsParentProcess()) {
@ -5001,10 +5003,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI,
flags, nullptr, &isStsHost);
flags, originAttributes, nullptr, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP, aURI,
flags, nullptr, &isPinnedHost);
flags, originAttributes, nullptr,
&isPinnedHost);
NS_ENSURE_SUCCESS(rv, rv);
} else {
mozilla::dom::ContentChild* cc =
@ -5012,9 +5015,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
mozilla::ipc::URIParams uri;
SerializeURI(aURI, uri);
cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, flags,
&isStsHost);
originAttributes, &isStsHost);
cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HPKP, uri, flags,
&isPinnedHost);
originAttributes, &isPinnedHost);
}
if (Preferences::GetBool(

3
dom/base/nsGkAtomList.h
View File

@ -1962,6 +1962,9 @@ GK_ATOM(onmozinterruptend, "onmozinterruptend")
// MediaDevices device change event
GK_ATOM(ondevicechange, "ondevicechange")
// HTML element attributes that only exposed to XBL and chrome content
GK_ATOM(mozinputrangeignorepreventdefault, "mozinputrangeignorepreventdefault")
//---------------------------------------------------------------------------
// Special atoms
//---------------------------------------------------------------------------

3
dom/html/HTMLInputElement.cpp
View File

@ -4924,7 +4924,8 @@ HTMLInputElement::PostHandleEventForRangeThumb(EventChainPostVisitor& aVisitor)
{
MOZ_ASSERT(mType == NS_FORM_INPUT_RANGE);
if (nsEventStatus_eConsumeNoDefault == aVisitor.mEventStatus ||
if ((nsEventStatus_eConsumeNoDefault == aVisitor.mEventStatus &&
!MozInputRangeIgnorePreventDefault()) ||
!(aVisitor.mEvent->mClass == eMouseEventClass ||
aVisitor.mEvent->mClass == eTouchEventClass ||
aVisitor.mEvent->mClass == eKeyboardEventClass)) {

8
dom/html/HTMLInputElement.h
View File

@ -782,6 +782,12 @@ public:
void MozSetFileArray(const Sequence<OwningNonNull<File>>& aFiles);
void MozSetDirectory(const nsAString& aDirectoryPath, ErrorResult& aRv);
bool MozInputRangeIgnorePreventDefault() const
{
return (IsInChromeDocument() || IsInNativeAnonymousSubtree()) &&
GetBoolAttr(nsGkAtoms::mozinputrangeignorepreventdefault);
}
/*
* The following functions are called from datetime picker to let input box
* know the current state of the picker or to update the input box on changes.
@ -1468,7 +1474,7 @@ protected:
void ClearGetFilesHelpers();
/**
* nsINode::SetMayBeApzAware() will be invoked in this function if necessary
* nsINode::SetMayBeApzAware() will be invoked in this function if necessary
* to prevent default action of APZC so that we can increase/decrease the
* value of this InputElement when mouse wheel event comes without scrolling
* the page.

1
dom/html/test/forms/chrome.ini
View File

@ -3,3 +3,4 @@ support-files =
submit_invalid_file.sjs
[test_autocompleteinfo.html]
[test_submit_invalid_file.html]
[test_input_range_mozinputrangeignorepreventdefault_chrome.html]

1
dom/html/test/forms/mochitest.ini
View File

@ -60,6 +60,7 @@ skip-if = os == "android"
[test_input_range_attr_order.html]
[test_input_range_key_events.html]
[test_input_range_mouse_and_touch_events.html]
[test_input_range_mozinputrangeignorepreventdefault.html]
[test_input_range_rounding.html]
[test_input_sanitization.html]
[test_input_textarea_set_value_no_scroll.html]

94
dom/html/test/forms/test_input_range_mozinputrangeignorepreventdefault.html Normal file
View File

@ -0,0 +1,94 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1338961
-->
<head>
<title>Test mouse and touch events for range</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
/* synthesizeMouse and synthesizeFunc uses getBoundingClientRect. We set
* the following properties to avoid fractional values in the rect returned
* by getBoundingClientRect in order to avoid rounding that would occur
* when event coordinates are internally converted to be relative to the
* top-left of the element. (Such rounding would make it difficult to
* predict exactly what value the input should take on for events at
* certain coordinates.)
*/
input { margin: 0 ! important; width: 200px ! important; }
</style>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1338961">Mozilla Bug 1338961</a>
<p id="display"></p>
<div id="content">
<input id="range" type="range" mozinputrangeignorepreventdefault="true">
</div>
<pre id="test">
<script type="application/javascript">
/**
* Test for Bug 1338961
* This test ensures mozinputrangeignorepreventdefault has no effect in
* content html.
**/
SimpleTest.waitForExplicitFinish();
SimpleTest.waitForFocus(function() {
test(synthesizeMouse, "click", "mousedown", "mousemove", "mouseup");
test(synthesizeTouch, "tap", "touchstart", "touchmove", "touchend");
SimpleTest.finish();
});
function flush() {
// Flush style, specifically to flush the 'direction' property so that the
// browser uses the new value for thumb positioning.
var flush = document.body.clientWidth;
}
const QUARTER_OF_RANGE = "25";
function test(synthesizeFunc, clickOrTap, startName, moveName, endName) {
var elem = document.getElementById("range");
elem.focus();
flush();
var width = parseFloat(window.getComputedStyle(elem).width);
var height = parseFloat(window.getComputedStyle(elem).height);
var borderLeft = parseFloat(window.getComputedStyle(elem).borderLeftWidth);
var borderTop = parseFloat(window.getComputedStyle(elem).borderTopWidth);
var paddingLeft = parseFloat(window.getComputedStyle(elem).paddingLeft);
var paddingTop = parseFloat(window.getComputedStyle(elem).paddingTop);
// Extrema for mouse/touch events:
var midY = height / 2 + borderTop + paddingTop;
var minX = borderLeft + paddingLeft;
var midX = minX + width / 2;
var maxX = minX + width;
function preventDefault(e) {
e.preventDefault();
}
// Test that preventDefault() works:
elem.value = QUARTER_OF_RANGE;
elem.addEventListener(startName, preventDefault);
synthesizeFunc(elem, midX, midY, {});
is(elem.value, QUARTER_OF_RANGE, "Test that preventDefault() works");
elem.removeEventListener(startName, preventDefault);
// Test that preventDefault() on the parent node works:
elem.value = QUARTER_OF_RANGE;
elem.parentNode.addEventListener(startName, preventDefault);
synthesizeFunc(elem, midX, midY, {});
is(elem.value, QUARTER_OF_RANGE, "Test that preventDefault() on the parent node works");
elem.parentNode.removeEventListener(startName, preventDefault);
}
</script>
</pre>
</body>
</html>

95
dom/html/test/forms/test_input_range_mozinputrangeignorepreventdefault_chrome.html Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1338961
-->
<head>
<title>Test mouse and touch events for range</title>
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
/* synthesizeMouse and synthesizeFunc uses getBoundingClientRect. We set
* the following properties to avoid fractional values in the rect returned
* by getBoundingClientRect in order to avoid rounding that would occur
* when event coordinates are internally converted to be relative to the
* top-left of the element. (Such rounding would make it difficult to
* predict exactly what value the input should take on for events at
* certain coordinates.)
*/
input { margin: 0 ! important; width: 200px ! important; }
</style>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1338961">Mozilla Bug 1338961</a>
<p id="display"></p>
<div id="content">
<input id="range" type="range" mozinputrangeignorepreventdefault="true">
</div>
<pre id="test">
<script type="application/javascript">
/**
* Test for Bug 1338961
* This test ensures mozinputrangeignorepreventdefault has it's desired effect in
* chrome html.
**/
SimpleTest.waitForExplicitFinish();
SimpleTest.waitForFocus(function() {
test(synthesizeMouse, "click", "mousedown", "mousemove", "mouseup");
test(synthesizeTouch, "tap", "touchstart", "touchmove", "touchend");
SimpleTest.finish();
});
function flush() {
// Flush style, specifically to flush the 'direction' property so that the
// browser uses the new value for thumb positioning.
var flush = document.body.clientWidth;
}
const MIDDLE_OF_RANGE = "50";
const QUARTER_OF_RANGE = "25";
function test(synthesizeFunc, clickOrTap, startName, moveName, endName) {
var elem = document.getElementById("range");
elem.focus();
flush();
var width = parseFloat(window.getComputedStyle(elem).width);
var height = parseFloat(window.getComputedStyle(elem).height);
var borderLeft = parseFloat(window.getComputedStyle(elem).borderLeftWidth);
var borderTop = parseFloat(window.getComputedStyle(elem).borderTopWidth);
var paddingLeft = parseFloat(window.getComputedStyle(elem).paddingLeft);
var paddingTop = parseFloat(window.getComputedStyle(elem).paddingTop);
// Extrema for mouse/touch events:
var midY = height / 2 + borderTop + paddingTop;
var minX = borderLeft + paddingLeft;
var midX = minX + width / 2;
var maxX = minX + width;
function preventDefault(e) {
e.preventDefault();
}
// Test that preventDefault() is ignored:
elem.value = QUARTER_OF_RANGE;
elem.addEventListener(startName, preventDefault);
synthesizeFunc(elem, midX, midY, {});
is(elem.value, MIDDLE_OF_RANGE, "Test that preventDefault() is ignored");
elem.removeEventListener(startName, preventDefault);
// Test that preventDefault() on the parent node works:
elem.value = QUARTER_OF_RANGE;
elem.parentNode.addEventListener(startName, preventDefault);
synthesizeFunc(elem, midX, midY, {});
is(elem.value, MIDDLE_OF_RANGE, "Test that preventDefault() on the parent node is ignored");
elem.parentNode.removeEventListener(startName, preventDefault);
}
</script>
</pre>
</body>
</html>

19
dom/ipc/ContentParent.cpp
View File

@ -3370,20 +3370,22 @@ ContentParent::RecvNSSU2FTokenSign(nsTArray<uint8_t>&& aApplication,
}
mozilla::ipc::IPCResult
ContentParent::RecvIsSecureURI(const uint32_t& type,
const URIParams& uri,
const uint32_t& flags,
bool* isSecureURI)
ContentParent::RecvIsSecureURI(const uint32_t& aType,
const URIParams& aURI,
const uint32_t& aFlags,
const OriginAttributes& aOriginAttributes,
bool* aIsSecureURI)
{
nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
if (!sss) {
return IPC_FAIL_NO_REASON(this);
}
nsCOMPtr<nsIURI> ourURI = DeserializeURI(uri);
nsCOMPtr<nsIURI> ourURI = DeserializeURI(aURI);
if (!ourURI) {
return IPC_FAIL_NO_REASON(this);
}
nsresult rv = sss->IsSecureURI(type, ourURI, flags, nullptr, isSecureURI);
nsresult rv = sss->IsSecureURI(aType, ourURI, aFlags, aOriginAttributes, nullptr,
aIsSecureURI);
if (NS_FAILED(rv)) {
return IPC_FAIL_NO_REASON(this);
}
@ -3391,13 +3393,14 @@ ContentParent::RecvIsSecureURI(const uint32_t& type,
}
mozilla::ipc::IPCResult
ContentParent::RecvAccumulateMixedContentHSTS(const URIParams& aURI, const bool& aActive, const bool& aHSTSPriming)
ContentParent::RecvAccumulateMixedContentHSTS(const URIParams& aURI, const bool& aActive, const bool& aHSTSPriming,
const OriginAttributes& aOriginAttributes)
{
nsCOMPtr<nsIURI> ourURI = DeserializeURI(aURI);
if (!ourURI) {
return IPC_FAIL_NO_REASON(this);
}
nsMixedContentBlocker::AccumulateMixedContentHSTS(ourURI, aActive, aHSTSPriming);
nsMixedContentBlocker::AccumulateMixedContentHSTS(ourURI, aActive, aHSTSPriming, aOriginAttributes);
return IPC_OK();
}

7
dom/ipc/ContentParent.h
View File

@ -812,11 +812,14 @@ private:
nsTArray<uint8_t>* aSignature) override;
virtual mozilla::ipc::IPCResult RecvIsSecureURI(const uint32_t& aType, const URIParams& aURI,
const uint32_t& aFlags, bool* aIsSecureURI) override;
const uint32_t& aFlags,
const OriginAttributes& aOriginAttributes,
bool* aIsSecureURI) override;
virtual mozilla::ipc::IPCResult RecvAccumulateMixedContentHSTS(const URIParams& aURI,
const bool& aActive,
const bool& aHSTSPriming) override;
const bool& aHSTSPriming,
const OriginAttributes& aOriginAttributes) override;
virtual bool DeallocPHalParent(PHalParent*) override;

6
dom/ipc/PContent.ipdl
View File

@ -796,10 +796,12 @@ parent:
uint8_t[] keyHandle)
returns (uint8_t[] signature);
sync IsSecureURI(uint32_t type, URIParams uri, uint32_t flags)
sync IsSecureURI(uint32_t aType, URIParams aURI, uint32_t aFlags,
OriginAttributes aOriginAttributes)
returns (bool isSecureURI);
async AccumulateMixedContentHSTS(URIParams uri, bool active, bool hasHSTSPriming);
async AccumulateMixedContentHSTS(URIParams aURI, bool aActive, bool aHasHSTSPriming,
OriginAttributes aOriginAttributes);
nested(inside_cpow) async PHal();

108
dom/media/webm/WebMDemuxer.cpp
View File

@ -566,7 +566,7 @@ WebMDemuxer::GetTrackCrypto(TrackInfo::TrackType aType, size_t aTrackNumber)
return crypto;
}
bool
nsresult
WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
MediaRawDataQueue *aSamples)
{
@ -575,17 +575,18 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
EnsureUpToDateIndex();
}
RefPtr<NesteggPacketHolder> holder(NextPacket(aType));
RefPtr<NesteggPacketHolder> holder;
nsresult rv = NextPacket(aType, holder);
if (!holder) {
return false;
if (NS_FAILED(rv)) {
return rv;
}
int r = 0;
unsigned int count = 0;
r = nestegg_packet_count(holder->Packet(), &count);
if (r == -1) {
return false;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
int64_t tstamp = holder->Timestamp();
int64_t duration = holder->Duration();
@ -596,7 +597,11 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
// video frame.
int64_t next_tstamp = INT64_MIN;
if (aType == TrackInfo::kAudioTrack) {
RefPtr<NesteggPacketHolder> next_holder(NextPacket(aType));
RefPtr<NesteggPacketHolder> next_holder;
rv = NextPacket(aType, next_holder);
if (NS_FAILED(rv) && rv != NS_ERROR_DOM_MEDIA_END_OF_STREAM) {
return rv;
}
if (next_holder) {
next_tstamp = next_holder->Timestamp();
PushAudioPacket(next_holder);
@ -611,7 +616,11 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
}
mLastAudioFrameTime = Some(tstamp);
} else if (aType == TrackInfo::kVideoTrack) {
RefPtr<NesteggPacketHolder> next_holder(NextPacket(aType));
RefPtr<NesteggPacketHolder> next_holder;
rv = NextPacket(aType, next_holder);
if (NS_FAILED(rv) && rv != NS_ERROR_DOM_MEDIA_END_OF_STREAM) {
return rv;
}
if (next_holder) {
next_tstamp = next_holder->Timestamp();
PushVideoPacket(next_holder);
@ -628,7 +637,7 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
}
if (mIsMediaSource && next_tstamp == INT64_MIN) {
return false;
return NS_ERROR_DOM_MEDIA_END_OF_STREAM;
}
int64_t discardPadding = 0;
@ -644,7 +653,7 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
r = nestegg_packet_data(holder->Packet(), i, &data, &length);
if (r == -1) {
WEBM_DEBUG("nestegg_packet_data failed r=%d", r);
return false;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
unsigned char* alphaData;
size_t alphaLength = 0;
@ -706,13 +715,13 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
sample = new MediaRawData(data, length, alphaData, alphaLength);
if ((length && !sample->Data()) || (alphaLength && !sample->AlphaData())) {
// OOM.
return false;
return NS_ERROR_OUT_OF_MEMORY;
}
} else {
sample = new MediaRawData(data, length);
if (length && !sample->Data()) {
// OOM.
return false;
return NS_ERROR_OUT_OF_MEMORY;
}
}
sample->mTimecode = tstamp;
@ -831,11 +840,12 @@ WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
}
aSamples->Push(sample);
}
return true;
return NS_OK;
}
RefPtr<NesteggPacketHolder>
WebMDemuxer::NextPacket(TrackInfo::TrackType aType)
nsresult
WebMDemuxer::NextPacket(TrackInfo::TrackType aType,
RefPtr<NesteggPacketHolder>& aPacket)
{
bool isVideo = aType == TrackInfo::kVideoTrack;
@ -844,56 +854,64 @@ WebMDemuxer::NextPacket(TrackInfo::TrackType aType)
bool hasType = isVideo ? mHasVideo : mHasAudio;
if (!hasType) {
return nullptr;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
// The packet queue for the type that we are interested in.
WebMPacketQueue &packets = isVideo ? mVideoPackets : mAudioPackets;
if (packets.GetSize() > 0) {
return packets.PopFront();
aPacket = packets.PopFront();
return NS_OK;
}
// Track we are interested in
uint32_t ourTrack = isVideo ? mVideoTrack : mAudioTrack;
do {
RefPtr<NesteggPacketHolder> holder = DemuxPacket(aType);
RefPtr<NesteggPacketHolder> holder;
nsresult rv = DemuxPacket(aType, holder);
if (NS_FAILED(rv)) {
return rv;
}
if (!holder) {
return nullptr;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
if (ourTrack == holder->Track()) {
return holder;
aPacket = holder;
return NS_OK;
}
} while (true);
}
RefPtr<NesteggPacketHolder>
WebMDemuxer::DemuxPacket(TrackInfo::TrackType aType)
nsresult
WebMDemuxer::DemuxPacket(TrackInfo::TrackType aType,
RefPtr<NesteggPacketHolder>& aPacket)
{
nestegg_packet* packet;
int r = nestegg_read_packet(Context(aType), &packet);
if (r == 0) {
nestegg_read_reset(Context(aType));
return nullptr;
return NS_ERROR_DOM_MEDIA_END_OF_STREAM;
} else if (r < 0) {
return nullptr;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
unsigned int track = 0;
r = nestegg_packet_track(packet, &track);
if (r == -1) {
return nullptr;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
int64_t offset = Resource(aType).Tell();
RefPtr<NesteggPacketHolder> holder = new NesteggPacketHolder();
if (!holder->Init(packet, offset, track, false)) {
return nullptr;
return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
}
return holder;
aPacket = holder;
return NS_OK;
}
void
@ -1053,7 +1071,10 @@ WebMTrackDemuxer::Seek(const media::TimeUnit& aTime)
media::TimeUnit seekTime = aTime;
mSamples.Reset();
mParent->SeekInternal(mType, aTime);
mParent->GetNextPacket(mType, &mSamples);
nsresult rv = mParent->GetNextPacket(mType, &mSamples);
if (NS_FAILED(rv)) {
return SeekPromise::CreateAndReject(rv, __func__);
}
mNeedKeyframe = true;
// Check what time we actually seeked to.
@ -1066,15 +1087,18 @@ WebMTrackDemuxer::Seek(const media::TimeUnit& aTime)
return SeekPromise::CreateAndResolve(seekTime, __func__);
}
RefPtr<MediaRawData>
WebMTrackDemuxer::NextSample()
nsresult
WebMTrackDemuxer::NextSample(RefPtr<MediaRawData>& aData)
{
while (mSamples.GetSize() < 1 && mParent->GetNextPacket(mType, &mSamples)) {
nsresult rv;
while (mSamples.GetSize() < 1 &&
NS_SUCCEEDED((rv = mParent->GetNextPacket(mType, &mSamples)))) {
}
if (mSamples.GetSize()) {
return mSamples.PopFront();
aData = mSamples.PopFront();
return NS_OK;
}
return nullptr;
return rv;
}
RefPtr<WebMTrackDemuxer::SamplesPromise>
@ -1083,9 +1107,12 @@ WebMTrackDemuxer::GetSamples(int32_t aNumSamples)
RefPtr<SamplesHolder> samples = new SamplesHolder;
MOZ_ASSERT(aNumSamples);
nsresult rv = NS_ERROR_DOM_MEDIA_END_OF_STREAM;
while (aNumSamples) {
RefPtr<MediaRawData> sample(NextSample());
if (!sample) {
RefPtr<MediaRawData> sample;
rv = NextSample(sample);
if (NS_FAILED(rv)) {
break;
}
if (mNeedKeyframe && !sample->mKeyframe) {
@ -1097,8 +1124,7 @@ WebMTrackDemuxer::GetSamples(int32_t aNumSamples)
}
if (samples->mSamples.IsEmpty()) {
return SamplesPromise::CreateAndReject(NS_ERROR_DOM_MEDIA_END_OF_STREAM,
__func__);
return SamplesPromise::CreateAndReject(rv, __func__);
} else {
UpdateSamples(samples->mSamples);
return SamplesPromise::CreateAndResolve(samples, __func__);
@ -1133,7 +1159,8 @@ WebMTrackDemuxer::SetNextKeyFrameTime()
}
// Demux and buffer frames until we find a keyframe.
RefPtr<MediaRawData> sample;
while (!foundKeyframe && (sample = NextSample())) {
nsresult rv = NS_OK;
while (!foundKeyframe && NS_SUCCEEDED((rv = NextSample(sample)))) {
if (sample->mKeyframe) {
frameTime = sample->mTime;
foundKeyframe = true;
@ -1219,10 +1246,11 @@ WebMTrackDemuxer::SkipToNextRandomAccessPoint(
uint32_t parsed = 0;
bool found = false;
RefPtr<MediaRawData> sample;
nsresult rv = NS_OK;
int64_t sampleTime;
WEBM_DEBUG("TimeThreshold: %f", aTimeThreshold.ToSeconds());
while (!found && (sample = NextSample())) {
while (!found && NS_SUCCEEDED((rv = NextSample(sample)))) {
parsed++;
sampleTime = sample->mTime;
if (sample->mKeyframe && sampleTime >= aTimeThreshold.ToMicroseconds()) {
@ -1231,7 +1259,9 @@ WebMTrackDemuxer::SkipToNextRandomAccessPoint(
mSamples.PushFront(sample.forget());
}
}
SetNextKeyFrameTime();
if (NS_SUCCEEDED(rv)) {
SetNextKeyFrameTime();
}
if (found) {
WEBM_DEBUG("next sample: %f (parsed: %d)",
media::TimeUnit::FromMicroseconds(sampleTime).ToSeconds(),

11
dom/media/webm/WebMDemuxer.h
View File

@ -124,7 +124,8 @@ public:
bool GetOffsetForTime(uint64_t aTime, int64_t* aOffset);
// Demux next WebM packet and append samples to MediaRawDataQueue
bool GetNextPacket(TrackInfo::TrackType aType, MediaRawDataQueue *aSamples);
nsresult GetNextPacket(TrackInfo::TrackType aType,
MediaRawDataQueue *aSamples);
nsresult Reset(TrackInfo::TrackType aType);
@ -192,11 +193,13 @@ private:
// Read a packet from the nestegg file. Returns nullptr if all packets for
// the particular track have been read. Pass TrackInfo::kVideoTrack or
// TrackInfo::kVideoTrack to indicate the type of the packet we want to read.
RefPtr<NesteggPacketHolder> NextPacket(TrackInfo::TrackType aType);
nsresult NextPacket(TrackInfo::TrackType aType,
RefPtr<NesteggPacketHolder>& aPacket);
// Internal method that demuxes the next packet from the stream. The caller
// is responsible for making sure it doesn't get lost.
RefPtr<NesteggPacketHolder> DemuxPacket(TrackInfo::TrackType aType);
nsresult DemuxPacket(TrackInfo::TrackType aType,
RefPtr<NesteggPacketHolder>& aPacket);
// libnestegg audio and video context for webm container.
// Access on reader's thread only.
@ -294,7 +297,7 @@ private:
~WebMTrackDemuxer();
void UpdateSamples(nsTArray<RefPtr<MediaRawData>>& aSamples);
void SetNextKeyFrameTime();
RefPtr<MediaRawData> NextSample ();
nsresult NextSample(RefPtr<MediaRawData>& aData);
RefPtr<WebMDemuxer> mParent;
TrackInfo::TrackType mType;
UniquePtr<TrackInfo> mInfo;

22
dom/security/nsMixedContentBlocker.cpp
View File

@ -864,6 +864,13 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
nsresult stateRV = securityUI->GetState(&state);
OriginAttributes originAttributes;
if (principal) {
originAttributes.Inherit(principal->OriginAttributesRef());
} else if (aRequestPrincipal) {
originAttributes.Inherit(aRequestPrincipal->OriginAttributesRef());
}
bool doHSTSPriming = false;
if (IsEligibleForHSTSPriming(aContentLocation)) {
bool hsts = false;
@ -872,7 +879,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aContentLocation,
0, &cached, &hsts);
0, originAttributes, &cached, &hsts);
NS_ENSURE_SUCCESS(rv, rv);
if (hsts && sUseHSTS) {
@ -907,14 +914,16 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
bool active = (classification == eMixedScript);
if (!aHadInsecureImageRedirect) {
if (XRE_IsParentProcess()) {
AccumulateMixedContentHSTS(innerContentLocation, active, doHSTSPriming);
AccumulateMixedContentHSTS(innerContentLocation, active, doHSTSPriming,
originAttributes);
} else {
// Ask the parent process to do the same call
mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
if (cc) {
mozilla::ipc::URIParams uri;
SerializeURI(innerContentLocation, uri);
cc->SendAccumulateMixedContentHSTS(uri, active, doHSTSPriming);
cc->SendAccumulateMixedContentHSTS(uri, active, doHSTSPriming,
originAttributes);
}
}
}
@ -1097,7 +1106,9 @@ enum MixedContentHSTSPrimingState {
// Record information on when HSTS would have made mixed content not mixed
// content (regardless of whether it was actually blocked)
void
nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bool aHasHSTSPriming)
nsMixedContentBlocker::AccumulateMixedContentHSTS(
nsIURI* aURI, bool aActive, bool aHasHSTSPriming,
const OriginAttributes& aOriginAttributes)
{
// This method must only be called in the parent, because
// nsSiteSecurityService is only available in the parent
@ -1112,7 +1123,8 @@ nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bo
if (NS_FAILED(rv)) {
return;
}
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, 0, nullptr, &hsts);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, 0,
aOriginAttributes, nullptr, &hsts);
if (NS_FAILED(rv)) {
return;
}

5
dom/security/nsMixedContentBlocker.h
View File

@ -28,6 +28,8 @@ enum MixedContentTypes {
#include "nsIChannelEventSink.h"
#include "imgRequest.h"
using mozilla::OriginAttributes;
class nsILoadInfo; // forward declaration
class nsMixedContentBlocker : public nsIContentPolicy,
@ -63,7 +65,8 @@ public:
int16_t* aDecision);
static void AccumulateMixedContentHSTS(nsIURI* aURI,
bool aActive,
bool aHasHSTSPriming);
bool aHasHSTSPriming,
const OriginAttributes& aOriginAttributes);
/* If the document associated with aRequestingContext requires priming for
* aURI, propagate that to the LoadInfo so the HttpChannel will find out about
* it.

5
layout/base/ServoRestyleManager.cpp
View File

@ -12,6 +12,7 @@
#include "mozilla/dom/ChildIterator.h"
#include "nsContentUtils.h"
#include "nsPrintfCString.h"
#include "nsRefreshDriver.h"
#include "nsStyleChangeList.h"
using namespace mozilla::dom;
@ -366,6 +367,10 @@ ServoRestyleManager::ProcessPendingRestyles()
ServoStyleSet* styleSet = StyleSet();
nsIDocument* doc = PresContext()->Document();
// Ensure the refresh driver is active during traversal to avoid mutating
// mActiveTimer and mMostRecentRefresh time.
PresContext()->RefreshDriver()->MostRecentRefresh();
mInStyleRefresh = true;
// Perform the Servo traversal, and the post-traversal if required.

10
layout/base/nsRefreshDriver.cpp
View File

@ -1240,7 +1240,11 @@ nsRefreshDriver::RestoreNormalRefresh()
TimeStamp
nsRefreshDriver::MostRecentRefresh() const
{
const_cast<nsRefreshDriver*>(this)->EnsureTimerStarted();
// In case of stylo traversal, we have already activated the refresh driver in
// ServoRestyleManager::ProcessPendingRestyles().
if (!ServoStyleSet::IsInServoTraversal()) {
const_cast<nsRefreshDriver*>(this)->EnsureTimerStarted();
}
return mMostRecentRefresh;
}
@ -1323,6 +1327,10 @@ nsRefreshDriver::RemoveImageRequest(imgIRequest* aRequest)
void
nsRefreshDriver::EnsureTimerStarted(EnsureTimerStartedFlags aFlags)
{
MOZ_ASSERT(!ServoStyleSet::IsInServoTraversal(),
"EnsureTimerStarted should be called only when we are not "
"in servo traversal");
if (mTestControllingRefreshes)
return;

16
layout/reftests/css-grid/reftest-stylo.list
View File

@ -162,7 +162,7 @@ fails == grid-item-margin-right-auto-002.html grid-item-margin-right-auto-002.ht
fails == grid-item-margin-right-auto-003.html grid-item-margin-right-auto-003.html
fails == grid-item-margin-right-auto-004.html grid-item-margin-right-auto-004.html
fails == grid-container-min-max-width-height-001.html grid-container-min-max-width-height-001.html
fails == grid-clamping-001.html grid-clamping-001.html
== grid-clamping-001.html grid-clamping-001.html
fails == grid-clamping-002.html grid-clamping-002.html
fails == grid-repeat-auto-fill-fit-001.html grid-repeat-auto-fill-fit-001.html
fails == grid-repeat-auto-fill-fit-002.html grid-repeat-auto-fill-fit-002.html
@ -175,7 +175,7 @@ fails == grid-repeat-auto-fill-fit-008.html grid-repeat-auto-fill-fit-008.html
fails == grid-repeat-auto-fill-fit-009.html grid-repeat-auto-fill-fit-009.html
fails == grid-repeat-auto-fill-fit-010.html grid-repeat-auto-fill-fit-010.html
fails == grid-repeat-auto-fill-fit-011.html grid-repeat-auto-fill-fit-011.html
fails asserts-if(stylo,144) == grid-item-blockifying-001.html grid-item-blockifying-001.html # bug 1335339
fails asserts-if(stylo,48) == grid-item-blockifying-001.html grid-item-blockifying-001.html # bug 1335339
fails == grid-fragmentation-001.html grid-fragmentation-001.html
fails == grid-fragmentation-002.html grid-fragmentation-002.html
fails == grid-fragmentation-003.html grid-fragmentation-003.html
@ -218,7 +218,7 @@ fails == grid-fragmentation-dyn3-003.html grid-fragmentation-dyn3-003.html
fails == grid-fragmentation-dyn4-004.html grid-fragmentation-dyn4-004.html
fails == grid-fragmentation-dyn4-005.html grid-fragmentation-dyn4-005.html
fails == grid-fragmentation-dyn5-005.html grid-fragmentation-dyn5-005.html
fails == grid-fragmentation-dyn1-006.html grid-fragmentation-dyn1-006.html
skip == grid-fragmentation-dyn1-006.html grid-fragmentation-dyn1-006.html
fails == grid-fragmentation-dyn3-007.html grid-fragmentation-dyn3-007.html
fails == grid-fragmentation-dyn5-007.html grid-fragmentation-dyn5-007.html
fails == grid-fragmentation-dyn5-008.html grid-fragmentation-dyn5-008.html
@ -230,11 +230,11 @@ fails == grid-fragmentation-dyn1-016.html grid-fragmentation-dyn1-016.html
fails == grid-fragmentation-dyn5-016.html grid-fragmentation-dyn5-016.html
fails == grid-fragmentation-dyn3-017.html grid-fragmentation-dyn3-017.html
fails == grid-fragmentation-dyn2-018.html grid-fragmentation-dyn2-018.html
fails == grid-fragmentation-dyn1-019.html grid-fragmentation-dyn1-019.html
fails == grid-fragmentation-dyn2-019.html grid-fragmentation-dyn2-019.html
fails == grid-fragmentation-dyn3-019.html grid-fragmentation-dyn3-019.html
fails == grid-fragmentation-dyn4-019.html grid-fragmentation-dyn4-019.html
fails == grid-fragmentation-dyn5-019.html grid-fragmentation-dyn5-019.html
# fails == grid-fragmentation-dyn1-019.html grid-fragmentation-dyn1-019.html # bug 1341104
# fails == grid-fragmentation-dyn2-019.html grid-fragmentation-dyn2-019.html # bug 1341104
# fails == grid-fragmentation-dyn3-019.html grid-fragmentation-dyn3-019.html # bug 1341104
# fails == grid-fragmentation-dyn4-019.html grid-fragmentation-dyn4-019.html # bug 1341104
# fails == grid-fragmentation-dyn5-019.html grid-fragmentation-dyn5-019.html # bug 1341104
fails == grid-fragmentation-dyn1-020.html grid-fragmentation-dyn1-020.html
fails == grid-fragmentation-dyn2-020.html grid-fragmentation-dyn2-020.html
skip == grid-fragmentation-dyn1-021.html grid-fragmentation-dyn1-021.html

2
layout/reftests/svg/reftest-stylo.list
View File

@ -43,7 +43,7 @@ fuzzy-if(/^Windows\x20NT\x2010\.0/.test(http.oscpu)||/^Windows\x20NT\x206\.[12]/
== clipPath-basic-07.svg clipPath-basic-07.svg
== clipPath-winding-01.svg clipPath-winding-01.svg
== clip-surface-clone-01.svg clip-surface-clone-01.svg
fails == comments-in-pres-attrs.svg pass.svg
== comments-in-pres-attrs.svg pass.svg
== conditions-01.svg conditions-01.svg
== conditions-02.svg conditions-02.svg
== conditions-03.svg conditions-03.svg

4
layout/style/test/stylo-failures.md
View File

@ -415,10 +415,6 @@ Any line which doesn't follow the format above would be ignored like comment.
* calc() doesn't support number value servo/servo#15205
* test_value_storage.html `calc(1 +` [1]
* ... `calc(-2.5)` [1]
* incorrect parsing function for column-{gap,width} servo/servo#15088
* test_compute_data_with_start_struct.html ` column-` [4]
* test_value_storage.html `column-gap` [3]
* ... `column-width` [3]
* size part of shorthand background/mask always desires two values servo/servo#15199
* test_value_storage.html `'background'` [18]
* ... `/ auto none` [34]

7
modules/libpref/init/all.js
View File

@ -1257,7 +1257,7 @@ pref("privacy.trackingprotection.lower_network_priority", false);
pref("dom.event.contextmenu.enabled", true);
pref("dom.event.clipboardevents.enabled", true);
#if defined(XP_WIN) && !defined(RELEASE_OR_BETA) || defined(MOZ_WIDGET_GTK) && !defined(RELEASE_OR_BETA) || defined(XP_MACOSX) && !defined(RELEASE_OR_BETA)
#if defined(XP_WIN) && !defined(RELEASE_OR_BETA) || defined(MOZ_WIDGET_GTK) && !defined(RELEASE_OR_BETA) || defined(XP_MACOSX) && !defined(RELEASE_OR_BETA) || defined(MOZ_WIDGET_ANDROID) && !defined(RELEASE_OR_BETA)
pref("dom.event.highrestimestamp.enabled", true);
#else
pref("dom.event.highrestimestamp.enabled", false);
@ -1487,8 +1487,9 @@ pref("network.http.accept.default", "text/html,application/xhtml+xml,application
// Prefs allowing granular control of referers
// 0=don't send any, 1=send only on clicks, 2=send on image requests as well
pref("network.http.sendRefererHeader", 2);
// 0=no referrer, 1=same origin, 2=strict-origin-when-cross-origin,
// 3=no-referre-when-downgrade(default)
// Set the default Referrer Policy to be used unless overriden by the site
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin,
// 3=no-referrer-when-downgrade
pref("network.http.referer.userControlPolicy", 3);
// false=real referer, true=spoof referer (use target URI as referer)
pref("network.http.referer.spoofSource", false);

5
mozglue/misc/TimeStamp.h
View File

@ -423,9 +423,12 @@ public:
* on platforms that support vsync aligned refresh drivers / compositors
* Verified true as of Jan 31, 2015: B2G and OS X
* False on Windows 7
* Android's event time uses CLOCK_MONOTONIC via SystemClock.uptimeMilles.
* So it is same value of TimeStamp posix implementation.
* UNTESTED ON OTHER PLATFORMS
*/
#if defined(MOZ_WIDGET_GONK) || defined(XP_DARWIN)
#if defined(MOZ_WIDGET_GONK) || defined(XP_DARWIN) || \
defined(MOZ_WIDGET_ANDROID)
static TimeStamp FromSystemTime(int64_t aSystemTime)
{
static_assert(sizeof(aSystemTime) == sizeof(TimeStampValue),

3
netwerk/base/nsNetUtil.cpp
View File

@ -2164,6 +2164,7 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
nsIPrincipal* aChannelResultPrincipal,
bool aPrivateBrowsing,
bool aAllowSTS,
const OriginAttributes& aOriginAttributes,
bool& aShouldUpgrade)
{
// Even if we're in private browsing mode, we still enforce existing STS
@ -2222,7 +2223,7 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
bool isStsHost = false;
uint32_t flags = aPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags,
nullptr, &isStsHost);
aOriginAttributes, nullptr, &isStsHost);
// if the SSS check fails, it's likely because this load is on a
// malformed URI or something else in the setup is wrong, so any error

1
netwerk/base/nsNetUtil.h
View File

@ -955,6 +955,7 @@ nsresult NS_ShouldSecureUpgrade(nsIURI* aURI,
nsIPrincipal* aChannelResultPrincipal,
bool aPrivateBrowsing,
bool aAllowSTS,
const mozilla::OriginAttributes& aOriginAttributes,
bool& aShouldUpgrade);
/**

13
netwerk/protocol/http/HSTSPrimerListener.cpp
View File

@ -149,8 +149,12 @@ HSTSPrimingListener::CheckHSTSPrimingRequestStatus(nsIRequest* aRequest)
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_TRUE(uri, NS_ERROR_CONTENT_BLOCKED);
OriginAttributes originAttributes;
NS_GetOriginAttributes(httpChannel, originAttributes);
bool hsts;
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, 0, nullptr, &hsts);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, 0,
originAttributes, nullptr, &hsts);
NS_ENSURE_SUCCESS(rv, rv);
if (hsts) {
@ -222,7 +226,12 @@ HSTSPrimingListener::StartHSTSPriming(nsIChannel* aRequestChannel,
bool cached;
nsCOMPtr<nsISiteSecurityService> sss = do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, 0, &cached, &hsts);
OriginAttributes originAttributes;
NS_GetOriginAttributes(aRequestChannel, originAttributes);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, 0,
originAttributes, &cached, &hsts);
NS_ENSURE_SUCCESS(rv, rv);
if (hsts) {

3
netwerk/protocol/http/HttpChannelChild.cpp
View File

@ -2944,11 +2944,14 @@ HttpChannelChild::ShouldInterceptURI(nsIURI* aURI,
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
}
OriginAttributes originAttributes;
NS_ENSURE_TRUE(NS_GetOriginAttributes(this, originAttributes), false);
rv = NS_ShouldSecureUpgrade(aURI,
mLoadInfo,
resultPrincipal,
mPrivateBrowsing,
mAllowSTS,
originAttributes,
aShouldUpgrade);
NS_ENSURE_SUCCESS(rv, false);

14
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -389,12 +389,17 @@ nsHttpChannel::Connect()
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
}
OriginAttributes originAttributes;
if (!NS_GetOriginAttributes(this, originAttributes)) {
return NS_ERROR_FAILURE;
}
bool shouldUpgrade = false;
rv = NS_ShouldSecureUpgrade(mURI,
mLoadInfo,
resultPrincipal,
mPrivateBrowsing,
mAllowSTS,
originAttributes,
shouldUpgrade);
NS_ENSURE_SUCCESS(rv, rv);
if (shouldUpgrade) {
@ -1633,9 +1638,12 @@ nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
// Process header will now discard the headers itself if the channel
// wasn't secure (whereas before it had to be checked manually)
OriginAttributes originAttributes;
NS_GetOriginAttributes(this, originAttributes);
uint32_t failureResult;
rv = sss->ProcessHeader(aType, mURI, securityHeader, aSSLStatus,
aFlags, nullptr, nullptr, &failureResult);
aFlags, originAttributes, nullptr, nullptr,
&failureResult);
if (NS_FAILED(rv)) {
nsAutoString consoleErrorCategory;
nsAutoString consoleErrorTag;
@ -8276,8 +8284,10 @@ nsHttpChannel::OnHSTSPrimingFailed(nsresult aError, bool aCached)
// security.mixed_content.hsts_priming_cache_timeout seconds.
nsISiteSecurityService* sss = gHttpHandler->GetSSService();
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
OriginAttributes originAttributes;
NS_GetOriginAttributes(this, originAttributes);
nsresult rv = sss->CacheNegativeHSTSResult(mURI,
nsMixedContentBlocker::sHSTSPrimingCacheTimeout);
nsMixedContentBlocker::sHSTSPrimingCacheTimeout, originAttributes);
if (NS_FAILED(rv)) {
NS_ERROR("nsISiteSecurityService::CacheNegativeHSTSResult failed");
}

26
netwerk/protocol/http/nsHttpHandler.cpp
View File

@ -2277,9 +2277,22 @@ nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI,
uint32_t flags = 0;
if (loadContext && loadContext->UsePrivateBrowsing())
flags |= nsISocketProvider::NO_PERMANENT_STORAGE;
OriginAttributes originAttributes;
// If the principal is given, we use the originAttributes from this
// principal. Otherwise, we use the originAttributes from the
// loadContext.
if (aPrincipal) {
originAttributes.Inherit(aPrincipal->OriginAttributesRef());
} else if (loadContext) {
loadContext->GetOriginAttributes(originAttributes);
originAttributes.StripAttributes(OriginAttributes::STRIP_ADDON_ID);
}
nsCOMPtr<nsIURI> clone;
if (NS_SUCCEEDED(sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
aURI, flags, nullptr, &isStsHost)) &&
aURI, flags, originAttributes,
nullptr, &isStsHost)) &&
isStsHost) {
if (NS_SUCCEEDED(NS_GetSecureUpgradedURI(aURI,
getter_AddRefs(clone)))) {
@ -2325,17 +2338,6 @@ nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI,
nsAutoCString username;
aURI->GetUsername(username);
OriginAttributes originAttributes;
// If the principal is given, we use the originAttributes from this
// principal. Otherwise, we use the originAttributes from the
// loadContext.
if (aPrincipal) {
originAttributes.Inherit(aPrincipal->OriginAttributesRef());
} else if (loadContext) {
loadContext->GetOriginAttributes(originAttributes);
originAttributes.StripAttributes(OriginAttributes::STRIP_ADDON_ID);
}
auto *ci =
new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr,
originAttributes, usingSSL);

4
security/certverifier/NSSCertDBTrustDomain.cpp
View File

@ -867,8 +867,8 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
(mPinningMode == CertVerifier::pinningEnforceTestMode);
bool chainHasValidPins;
nsresult nsrv = PublicKeyPinningService::ChainHasValidPins(
certList, mHostname, time, enforceTestMode, chainHasValidPins,
mPinningTelemetryInfo);
certList, mHostname, time, enforceTestMode, mOriginAttributes,
chainHasValidPins, mPinningTelemetryInfo);
if (NS_FAILED(nsrv)) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}

31
security/manager/ssl/PublicKeyPinningService.cpp
View File

@ -164,6 +164,7 @@ PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
// Dynamic pins are prioritized over static pins.
static nsresult
FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
const OriginAttributes& originAttributes,
/*out*/ nsTArray<nsCString>& dynamicFingerprints,
/*out*/ const TransportSecurityPreload*& staticFingerprints)
{
@ -190,7 +191,8 @@ FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
bool includeSubdomains;
nsTArray<nsCString> pinArray;
rv = sssService->GetKeyPinsForHostname(nsDependentCString(evalHost), time,
pinArray, &includeSubdomains, &found);
originAttributes, pinArray,
&includeSubdomains, &found);
if (NS_FAILED(rv)) {
return rv;
}
@ -241,6 +243,7 @@ FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
static nsresult
CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
bool enforceTestMode, mozilla::pkix::Time time,
const OriginAttributes& originAttributes,
/*out*/ bool& chainHasValidPins,
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
{
@ -254,8 +257,8 @@ CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
nsTArray<nsCString> dynamicFingerprints;
const TransportSecurityPreload* staticFingerprints = nullptr;
nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints,
staticFingerprints);
nsresult rv = FindPinningInformation(hostname, time, originAttributes,
dynamicFingerprints, staticFingerprints);
// If we have no pinning information, the certificate chain trivially
// validates with respect to pinning.
if (dynamicFingerprints.Length() == 0 && !staticFingerprints) {
@ -326,12 +329,14 @@ CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
}
nsresult
PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
/*out*/ bool& chainHasValidPins,
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
PublicKeyPinningService::ChainHasValidPins(
const UniqueCERTCertList& certList,
const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
const OriginAttributes& originAttributes,
/*out*/ bool& chainHasValidPins,
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
{
chainHasValidPins = false;
if (!certList) {
@ -342,14 +347,15 @@ PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
}
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
return CheckPinsForHostname(certList, canonicalizedHostname.get(),
enforceTestMode, time, chainHasValidPins,
pinningTelemetryInfo);
enforceTestMode, time, originAttributes,
chainHasValidPins, pinningTelemetryInfo);
}
nsresult
PublicKeyPinningService::HostHasPins(const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
const OriginAttributes& originAttributes,
/*out*/ bool& hostHasPins)
{
hostHasPins = false;
@ -357,7 +363,8 @@ PublicKeyPinningService::HostHasPins(const char* hostname,
nsTArray<nsCString> dynamicFingerprints;
const TransportSecurityPreload* staticFingerprints = nullptr;
nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time,
dynamicFingerprints, staticFingerprints);
originAttributes, dynamicFingerprints,
staticFingerprints);
if (NS_FAILED(rv)) {
return rv;
}

8
security/manager/ssl/PublicKeyPinningService.h
View File

@ -12,6 +12,12 @@
#include "nsTArray.h"
#include "pkix/Time.h"
namespace mozilla {
class OriginAttributes;
}
using mozilla::OriginAttributes;
namespace mozilla {
namespace psm {
@ -31,6 +37,7 @@ public:
const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
const OriginAttributes& originAttributes,
/*out*/ bool& chainHasValidPins,
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo);
/**
@ -50,6 +57,7 @@ public:
static nsresult HostHasPins(const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
const OriginAttributes& originAttributes,
/*out*/ bool& hostHasPins);
/**

2
security/manager/ssl/SSLServerCertVerification.cpp
View File

@ -524,6 +524,7 @@ CertErrorRunnable::CheckCertOverrides()
nsrv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
uri,
mProviderFlags,
mInfoObject->GetOriginAttributes(),
nullptr,
&strictTransportSecurityEnabled);
if (NS_FAILED(nsrv)) {
@ -535,6 +536,7 @@ CertErrorRunnable::CheckCertOverrides()
nsrv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP,
uri,
mProviderFlags,
mInfoObject->GetOriginAttributes(),
nullptr,
&hasPinningInformation);
if (NS_FAILED(nsrv)) {

2
security/manager/ssl/StaticHPKPins.h
View File

@ -1157,4 +1157,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1495991313339000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1496072272084000);

88
security/manager/ssl/nsISiteSecurityService.idl
View File

@ -23,6 +23,7 @@ namespace mozilla
%}
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
[ref] native mozillaPkixTime(mozilla::pkix::Time);
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
// [infallible] attributes are only allowed on [builtinclass]
[scriptable, uuid(31313372-842c-4110-bdf1-6aea17c845ad), builtinclass]
@ -33,6 +34,9 @@ interface nsISiteSecurityState : nsISupports
[infallible] readonly attribute short securityPropertyState;
[infallible] readonly attribute boolean includeSubdomains;
[implicit_jscontext]
readonly attribute jsval originAttributes;
/*
* SECURITY_PROPERTY_SET and SECURITY_PROPERTY_UNSET correspond to indicating
* a site has or does not have the security property in question,
@ -103,6 +107,11 @@ interface nsISiteSecurityService : nsISupports
* @param aSSLStatus the SSLStatus of the current channel.
* @param aFlags options for this request as defined in nsISocketProvider:
* NO_PERMANENT_STORAGE
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
* @param aMaxAge the parsed max-age directive of the header.
* @param aIncludeSubdomains the parsed includeSubdomains directive.
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
@ -112,11 +121,24 @@ interface nsISiteSecurityService : nsISupports
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
* if there are unrecognized tokens in the header.
*/
[binaryname(ProcessHeader), noscript]
void processHeaderNative(in uint32_t aType,
in nsIURI aSourceURI,
in ACString aHeader,
in nsISSLStatus aSSLStatus,
in uint32_t aFlags,
in const_OriginAttributesRef aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
[binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc]
void processHeader(in uint32_t aType,
in nsIURI aSourceURI,
in ACString aHeader,
in nsISSLStatus aSSLStatus,
in uint32_t aFlags,
[optional] in jsval aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
@ -130,10 +152,17 @@ interface nsISiteSecurityService : nsISupports
* @param aURI the URI of the target host
* @param aFlags options for this request as defined in nsISocketProvider:
* NO_PERMANENT_STORAGE
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
*/
[implicit_jscontext, optional_argc]
void removeState(in uint32_t aType,
in nsIURI aURI,
in uint32_t aFlags);
in uint32_t aFlags,
[optional] in jsval aOriginAttributes);
/**
* Checks whether or not the URI's hostname has a given security state set.
@ -148,10 +177,23 @@ interface nsISiteSecurityService : nsISupports
* @param aURI the URI to query for STS state.
* @param aFlags options for this request as defined in nsISocketProvider:
* NO_PERMANENT_STORAGE
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
* @param aCached true if we have cached information regarding whether or not
* the host is HSTS, false otherwise.
*/
[binaryname(IsSecureURI), noscript]
boolean isSecureURINative(in uint32_t aType, in nsIURI aURI,
in uint32_t aFlags,
in const_OriginAttributesRef aOriginAttributes,
[optional] out boolean aCached);
[binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc]
boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags,
[optional] in jsval aOriginAttributes,
[optional] out boolean aCached);
/**
@ -174,14 +216,21 @@ interface nsISiteSecurityService : nsISupports
* @param aHostname the hostname (punycode) to be queried about
* @param evalTime the time at which the pins should be valid. This is in
mozilla::pkix::Time which uses internally seconds since 0 AD.
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
* @param aPinArray the set of sha256-hashed key pins for the given domain
* @param aIncludeSubdomains true if the pins apply to subdomains of the
* given domain
*/
[noscript] boolean getKeyPinsForHostname(in ACString aHostname,
in mozillaPkixTime evalTime,
out nsCStringTArrayRef aPinArray,
out boolean aIncludeSubdomains);
[noscript] boolean getKeyPinsForHostname(
in ACString aHostname,
in mozillaPkixTime evalTime,
in const_OriginAttributesRef aOriginAttributes,
out nsCStringTArrayRef aPinArray,
out boolean aIncludeSubdomains);
/**
* Set public-key pins for a host. The resulting pins will be permanent
@ -195,11 +244,18 @@ interface nsISiteSecurityService : nsISupports
* @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
* @param aIsPreload are these key pins for a preload entry? (false by
* default)
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
*/
boolean setKeyPins(in ACString aHost, in boolean aIncludeSubdomains,
in int64_t aExpires, in unsigned long aPinCount,
[array, size_is(aPinCount)] in string aSha256Pins,
[optional] in boolean aIsPreload);
[implicit_jscontext, optional_argc]
boolean setKeyPins(in ACString aHost, in boolean aIncludeSubdomains,
in int64_t aExpires, in unsigned long aPinCount,
[array, size_is(aPinCount)] in string aSha256Pins,
[optional] in boolean aIsPreload,
[optional] in jsval aOriginAttributes);
/**
* Set an HSTS preload entry for a host. The resulting entries will be
@ -211,8 +267,9 @@ interface nsISiteSecurityService : nsISupports
* @param aIncludeSubdomains whether this entry also applies to subdomains
* @param aExpires the time this entry should expire (millis since epoch)
*/
boolean setHSTSPreload(in ACString aHost, in boolean aIncludesSubdomains,
in int64_t aExpires);
boolean setHSTSPreload(in ACString aHost,
in boolean aIncludesSubdomains,
in int64_t aExpires);
/**
* Mark a host as declining to provide a given security state so that features
@ -220,8 +277,15 @@ interface nsISiteSecurityService : nsISupports
*
* @param aURI the nsIURI that this applies to
* @param aMaxAge lifetime (in seconds) of this negative cache
* @param aOriginAttributes the origin attributes that isolate this origin,
* (note that this implementation does not isolate
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
*/
[noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge);
[noscript] void cacheNegativeHSTSResult(
in nsIURI aURI, in unsigned long long aMaxAge,
in const_OriginAttributesRef aOriginAttributes);
/**
* Returns an enumerator of the nsISiteSecurityService storage. Each item in

152
security/manager/ssl/nsSTSPreloadList.errors
View File

@ -16,15 +16,14 @@
123plons.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
123test.de: did not receive HSTS header
126ium.moe: could not connect to host
127011-networks.ch: could not connect to host
127011-networks.ch: did not receive HSTS header
12vpnchina.com: could not connect to host
16packets.com: could not connect to host
1a-jva.de: did not receive HSTS header
1k8b.com: could not connect to host
1p.ro: could not connect to host
1password.com: did not receive HSTS header
1xcess.com: did not receive HSTS header
1years.cc: could not connect to host
1years.cc: did not receive HSTS header
206rc.net: max-age too low: 2592000
247loan.com: max-age too low: 0
25daysof.io: could not connect to host
@ -45,6 +44,7 @@
3yearloans.com: max-age too low: 0
404.sh: max-age too low: 0
404404.info: could not connect to host
41844.de: could not connect to host
420dongstorm.com: could not connect to host
42ms.org: could not connect to host
4455software.com: did not receive HSTS header
@ -294,7 +294,6 @@ ars-design.net: could not connect to host
ars.toscana.it: max-age too low: 0
artiming.com: could not connect to host
artistnetwork.nl: did not receive HSTS header
artofeyes.nl: did not receive HSTS header
arturkohut.com: could not connect to host
arvamus.eu: could not connect to host
as.se: could not connect to host
@ -343,6 +342,7 @@ auraredshield.com: did not receive HSTS header
auroratownshipfd.org: could not connect to host
ausnah.me: could not connect to host
ausoptic.com.au: max-age too low: 2592000
aussiecable.org: could not connect to host
auszeit.bio: did not receive HSTS header
auth.mail.ru: did not receive HSTS header
authentication.io: could not connect to host
@ -363,12 +363,14 @@ aviacao.pt: did not receive HSTS header
avinet.com: max-age too low: 0
avqueen.cn: did not receive HSTS header
avril4th.com: could not connect to host
avus-automobile.com: did not receive HSTS header
awg-mode.de: did not receive HSTS header
axado.com.br: did not receive HSTS header
axeny.com: did not receive HSTS header
az.search.yahoo.com: did not receive HSTS header
azprep.us: could not connect to host
azuxul.fr: could not connect to host
b303.me: did not receive HSTS header
b3orion.com: max-age too low: 0
b64.club: could not connect to host
baby-click.de: did not receive HSTS header
@ -388,7 +390,6 @@ bakingstone.com: could not connect to host
bakkerdesignandbuild.com: did not receive HSTS header
balcan-underground.net: could not connect to host
baldwinkoo.com: could not connect to host
balonmano.co: could not connect to host
bandb.xyz: could not connect to host
bandrcrafts.com: could not connect to host
bannisbierblog.de: could not connect to host
@ -408,6 +409,7 @@ bckp.de: did not receive HSTS header
bcm.com.au: max-age too low: 0
bcnx.de: max-age too low: 0
bcsytv.com: could not connect to host
bcvps.com: could not connect to host
bcweightlifting.ca: could not connect to host
be.search.yahoo.com: did not receive HSTS header
beach-inspector.com: did not receive HSTS header
@ -488,6 +490,7 @@ bitheus.com: could not connect to host
bithosting.io: did not receive HSTS header
bitnet.io: did not receive HSTS header
bitsafe.systems: did not receive HSTS header
bittmann.me: could not connect to host
bitvigor.com: could not connect to host
bityes.org: could not connect to host
bivsi.com: could not connect to host
@ -563,7 +566,7 @@ brandon.so: could not connect to host
brandred.net: could not connect to host
brandspray.com: did not receive HSTS header
brettabel.com: did not receive HSTS header
brianmwaters.net: did not receive HSTS header
brianmwaters.net: could not connect to host
brickoo.com: could not connect to host
brilliantbuilders.co.uk: could not connect to host
britzer-toner.de: did not receive HSTS header
@ -629,6 +632,7 @@ cake.care: could not connect to host
calendarr.com: did not receive HSTS header
calgaryconstructionjobs.com: did not receive HSTS header
calix.com: max-age too low: 0
call.me: did not receive HSTS header
calltrackingreports.com: could not connect to host
calvin.me: max-age too low: 2592000
calvinallen.net: did not receive HSTS header
@ -726,7 +730,6 @@ childcaresolutionscny.org: did not receive HSTS header
chinacdn.org: could not connect to host
chinawhale.com: did not receive HSTS header
chirgui.eu: could not connect to host
chloe.re: could not connect to host
chm.vn: did not receive HSTS header
chontalpa.pw: could not connect to host
chopperforums.com: did not receive HSTS header
@ -765,7 +768,6 @@ clara-baumert.de: could not connect to host
classicsandexotics.com: did not receive HSTS header
classicspublishing.com: could not connect to host
clcleaningco.com: could not connect to host
cldly.com: could not connect to host
cleanexperts.co.uk: could not connect to host
cleaningsquad.ca: could not connect to host
cleanmta.com: could not connect to host
@ -787,6 +789,7 @@ cloudcy.net: could not connect to host
clouddesktop.co.nz: could not connect to host
cloudey.net: did not receive HSTS header
cloudflare.com: did not receive HSTS header
cloudily.com: could not connect to host
cloudimag.es: could not connect to host
cloudlink.club: could not connect to host
cloudns.com.au: could not connect to host
@ -809,7 +812,6 @@ cmsbattle.com: could not connect to host
cmscafe.ru: did not receive HSTS header
cn.search.yahoo.com: did not receive HSTS header
cni-certing.it: max-age too low: 0
cnwarn.com: could not connect to host
co50.com: did not receive HSTS header
cocaine-import.agency: could not connect to host
cocktailfuture.fr: could not connect to host
@ -906,6 +908,7 @@ crowdcurity.com: did not receive HSTS header
crowdjuris.com: could not connect to host
crtvmgmt.com: could not connect to host
crudysql.com: could not connect to host
crufad.org: did not receive HSTS header
cruzr.xyz: could not connect to host
crypt.guru: could not connect to host
crypticshell.co.uk: could not connect to host
@ -946,6 +949,7 @@ cuvva.insure: did not receive HSTS header
cyanogenmod.xxx: could not connect to host
cyberpunk.ca: could not connect to host
cybershambles.com: could not connect to host
cyclebeads.com: could not connect to host
cycleluxembourg.lu: did not receive HSTS header
cydia-search.io: could not connect to host
cyphertite.com: could not connect to host
@ -991,7 +995,7 @@ datarank.com: max-age too low: 0
dataretention.solutions: could not connect to host
datatekniikka.com: could not connect to host
datenkeks.de: did not receive HSTS header
dateno1.com: max-age too low: 2592000
dateno1.com: max-age too low: 0
datenreiter.cf: could not connect to host
datenreiter.gq: could not connect to host
datenreiter.ml: could not connect to host
@ -1012,7 +1016,7 @@ dcurt.is: did not receive HSTS header
dden.ca: could not connect to host
dden.website: could not connect to host
dden.xyz: could not connect to host
ddfreedish.site: max-age too low: 1
ddfreedish.site: did not receive HSTS header
debank.tv: did not receive HSTS header
debatch.se: could not connect to host
debian-vhost.de: did not receive HSTS header
@ -1052,18 +1056,18 @@ derevtsov.com: did not receive HSTS header
derhil.de: did not receive HSTS header
derwolfe.net: did not receive HSTS header
desiccantpackets.com: did not receive HSTS header
designgears.com: could not connect to host
designgears.com: did not receive HSTS header
designthinking.or.jp: did not receive HSTS header
despora.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
destinationbijoux.fr: could not connect to host
detector.exposed: could not connect to host
devcu.net: did not receive HSTS header
devdesco.com: could not connect to host
devh.net: could not connect to host
deviltracks.net: could not connect to host
devincrow.me: could not connect to host
devopsconnected.com: could not connect to host
devtub.com: did not receive HSTS header
devuan.org: did not receive HSTS header
dewin.io: could not connect to host
dhpcs.com: did not receive HSTS header
dhpiggott.net: did not receive HSTS header
diablotine.rocks: could not connect to host
@ -1108,7 +1112,6 @@ docset.io: could not connect to host
docufiel.com: could not connect to host
doeswindowssuckforeveryoneorjustme.com: could not connect to host
dogbox.se: did not receive HSTS header
dogmap.jp: could not connect to host
dohosting.ru: could not connect to host
dokan.online: could not connect to host
dollarstore24.com: could not connect to host
@ -1141,6 +1144,7 @@ draw.uy: could not connect to host
drdevil.ru: could not connect to host
drdim.ru: could not connect to host
dreadbyte.com: could not connect to host
drewgle.net: could not connect to host
drhopeson.com: could not connect to host
drishti.guru: could not connect to host
drive.google.com: did not receive HSTS header (error ignored - included regardless)
@ -1162,7 +1166,6 @@ dylanscott.com.au: did not receive HSTS header
dymersion.com: did not receive HSTS header
dzimejl.sk: did not receive HSTS header
dzlibs.io: could not connect to host
dzndk.net: could not connect to host
dzndk.org: could not connect to host
e-aut.net: did not receive HSTS header
e-deca2.org: did not receive HSTS header
@ -1241,6 +1244,7 @@ emnitech.com: could not connect to host
empleosentorreon.mx: could not connect to host
empleostampico.com: did not receive HSTS header
enaah.de: could not connect to host
enaia.fr: could not connect to host
enargia.jp: max-age too low: 0
encode.host: did not receive HSTS header
encode.space: did not receive HSTS header
@ -1251,12 +1255,7 @@ end.pp.ua: could not connect to host
endlessdark.net: max-age too low: 600
endlessdiy.ca: could not connect to host
endlesstone.com: did not receive HSTS header
endohaus.ca: could not connect to host
endohaus.com: could not connect to host
endohaus.eu: could not connect to host
endohaus.us: could not connect to host
enersec.co.uk: could not connect to host
enfoqueseguro.com: did not receive HSTS header
engelwerbung.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
enigmacpt.com: did not receive HSTS header
enigmail.net: did not receive HSTS header
@ -1296,7 +1295,7 @@ errlytics.com: [Exception... "Component returned failure code: 0x80004005 (NS_ER
errolz.com: could not connect to host
errors.zenpayroll.com: could not connect to host
ersindemirtas.com: did not receive HSTS header
escotour.com: could not connect to host
escotour.com: did not receive HSTS header
esec.rs: did not receive HSTS header
esko.bar: could not connect to host
esln.org: did not receive HSTS header
@ -1306,7 +1305,6 @@ esquonic.com: could not connect to host
essexcosmeticdentists.co.uk: did not receive HSTS header
essexghosthunters.co.uk: did not receive HSTS header
estilosapeca.com: could not connect to host
estoic.net: could not connect to host
et-buchholz.de: could not connect to host
etdonline.co.uk: could not connect to host
eternitylove.us: could not connect to host
@ -1369,10 +1367,8 @@ familie-zimmermann.at: could not connect to host
familjenm.se: could not connect to host
fanyl.cn: could not connect to host
farhadexchange.com: did not receive HSTS header
farhood.org: could not connect to host
fashioncare.cz: did not receive HSTS header
fasset.jp: could not connect to host
fastconfirm.com: could not connect to host
fastograph.com: could not connect to host
fastopen.ml: could not connect to host
fatgeekflix.net: could not connect to host
@ -1388,7 +1384,6 @@ fedux.com.ar: could not connect to host
feezmodo.com: max-age too low: 0
felisslovakia.sk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
feliwyn.fr: did not receive HSTS header
felixklein.at: could not connect to host
feminists.co: could not connect to host
fenteo.com: could not connect to host
feragon.net: did not receive HSTS header
@ -1400,6 +1395,7 @@ fexmen.com: could not connect to host
ffmradio.de: did not receive HSTS header
fhdhelp.de: could not connect to host
fhdhilft.de: could not connect to host
fifieldtech.com: could not connect to host
fiftyshadesofluca.ml: could not connect to host
fig.co: did not receive HSTS header
fightr.co: could not connect to host
@ -1436,6 +1432,7 @@ flamewall.net: could not connect to host
flareon.net: could not connect to host
flawcheck.com: did not receive HSTS header
fleurette.me: max-age too low: 0
fleximus.org: could not connect to host
fliexer.com: could not connect to host
flirchi.com: did not receive HSTS header
floless.co.uk: did not receive HSTS header
@ -1469,7 +1466,7 @@ fotm.net: did not receive HSTS header
fotocerita.net: could not connect to host
fotografosexpertos.com: did not receive HSTS header
fotopasja.info: could not connect to host
fourchin.net: could not connect to host
fourchin.net: did not receive HSTS header
foxdev.io: could not connect to host
foxelbox.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
foxley-farm.co.uk: did not receive HSTS header
@ -1537,11 +1534,9 @@ g2g.com: did not receive HSTS header
g4w.co: did not receive HSTS header (error ignored - included regardless)
g5led.nl: could not connect to host
gabber.scot: could not connect to host
gabi.com.es: could not connect to host
gabi.soy: could not connect to host
gabi.uno: could not connect to host
gaelleetarnaud.com: did not receive HSTS header
gafachi.com: could not connect to host
gaiserik.com: could not connect to host
gaite.me: could not connect to host
gakkainavi.jp: did not receive HSTS header
gakkainavi4.com: could not connect to host
@ -1559,6 +1554,7 @@ gamehacks.me: could not connect to host
gameink.net: max-age too low: 0
gamenected.com: could not connect to host
gamenected.de: could not connect to host
gameofpwnz.com: did not receive HSTS header
gamepader.com: could not connect to host
gameparade.de: could not connect to host
gamepiece.com: could not connect to host
@ -1668,7 +1664,6 @@ gogold-g.com: could not connect to host
gold24.in: did not receive HSTS header
goldendata.io: could not connect to host
golocal-media.de: did not receive HSTS header
gonkar.com: did not receive HSTS header
gonzalosanchez.mx: could not connect to host
goodenough.nz: did not receive HSTS header
goodwin43.ru: could not connect to host
@ -1685,6 +1680,7 @@ gov.ax: could not connect to host
govillemo.ca: did not receive HSTS header
gozel.com.tr: did not receive HSTS header
gparent.org: did not receive HSTS header
gpfclan.de: could not connect to host
gpsfix.cz: could not connect to host
gpstuner.com: did not receive HSTS header
gracesofgrief.com: max-age too low: 86400
@ -1741,6 +1737,7 @@ gyboche.science: could not connect to host
gycis.me: could not connect to host
gypthecat.com: max-age too low: 604800
gyz.io: could not connect to host
gzitech.com: could not connect to host
h2check.org: could not connect to host
haarkliniek.com: did not receive HSTS header
habanaavenue.com: did not receive HSTS header
@ -1762,6 +1759,7 @@ haitschi.net: could not connect to host
haitschi.org: could not connect to host
haku.moe: could not connect to host
hakugin.org: could not connect to host
halcyonsbastion.com: could not connect to host
halo.red: could not connect to host
hancc.net: could not connect to host
hanfu.la: could not connect to host
@ -1775,10 +1773,12 @@ happyfabric.me: did not receive HSTS header
happygastro.com: could not connect to host
harabuhouse.com: did not receive HSTS header
harbor-light.net: could not connect to host
hardfalcon.net: could not connect to host
hardline.xyz: could not connect to host
haribosupermix.com: could not connect to host
harmonycosmetic.com: max-age too low: 300
harristony.com: could not connect to host
hartie95.de: could not connect to host
hartmancpa.com: did not receive HSTS header
harvestrenewal.org: did not receive HSTS header
harz.cloud: could not connect to host
@ -1818,10 +1818,10 @@ hemdal.se: could not connect to host
hencagon.com: could not connect to host
henriknoerr.com: could not connect to host
hermes-net.de: could not connect to host
herpaderp.net: did not receive HSTS header
herrenfahrt.com: did not receive HSTS header
herzbotschaft.de: did not receive HSTS header
heutger.net: did not receive HSTS header
heywoodtown.co.uk: could not connect to host
hibilog.com: could not connect to host
hicn.gq: could not connect to host
hiddendepth.ie: max-age too low: 0
@ -1883,7 +1883,6 @@ hu.search.yahoo.com: did not receive HSTS header
huarongdao.com: did not receive HSTS header
hugocollignon.fr: could not connect to host
hugosleep.com.au: did not receive HSTS header
humankode.com: did not receive HSTS header
humblefinances.com: could not connect to host
humeurs.net: could not connect to host
humpteedumptee.in: did not receive HSTS header
@ -1899,7 +1898,6 @@ hyper69.com: did not receive HSTS header
i-jp.net: could not connect to host
i-partners.sk: did not receive HSTS header
iamokay.nl: did not receive HSTS header
iamusingtheinter.net: could not connect to host
iamveto.com: could not connect to host
iapws.com: did not receive HSTS header
iban.is: could not connect to host
@ -1910,7 +1908,7 @@ ichnichtskaufmann.de: could not connect to host
ichoosebtec.com: could not connect to host
icpc2016.in.th: could not connect to host
icreative.nl: did not receive HSTS header
ictual.com: could not connect to host
ictual.com: max-age too low: 0
id-co.in: could not connect to host
id-conf.com: could not connect to host
idacmedia.com: max-age too low: 5184000
@ -2001,7 +1999,6 @@ instacart.com: did not receive HSTS header
instantdev.io: could not connect to host
instela.com: did not receive HSTS header
institutoflordelavida.com: could not connect to host
institutolancaster.com: could not connect to host
intel.li: could not connect to host
intelldynamics.com: could not connect to host
interference.io: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -2055,7 +2052,6 @@ itriskltd.com: could not connect to host
itsadog.co.uk: did not receive HSTS header
itsagadget.com: did not receive HSTS header
itsamurai.ru: max-age too low: 2592000
itsatrap.nl: could not connect to host
itsecurityassurance.pw: could not connect to host
itsg-faq.de: could not connect to host
itshost.ru: could not connect to host
@ -2069,7 +2065,6 @@ izzzorgconcerten.nl: could not connect to host
ja-publications.com: did not receive HSTS header
jabbari.io: did not receive HSTS header
jackalworks.com: could not connect to host
jackyyf.com: could not connect to host
jacobparry.ca: did not receive HSTS header
jagido.de: did not receive HSTS header
jahliveradio.com: could not connect to host
@ -2107,7 +2102,7 @@ jasonroe.me: did not receive HSTS header
jasonsansone.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
jastoria.pl: could not connect to host
jayblock.com: did not receive HSTS header
jayschulman.com: could not connect to host
jayschulman.com: did not receive HSTS header
jayscoaching.com: did not receive HSTS header
jayshao.com: did not receive HSTS header
jazzinutrecht.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -2191,7 +2186,6 @@ juwairen.cn: did not receive HSTS header
jvoice.net: could not connect to host
jwilsson.me: could not connect to host
jxm.in: could not connect to host
jyoti-fairworks.org: could not connect to host
jznet.org: max-age too low: 86400
k-dev.de: could not connect to host
ka-clan.com: could not connect to host
@ -2208,7 +2202,7 @@ kaneo-gmbh.de: did not receive HSTS header
kaplatz.is: could not connect to host
kapucini.si: max-age too low: 0
karaoketonight.com: could not connect to host
kasilag.me: could not connect to host
kasilag.me: did not receive HSTS header
katiaetdavid.fr: could not connect to host
katproxy.online: could not connect to host
katproxy.site: could not connect to host
@ -2233,12 +2227,12 @@ kenderbeton-magyarorszag.hu: did not receive HSTS header
kenderbetonmagyarorszag.hu: did not receive HSTS header
kenderhaz-magyarorszag.hu: did not receive HSTS header
kenderhazmagyarorszag.hu: did not receive HSTS header
kennethlim.me: did not receive HSTS header
kerangalam.com: could not connect to host
kerksanders.nl: did not receive HSTS header
kermadec.net: could not connect to host
kernl.us: did not receive HSTS header
keymaster.lookout.com: did not receive HSTS header
kg-rating.com: could not connect to host
kgxtech.com: max-age too low: 2592000
ki-on.net: did not receive HSTS header
kickass.al: could not connect to host
@ -2305,7 +2299,6 @@ krayx.com: could not connect to host
kreavis.com: did not receive HSTS header
kredite.sale: could not connect to host
kriegt.es: could not connect to host
kristikala.nl: could not connect to host
kristofferkoch.com: could not connect to host
krmela.com: could not connect to host
kroetenfuchs.de: could not connect to host
@ -2324,6 +2317,7 @@ kupelne-ptacek.sk: did not receive HSTS header
kuppingercole.com: did not receive HSTS header
kura.io: could not connect to host
kurehun.org: could not connect to host
kurofuku.me: could not connect to host
kurtmclester.com: did not receive HSTS header
kusaka-abacus.jp: max-age too low: 0
kweddingplanning.com: did not receive HSTS header
@ -2342,6 +2336,7 @@ labordata.io: did not receive HSTS header
labrador-retrievers.com.au: did not receive HSTS header
labs.moscow: did not receive HSTS header
lachlankidson.net: did not receive HSTS header
lacledeslan.com: could not connect to host
lacledeslan.ninja: could not connect to host
lacocinadelila.com: did not receive HSTS header
ladbroke.net: did not receive HSTS header
@ -2368,6 +2363,7 @@ lavval.com: could not connect to host
lawformt.com: could not connect to host
laxatus.com: did not receive HSTS header
laxiongames.es: could not connect to host
laylo.nl: did not receive HSTS header
lbrt.xyz: could not connect to host
ldarby.me.uk: could not connect to host
leadership9.com: could not connect to host
@ -2400,7 +2396,6 @@ les-corsaires.net: could not connect to host
lesdouceursdeliyana.com: could not connect to host
lesperlesdunet.fr: could not connect to host
letras.mus.br: did not receive HSTS header
lets.ninja: could not connect to host
letsmultiplayerplay.com: did not receive HSTS header
letustravel.tk: could not connect to host
levelum.com: did not receive HSTS header
@ -2463,6 +2458,7 @@ litespeed.io: could not connect to host
livedemo.io: could not connect to host
livej.am: could not connect to host
livi.co: did not receive HSTS header
lnoldan.com: could not connect to host
loadingdeck.com: did not receive HSTS header
loadso.me: could not connect to host
loafbox.com: could not connect to host
@ -2555,7 +2551,6 @@ maildragon.com: could not connect to host
mailhost.it: could not connect to host
makeitdynamic.com: could not connect to host
makerstuff.net: did not receive HSTS header
makeuplove.nl: could not connect to host
malerversand.de: did not receive HSTS header
malfait.nl: could not connect to host
malkaso.com.ua: could not connect to host
@ -2830,6 +2825,7 @@ mycollab.net: could not connect to host
mycoted.com: did not receive HSTS header
mydeos.com: could not connect to host
mydigipass.com: did not receive HSTS header
myg21.com: max-age too low: 0
mygate.at: could not connect to host
mygdut.com: did not receive HSTS header
mygov.scot: did not receive HSTS header
@ -2844,8 +2840,7 @@ mypension.ca: could not connect to host
myphonebox.de: could not connect to host
myraytech.net: did not receive HSTS header
mysecretrewards.com: did not receive HSTS header
mystery-science-theater-3000.de: could not connect to host
mythslegendscollection.com: did not receive HSTS header
mystery-science-theater-3000.de: did not receive HSTS header
myvirtualserver.com: max-age too low: 2592000
myzone.com: did not receive HSTS header
n0psled.nl: could not connect to host
@ -2888,8 +2883,6 @@ ncc60205.info: could not connect to host
ncpc.gov: could not connect to host
nct.org.uk: max-age too low: 1
nctx.co.uk: did not receive HSTS header
ndtblog.com: could not connect to host
ndtmarket.place: could not connect to host
near.st: did not receive HSTS header
neel.ch: could not connect to host
neels.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -2946,7 +2939,7 @@ nightx.uk: could not connect to host
niho.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
nikomo.fi: could not connect to host
ninchisho-online.com: did not receive HSTS header
ninhs.org: could not connect to host
ninhs.org: did not receive HSTS header
nippler.org: did not receive HSTS header
nippombashi.net: did not receive HSTS header
nipponcareers.com: did not receive HSTS header
@ -2954,7 +2947,6 @@ nixien.fr: could not connect to host
nkinka.de: did not receive HSTS header
nlegall.fr: did not receive HSTS header
nmctest.net: could not connect to host
nnote.net: could not connect to host
nnya.cat: could not connect to host
no17sifangjie.cc: could not connect to host
nocallaghan.com: could not connect to host
@ -2983,10 +2975,8 @@ novacoast.com: did not receive HSTS header
novatrucking.de: could not connect to host
nowak.ninja: did not receive HSTS header
noworrywp.com: could not connect to host
noxlogic.nl: could not connect to host
nozoe.jp: did not receive HSTS header
np.search.yahoo.com: did not receive HSTS header
npm.li: could not connect to host
npol.de: could not connect to host
nqesh.com: could not connect to host
ntbs.pro: could not connect to host
@ -3082,7 +3072,7 @@ oogartsennet.nl: could not connect to host
ookjesprookje.nl: could not connect to host
ooonja.de: could not connect to host
oopsmycase.com: could not connect to host
oost.io: could not connect to host
oost.io: did not receive HSTS header
open-mx.de: could not connect to host
open-to-repair.fr: did not receive HSTS header
opendesk.cc: did not receive HSTS header
@ -3178,6 +3168,7 @@ parpaing-paillette.net: could not connect to host
particonpsplus.it: did not receive HSTS header
partijtjevoordevrijheid.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
partou.de: did not receive HSTS header
partyvan.io: could not connect to host
partyvan.it: could not connect to host
partyvan.moe: could not connect to host
partyvan.nl: could not connect to host
@ -3249,9 +3240,11 @@ php-bach.org: could not connect to host
phpfashion.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
phurl.de: could not connect to host
phus.lu: did not receive HSTS header
physicalist.com: could not connect to host
pickr.co: could not connect to host
picotronic.biz: could not connect to host
picscare.co.uk: did not receive HSTS header
picsto.re: did not receive HSTS header
pieperhome.de: could not connect to host
piggott.me.uk: did not receive HSTS header
pilgermaske.org: did not receive HSTS header
@ -3267,6 +3260,7 @@ pirati.cz: max-age too low: 604800
pirlitu.com: did not receive HSTS header
pisexy.me: did not receive HSTS header
pisidia.de: could not connect to host
pittaya.com: could not connect to host
pittonpreschool.com: did not receive HSTS header
pixel.google.com: did not receive HSTS header (error ignored - included regardless)
pixelcode.com.au: could not connect to host
@ -3275,7 +3269,6 @@ pixi.chat: could not connect to host
pixi.me: could not connect to host
pj83.duckdns.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
pk.search.yahoo.com: did not receive HSTS header
pkgt.de: could not connect to host
placefade.com: could not connect to host
placollection.org: could not connect to host
plaettliaktion.ch: did not receive HSTS header
@ -3316,9 +3309,12 @@ pompompoes.com: could not connect to host
pontualcomp.com: max-age too low: 2592000
poolsandstuff.com: did not receive HSTS header
poon.tech: could not connect to host
porno-gif.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
portalplatform.net: did not receive HSTS header
portalzine.de: did not receive HSTS header
poshpak.com: max-age too low: 86400
postcodewise.co.uk: did not receive HSTS header
posterspy.com: did not receive HSTS header
postscheduler.org: could not connect to host
posylka.de: did not receive HSTS header
poussinooz.fr: could not connect to host
@ -3363,7 +3359,6 @@ propactrading.com: could not connect to host
prosocialmachines.com: could not connect to host
prosoft.sk: did not receive HSTS header
prosperident.com: did not receive HSTS header
proweser.de: could not connect to host
prowhisky.de: did not receive HSTS header
proximato.com: could not connect to host
proxybay.al: could not connect to host
@ -3411,7 +3406,6 @@ quantumcourse.org: did not receive HSTS header
quebecmailbox.com: did not receive HSTS header
queercoders.com: did not receive HSTS header
questsandrewards.com: could not connect to host
quickboysvrouwen2.nl: did not receive HSTS header
quli.nl: did not receive HSTS header
quotehex.com: could not connect to host
quranserver.net: could not connect to host
@ -3441,6 +3435,7 @@ raspass.me: could not connect to host
rastreador.com.es: did not receive HSTS header
ratajczak.fr: could not connect to host
rate-esport.de: could not connect to host
rationalism.com: could not connect to host
raulfraile.net: could not connect to host
raven.lipetsk.ru: could not connect to host
rawet.se: did not receive HSTS header
@ -3470,7 +3465,6 @@ redirectman.com: did not receive HSTS header
redlatam.org: did not receive HSTS header
redmbk.com: did not receive HSTS header
redports.org: could not connect to host
refitplanner.com: could not connect to host
regaloaks.com: did not receive HSTS header
regalpalms.com: did not receive HSTS header
regenbogenwald.de: did not receive HSTS header
@ -3553,11 +3547,13 @@ rodosto.com: did not receive HSTS header
roeper.party: could not connect to host
roesemann.email: could not connect to host
roguelikecenter.fr: did not receive HSTS header
rolemaster.net: did not receive HSTS header
romans-place.me.uk: did not receive HSTS header
romulusapp.com: could not connect to host
ronvandordt.info: could not connect to host
ronwo.de: max-age too low: 1
room-checkin24.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
roosterpgplus.nl: could not connect to host
rootforum.org: did not receive HSTS header
rootservice.org: did not receive HSTS header
rootwpn.com: could not connect to host
@ -3626,6 +3622,7 @@ sansemea.com: did not receive HSTS header
sansonehowell.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
sarah-beckett-harpist.com: did not receive HSTS header
sarahsweetlife.com: could not connect to host
sarakas.com: could not connect to host
sarisonproductions.com: did not receive HSTS header
saruwebshop.co.za: could not connect to host
sash.pw: could not connect to host
@ -3649,6 +3646,7 @@ sazima.ru: did not receive HSTS header
sbox-archives.com: could not connect to host
sby.de: did not receive HSTS header
sc4le.com: could not connect to host
scepticism.com: could not connect to host
schadegarant.net: could not connect to host
schnell-gold.com: could not connect to host
schoop.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -3761,7 +3759,6 @@ shiftins.com: did not receive HSTS header
shiinko.com: could not connect to host
shinebijoux.com.br: could not connect to host
shinju.moe: could not connect to host
shinobi-fansub.ro: could not connect to host
shinonome-lab.eu.org: could not connect to host
shiona.xyz: could not connect to host
shocksrv.com: did not receive HSTS header
@ -3816,11 +3813,11 @@ skk.io: could not connect to host
skoda-clever-lead.de: could not connect to host
skoda-im-dialog.de: could not connect to host
skullhouse.nyc: did not receive HSTS header
skyflix.me: did not receive HSTS header
skyflix.me: could not connect to host
skyoy.com: did not receive HSTS header
slash-dev.de: did not receive HSTS header
slashand.co: did not receive HSTS header
slashem.me: could not connect to host
slashem.me: did not receive HSTS header
slattery.co: could not connect to host
sleep10.com: could not connect to host
slicketl.com: did not receive HSTS header
@ -3828,15 +3825,15 @@ slightfuture.click: could not connect to host
slix.io: could not connect to host
slope.haus: could not connect to host
slovakiana.sk: did not receive HSTS header
slowfood.es: could not connect to host
sluitkampzeist.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
slycurity.de: did not receive HSTS header
slycurity.de: could not connect to host
smart-mirror.de: did not receive HSTS header
smart-ov.nl: could not connect to host
smartcoin.com.br: could not connect to host
smartlend.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
smartofficesandsmarthomes.com: did not receive HSTS header
smartrak.co.nz: did not receive HSTS header
smartshiftme.com: could not connect to host
smatch.com: did not receive HSTS header
smdev.fr: could not connect to host
smet.us: could not connect to host
@ -3872,7 +3869,6 @@ socialspirit.com.br: did not receive HSTS header
sockeye.cc: could not connect to host
socomponents.co.uk: did not receive HSTS header
sodacore.com: could not connect to host
soe-server.com: could not connect to host
sogeek.me: did not receive HSTS header
sol-3.de: did not receive HSTS header
solidfuelappliancespares.co.uk: did not receive HSTS header
@ -3886,7 +3882,6 @@ somethingnew.xyz: could not connect to host
sonicrainboom.rocks: could not connect to host
soobi.org: did not receive HSTS header
soondy.com: did not receive HSTS header
sortaweird.net: could not connect to host
sotiran.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
sotor.de: did not receive HSTS header
soulema.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -3917,9 +3912,10 @@ speidel.com.tr: did not receive HSTS header
spencerbaer.com: could not connect to host
sperohub.io: could not connect to host
spherenix.org: could not connect to host
spibe.is: could not connect to host
spicydog.tk: could not connect to host
spiegels.nl: could not connect to host
spikeykc.me: did not receive HSTS header
spikeykc.me: could not connect to host
spillmaker.no: did not receive HSTS header
spilsbury.io: could not connect to host
spititout.it: could not connect to host
@ -3965,7 +3961,6 @@ stationnementdenuit.ca: did not receive HSTS header
statuschecks.net: could not connect to host
stayokhotelscdc-mailing.com: could not connect to host
stcomex.com: did not receive HSTS header
stderr.cc: could not connect to host
stefanweiser.de: did not receive HSTS header
stephanierxo.com: did not receive HSTS header
stephenandburns.com: did not receive HSTS header
@ -4038,7 +4033,6 @@ supereight.net: did not receive HSTS header
superiorfloridavacation.com: did not receive HSTS header
supersalescontest.nl: did not receive HSTS header
supersecurefancydomain.com: could not connect to host
superuser.fi: could not connect to host
superwally.org: could not connect to host
suprlink.net: could not connect to host
supweb.ovh: did not receive HSTS header
@ -4073,7 +4067,10 @@ syriatalk.org: could not connect to host
sysadmin.xyz: did not receive HSTS header
syso.name: could not connect to host
szaszm.tk: max-age too low: 0
t-shirts4less.nl: did not receive HSTS header
t-tz.com: could not connect to host
ta-65.com: could not connect to host
ta65.com: could not connect to host
taabe.xyz: did not receive HSTS header
tacomafia.net: did not receive HSTS header
tadigitalstore.com: could not connect to host
@ -4134,6 +4131,7 @@ temehu.com: did not receive HSTS header
tempcraft.net: could not connect to host
tendertool.nl: could not connect to host
tenni.xyz: could not connect to host
tensei-slime.com: did not receive HSTS header
tensionup.com: could not connect to host
teos.online: could not connect to host
teriiphotography.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
@ -4239,7 +4237,6 @@ timbuktutimber.com: did not receive HSTS header
timcamara.com: did not receive HSTS header
time-river.xyz: could not connect to host
timestamp.io: did not receive HSTS header
timmy.ws: did not receive HSTS header
timnash.co.uk: did not receive HSTS header
timotrans.de: did not receive HSTS header
timotrans.eu: did not receive HSTS header
@ -4256,7 +4253,6 @@ tittelbach.at: did not receive HSTS header
titties.ml: could not connect to host
tkarstens.de: did not receive HSTS header
tkn.tokyo: could not connect to host
tlach.cz: did not receive HSTS header
tlo.hosting: could not connect to host
tlo.link: did not receive HSTS header
tlo.network: could not connect to host
@ -4278,7 +4274,6 @@ todobazar.es: could not connect to host
tollmanz.com: did not receive HSTS header
tom.horse: did not receive HSTS header
tomask.info: max-age too low: 86400
tomberek.info: could not connect to host
tomeara.net: could not connect to host
tomharling.co.uk: max-age too low: 86400
tomharling.uk: max-age too low: 86400
@ -4334,6 +4329,7 @@ tsecy.com: did not receive HSTS header
tsgoc.com: did not receive HSTS header
tsrstore.gq: could not connect to host
tssouthernpower.com: max-age too low: 0
ttchan.org: could not connect to host
tuamoronline.com: could not connect to host
tubepro.de: max-age too low: 600000
tucker.wales: could not connect to host
@ -4446,7 +4442,8 @@ uy.search.yahoo.com: did not receive HSTS header
uz.search.yahoo.com: did not receive HSTS header
uzmandroid.net: could not connect to host
uzmandroid.top: could not connect to host
v2.pw: could not connect to host
v2.pw: did not receive HSTS header
v2ex.us: did not receive HSTS header
v4veedu.com: could not connect to host
vaddder.com: could not connect to host
valasi.eu: could not connect to host
@ -4469,7 +4466,7 @@ vansieleghem.com: could not connect to host
vasanth.org: did not receive HSTS header
vbulletin-russia.com: could not connect to host
vbulletinrussia.com: could not connect to host
vcdove.com: did not receive HSTS header
vcdove.com: could not connect to host
vcr.re: could not connect to host
ve3oat.ca: could not connect to host
veblen.com: could not connect to host
@ -4499,6 +4496,7 @@ vincentkooijman.at: did not receive HSTS header
vincentkooijman.nl: did not receive HSTS header
vincentpancol.com: could not connect to host
vintageheartcoffee.com: did not receive HSTS header
vinyculture.com: could not connect to host
vio.no: did not receive HSTS header
viperdns.com: could not connect to host
vipi.es: could not connect to host
@ -4510,8 +4508,8 @@ vissanum.com: did not receive HSTS header
vistarait.com: did not receive HSTS header
vitagenda.nl: could not connect to host
vitalorange.com: did not receive HSTS header
vitapingu.de: could not connect to host
viva-french.com: did not receive HSTS header
vivocloud.com: did not receive HSTS header
vlastimilburian.cz: did not receive HSTS header
vlora.city: could not connect to host
vm0.eu: did not receive HSTS header
@ -4525,6 +4523,7 @@ voidpay.com: could not connect to host
voidpay.net: could not connect to host
voidpay.org: could not connect to host
volcrado.com: did not receive HSTS header
voliere-info.nl: did not receive HSTS header
vortexhobbies.com: did not receive HSTS header
voshod.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
vosjesweb.nl: could not connect to host
@ -4662,7 +4661,6 @@ wiz.biz: could not connect to host
wlzhiyin.cn: could not connect to host
wmcuk.net: could not connect to host
wmfinanz.com: could not connect to host
wod-stavby.cz: could not connect to host
wodice.com: could not connect to host
wohnungsbau-ludwigsburg.de: did not receive HSTS header
woima.fi: max-age too low: 604800
@ -4676,6 +4674,7 @@ woording.com: could not connect to host
wootton95.com: could not connect to host
woresite.jp: did not receive HSTS header
workfone.io: did not receive HSTS header
workpermit.com.vn: did not receive HSTS header
worldsbeststory.com: did not receive HSTS header
wowapi.org: could not connect to host
wphostingspot.com: did not receive HSTS header
@ -4710,7 +4709,7 @@ www.surfeasy.com: did not receive HSTS header
www.zenpayroll.com: did not receive HSTS header
www3.info: could not connect to host
wxukang.cn: could not connect to host
wyzphoto.nl: did not receive HSTS header
wyzphoto.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no]
x2w.io: could not connect to host
xa.search.yahoo.com: did not receive HSTS header
xandocs.com: could not connect to host
@ -4828,7 +4827,6 @@ zadieheimlich.com: did not receive HSTS header
zamorano.edu: could not connect to host
zap.yt: could not connect to host
zarooba.com: could not connect to host
zary.me: did not receive HSTS header
zbigniewgalucki.eu: did not receive HSTS header
zbp.at: did not receive HSTS header
zebrababy.cn: did not receive HSTS header

27882
security/manager/ssl/nsSTSPreloadList.inc
View File

File diff suppressed because it is too large Load Diff

349
security/manager/ssl/nsSiteSecurityService.cpp
View File

@ -12,6 +12,7 @@
#include "mozilla/Assertions.h"
#include "mozilla/Base64.h"
#include "mozilla/dom/PContent.h"
#include "mozilla/dom/ToJSValue.h"
#include "mozilla/LinkedList.h"
#include "mozilla/Logging.h"
#include "mozilla/Preferences.h"
@ -19,6 +20,7 @@
#include "nsCOMArray.h"
#include "nsCRTGlue.h"
#include "nsISSLStatus.h"
#include "nsIScriptSecurityManager.h"
#include "nsISocketProvider.h"
#include "nsIURI.h"
#include "nsIX509Cert.h"
@ -58,8 +60,10 @@ const char kHPKPKeySuffix[] = ":HPKP";
NS_IMPL_ISUPPORTS(SiteHSTSState, nsISiteSecurityState, nsISiteHSTSState)
SiteHSTSState::SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
const nsCString& aStateString)
: mHostname(aHost)
, mOriginAttributes(aOriginAttributes)
, mHSTSExpireTime(0)
, mHSTSState(SecurityPropertyUnset)
, mHSTSIncludeSubdomains(false)
@ -87,11 +91,13 @@ SiteHSTSState::SiteHSTSState(const nsCString& aHost,
}
SiteHSTSState::SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aHSTSExpireTime,
SecurityPropertyState aHSTSState,
bool aHSTSIncludeSubdomains)
: mHostname(aHost)
, mOriginAttributes(aOriginAttributes)
, mHSTSExpireTime(aHSTSExpireTime)
, mHSTSState(aHSTSState)
, mHSTSIncludeSubdomains(aHSTSIncludeSubdomains)
@ -140,6 +146,16 @@ SiteHSTSState::GetIncludeSubdomains(bool* aIncludeSubdomains)
return NS_OK;
}
NS_IMETHODIMP
SiteHSTSState::GetOriginAttributes(JSContext* aCx,
JS::MutableHandle<JS::Value> aOriginAttributes)
{
if (!ToJSValue(aCx, mOriginAttributes, aOriginAttributes)) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////
NS_IMPL_ISUPPORTS(SiteHPKPState, nsISiteSecurityState, nsISiteHPKPState)
@ -165,8 +181,10 @@ SiteHPKPState::SiteHPKPState()
}
SiteHPKPState::SiteHPKPState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
const nsCString& aStateString)
: mHostname(aHost)
, mOriginAttributes(aOriginAttributes)
, mExpireTime(0)
, mState(SecurityPropertyUnset)
, mIncludeSubdomains(false)
@ -228,11 +246,13 @@ SiteHPKPState::SiteHPKPState(const nsCString& aHost,
}
SiteHPKPState::SiteHPKPState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aExpireTime,
SecurityPropertyState aState,
bool aIncludeSubdomains,
nsTArray<nsCString>& aSHA256keys)
: mHostname(aHost)
, mOriginAttributes(aOriginAttributes)
, mExpireTime(aExpireTime)
, mState(aState)
, mIncludeSubdomains(aIncludeSubdomains)
@ -305,6 +325,16 @@ SiteHPKPState::GetSha256Keys(nsISimpleEnumerator** aSha256Keys)
return NS_NewArrayEnumerator(aSha256Keys, keys);
}
NS_IMETHODIMP
SiteHPKPState::GetOriginAttributes(JSContext* aCx,
JS::MutableHandle<JS::Value> aOriginAttributes)
{
if (!ToJSValue(aCx, mOriginAttributes, aOriginAttributes)) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
////////////////////////////////////////////////////////////////////////////////
const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60;
@ -396,9 +426,19 @@ nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult)
}
static void
SetStorageKey(nsAutoCString& storageKey, const nsACString& hostname, uint32_t aType)
SetStorageKey(const nsACString& hostname, uint32_t aType,
const OriginAttributes& aOriginAttributes,
/*out*/ nsAutoCString& storageKey)
{
storageKey = hostname;
// Don't isolate by userContextId.
OriginAttributes originAttributesNoUserContext = aOriginAttributes;
originAttributesNoUserContext.mUserContextId =
nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
nsAutoCString originAttributesSuffix;
originAttributesNoUserContext.CreateSuffix(originAttributesSuffix);
storageKey.Append(originAttributesSuffix);
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
storageKey.AppendASCII(kHSTSKeySuffix);
@ -426,22 +466,27 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
bool includeSubdomains,
uint32_t flags,
SecurityPropertyState aHSTSState,
bool aIsPreload)
bool aIsPreload,
const OriginAttributes& aOriginAttributes)
{
nsAutoCString hostname(aHost);
// If max-age is zero, that's an indication to immediately remove the
// security state, so here's a shortcut.
if (!maxage) {
return RemoveStateInternal(aType, hostname, flags, aIsPreload);
return RemoveStateInternal(aType, hostname, flags, aIsPreload,
aOriginAttributes);
}
MOZ_ASSERT((aHSTSState == SecurityPropertySet ||
aHSTSState == SecurityPropertyNegative),
"HSTS State must be SecurityPropertySet or SecurityPropertyNegative");
if (aIsPreload && aOriginAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
int64_t expiretime = ExpireTimeFromMaxAge(maxage);
RefPtr<SiteHSTSState> siteState =
new SiteHSTSState(hostname, expiretime, aHSTSState, includeSubdomains);
RefPtr<SiteHSTSState> siteState = new SiteHSTSState(
hostname, aOriginAttributes, expiretime, aHSTSState, includeSubdomains);
nsAutoCString stateString;
siteState->ToString(stateString);
SSSLOG(("SSS: setting state for %s", hostname.get()));
@ -450,7 +495,7 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
? mozilla::DataStorage_Private
: mozilla::DataStorage_Persistent;
nsAutoCString storageKey;
SetStorageKey(storageKey, hostname, aType);
SetStorageKey(hostname, aType, aOriginAttributes, storageKey);
nsresult rv;
if (aIsPreload) {
SSSLOG(("SSS: storing entry for %s in dynamic preloads", hostname.get()));
@ -466,20 +511,35 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
}
NS_IMETHODIMP
nsSiteSecurityService::CacheNegativeHSTSResult(nsIURI* aSourceURI,
uint64_t aMaxAge)
nsSiteSecurityService::CacheNegativeHSTSResult(
nsIURI* aSourceURI,
uint64_t aMaxAge,
const OriginAttributes& aOriginAttributes)
{
nsAutoCString hostname;
nsresult rv = GetHost(aSourceURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, hostname.get(),
aMaxAge, false, 0, SecurityPropertyNegative, false);
aMaxAge, false, 0, SecurityPropertyNegative, false,
aOriginAttributes);
}
nsresult
nsSiteSecurityService::RemoveStateInternal(uint32_t aType,
const nsAutoCString& aHost,
uint32_t aFlags, bool aIsPreload)
nsSiteSecurityService::RemoveStateInternal(
uint32_t aType, nsIURI* aURI, uint32_t aFlags,
const OriginAttributes& aOriginAttributes)
{
nsAutoCString hostname;
GetHost(aURI, hostname);
return RemoveStateInternal(aType, hostname, aFlags, false, aOriginAttributes);
}
nsresult
nsSiteSecurityService::RemoveStateInternal(
uint32_t aType,
const nsAutoCString& aHost,
uint32_t aFlags, bool aIsPreload,
const OriginAttributes& aOriginAttributes)
{
// Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) {
@ -490,6 +550,9 @@ nsSiteSecurityService::RemoveStateInternal(uint32_t aType,
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
aType == nsISiteSecurityService::HEADER_HPKP,
NS_ERROR_NOT_IMPLEMENTED);
if (aIsPreload && aOriginAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
mozilla::DataStorageType storageType = isPrivate
@ -497,16 +560,17 @@ nsSiteSecurityService::RemoveStateInternal(uint32_t aType,
: mozilla::DataStorage_Persistent;
// If this host is in the preload list, we have to store a knockout entry.
nsAutoCString storageKey;
SetStorageKey(storageKey, aHost, aType);
SetStorageKey(aHost, aType, aOriginAttributes, storageKey);
nsCString value = mPreloadStateStorage->Get(storageKey,
mozilla::DataStorage_Persistent);
RefPtr<SiteHSTSState> dynamicState = new SiteHSTSState(aHost, value);
RefPtr<SiteHSTSState> dynamicState =
new SiteHSTSState(aHost, aOriginAttributes, value);
if (GetPreloadListEntry(aHost.get()) ||
dynamicState->mHSTSState != SecurityPropertyUnset) {
SSSLOG(("SSS: storing knockout entry for %s", aHost.get()));
RefPtr<SiteHSTSState> siteState =
new SiteHSTSState(aHost, 0, SecurityPropertyKnockout, false);
RefPtr<SiteHSTSState> siteState = new SiteHSTSState(
aHost, aOriginAttributes, 0, SecurityPropertyKnockout, false);
nsAutoCString stateString;
siteState->ToString(stateString);
nsresult rv;
@ -531,11 +595,19 @@ nsSiteSecurityService::RemoveStateInternal(uint32_t aType,
NS_IMETHODIMP
nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
uint32_t aFlags)
uint32_t aFlags,
JS::HandleValue aOriginAttributes,
JSContext* aCx, uint8_t aArgc)
{
nsAutoCString hostname;
GetHost(aURI, hostname);
return RemoveStateInternal(aType, hostname, aFlags, false);
OriginAttributes originAttributes;
if (aArgc > 0) {
// OriginAttributes were passed in.
if (!aOriginAttributes.isObject() ||
!originAttributes.Init(aCx, aOriginAttributes)) {
return NS_ERROR_INVALID_ARG;
}
}
return RemoveStateInternal(aType, aURI, aFlags, originAttributes);
}
static bool
@ -546,12 +618,39 @@ HostIsIPAddress(const nsCString& hostname)
return (prv == PR_SUCCESS);
}
NS_IMETHODIMP
nsSiteSecurityService::ProcessHeaderScriptable(
uint32_t aType,
nsIURI* aSourceURI,
const nsACString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
JS::HandleValue aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult,
JSContext* aCx,
uint8_t aArgc)
{
OriginAttributes originAttributes;
if (aArgc > 0) {
if (!aOriginAttributes.isObject() ||
!originAttributes.Init(aCx, aOriginAttributes)) {
return NS_ERROR_INVALID_ARG;
}
}
return ProcessHeader(aType, aSourceURI, aHeader, aSSLStatus, aFlags,
originAttributes, aMaxAge, aIncludeSubdomains,
aFailureResult);
}
NS_IMETHODIMP
nsSiteSecurityService::ProcessHeader(uint32_t aType,
nsIURI* aSourceURI,
const nsACString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
@ -571,19 +670,21 @@ nsSiteSecurityService::ProcessHeader(uint32_t aType,
NS_ENSURE_ARG(aSSLStatus);
return ProcessHeaderInternal(aType, aSourceURI, PromiseFlatCString(aHeader),
aSSLStatus, aFlags, aMaxAge, aIncludeSubdomains,
aFailureResult);
aSSLStatus, aFlags, aOriginAttributes, aMaxAge,
aIncludeSubdomains, aFailureResult);
}
nsresult
nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
nsIURI* aSourceURI,
const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
nsSiteSecurityService::ProcessHeaderInternal(
uint32_t aType,
nsIURI* aSourceURI,
const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
@ -635,12 +736,13 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge,
rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aOriginAttributes, aMaxAge,
aIncludeSubdomains, aFailureResult);
break;
case nsISiteSecurityService::HEADER_HPKP:
rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge,
aIncludeSubdomains, aFailureResult);
rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags,
aOriginAttributes, aMaxAge, aIncludeSubdomains,
aFailureResult);
break;
default:
MOZ_CRASH("unexpected header type");
@ -790,13 +892,15 @@ ParseSSSHeaders(uint32_t aType,
}
nsresult
nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
nsSiteSecurityService::ProcessPKPHeader(
nsIURI* aSourceURI,
const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
@ -863,7 +967,8 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
host.get(), // hostname
certList,
false, // don't store intermediates
flags)
flags,
aOriginAttributes)
!= mozilla::pkix::Success) {
return NS_ERROR_FAILURE;
}
@ -887,7 +992,7 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
// if maxAge == 0 we must delete all state, for now no hole-punching
if (maxAge == 0) {
return RemoveState(aType, aSourceURI, aFlags);
return RemoveStateInternal(aType, aSourceURI, aFlags, aOriginAttributes);
}
// clamp maxAge to the maximum set by pref
@ -937,12 +1042,12 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
int64_t expireTime = ExpireTimeFromMaxAge(maxAge);
RefPtr<SiteHPKPState> dynamicEntry =
new SiteHPKPState(host, expireTime, SecurityPropertySet,
new SiteHPKPState(host, aOriginAttributes, expireTime, SecurityPropertySet,
foundIncludeSubdomains, sha256keys);
SSSLOG(("SSS: about to set pins for %s, expires=%" PRId64 " now=%" PRId64 " maxAge=%" PRIu64 "\n",
host.get(), expireTime, PR_Now() / PR_USEC_PER_MSEC, maxAge));
rv = SetHPKPState(host.get(), *dynamicEntry, aFlags, false);
rv = SetHPKPState(host.get(), *dynamicEntry, aFlags, false, aOriginAttributes);
if (NS_FAILED(rv)) {
SSSLOG(("SSS: failed to set pins for %s\n", host.get()));
if (aFailureResult) {
@ -965,12 +1070,14 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
}
nsresult
nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
const nsCString& aHeader,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
nsSiteSecurityService::ProcessSTSHeader(
nsIURI* aSourceURI,
const nsCString& aHeader,
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
@ -1010,7 +1117,7 @@ nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
// record the successfully parsed header data.
rv = SetHSTSState(aType, hostname.get(), maxAge, foundIncludeSubdomains,
aFlags, SecurityPropertySet, false);
aFlags, SecurityPropertySet, false, aOriginAttributes);
if (NS_FAILED(rv)) {
SSSLOG(("SSS: failed to set STS state"));
if (aFailureResult) {
@ -1032,10 +1139,28 @@ nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
: NS_OK;
}
NS_IMETHODIMP
nsSiteSecurityService::IsSecureURIScriptable(uint32_t aType, nsIURI* aURI,
uint32_t aFlags,
JS::HandleValue aOriginAttributes,
bool* aCached, JSContext* aCx,
uint8_t aArgc, bool* aResult)
{
OriginAttributes originAttributes;
if (aArgc > 0) {
if (!aOriginAttributes.isObject() ||
!originAttributes.Init(aCx, aOriginAttributes)) {
return NS_ERROR_INVALID_ARG;
}
}
return IsSecureURI(aType, aURI, aFlags, originAttributes, aCached, aResult);
}
NS_IMETHODIMP
nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
uint32_t aFlags, bool* aCached,
bool* aResult)
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
bool* aCached, bool* aResult)
{
// Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
@ -1059,7 +1184,8 @@ nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
return NS_OK;
}
return IsSecureHost(aType, hostname, aFlags, aCached, aResult);
return IsSecureHost(aType, hostname, aFlags, aOriginAttributes, aCached,
aResult);
}
int STSPreloadCompare(const void *key, const void *entry)
@ -1094,10 +1220,9 @@ nsSiteSecurityService::GetPreloadListEntry(const char *aHost)
// aRequireIncludeSubdomains specifies whether we require includeSubdomains
// to be set on the entry (with the other parameters being as per IsSecureHost).
bool
nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
bool aRequireIncludeSubdomains,
uint32_t aFlags, bool* aResult,
bool* aCached)
nsSiteSecurityService::HostHasHSTSEntry(
const nsAutoCString& aHost, bool aRequireIncludeSubdomains, uint32_t aFlags,
const OriginAttributes& aOriginAttributes, bool* aResult, bool* aCached)
{
// First we check for an entry in site security storage. If that entry exists,
// we don't want to check in the preload lists. We only want to use the
@ -1111,9 +1236,14 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
: mozilla::DataStorage_Persistent;
nsAutoCString storageKey;
SSSLOG(("Seeking HSTS entry for %s", aHost.get()));
SetStorageKey(storageKey, aHost, nsISiteSecurityService::HEADER_HSTS);
SetStorageKey(aHost, nsISiteSecurityService::HEADER_HSTS, aOriginAttributes,
storageKey);
nsAutoCString preloadKey;
SetStorageKey(aHost, nsISiteSecurityService::HEADER_HSTS, OriginAttributes(),
preloadKey);
nsCString value = mSiteStateStorage->Get(storageKey, storageType);
RefPtr<SiteHSTSState> siteState = new SiteHSTSState(aHost, value);
RefPtr<SiteHSTSState> siteState =
new SiteHSTSState(aHost, aOriginAttributes, value);
if (siteState->mHSTSState != SecurityPropertyUnset) {
SSSLOG(("Found HSTS entry for %s", aHost.get()));
bool expired = siteState->IsExpired(nsISiteSecurityService::HEADER_HSTS);
@ -1137,9 +1267,10 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
// If the entry is expired and is not in either the static or dynamic
// preload lists, we can remove it.
// First, check the dynamic preload list.
value = mPreloadStateStorage->Get(storageKey,
value = mPreloadStateStorage->Get(preloadKey,
mozilla::DataStorage_Persistent);
RefPtr<SiteHSTSState> dynamicState = new SiteHSTSState(aHost, value);
RefPtr<SiteHSTSState> dynamicState =
new SiteHSTSState(aHost, aOriginAttributes, value);
if (dynamicState->mHSTSState == SecurityPropertyUnset) {
SSSLOG(("No dynamic preload - checking for static preload"));
// Now check the static preload list.
@ -1153,9 +1284,10 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
}
// Next, look in the dynamic preload list.
value = mPreloadStateStorage->Get(storageKey,
value = mPreloadStateStorage->Get(preloadKey,
mozilla::DataStorage_Persistent);
RefPtr<SiteHSTSState> dynamicState = new SiteHSTSState(aHost, value);
RefPtr<SiteHSTSState> dynamicState =
new SiteHSTSState(aHost, aOriginAttributes, value);
if (dynamicState->mHSTSState != SecurityPropertyUnset) {
SSSLOG(("Found dynamic preload entry for %s", aHost.get()));
bool expired = dynamicState->IsExpired(nsISiteSecurityService::HEADER_HSTS);
@ -1172,7 +1304,7 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
// if a dynamic preload has expired and is not in the static preload
// list, we can remove it.
if (!GetPreloadListEntry(aHost.get())) {
mPreloadStateStorage->Remove(storageKey,
mPreloadStateStorage->Remove(preloadKey,
mozilla::DataStorage_Persistent);
}
}
@ -1199,8 +1331,9 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
nsresult
nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
uint32_t aFlags, bool* aCached,
bool* aResult)
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
bool* aCached, bool* aResult)
{
// Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
@ -1240,7 +1373,8 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
CertVerifier::PinningMode::pinningEnforceTestMode;
return PublicKeyPinningService::HostHasPins(flatHost.get(),
mozilla::pkix::Now(),
enforceTestMode, *aResult);
enforceTestMode, aOriginAttributes,
*aResult);
}
// Holepunch chart.apis.google.com and subdomains.
@ -1255,7 +1389,7 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
}
// First check the exact host.
if (HostHasHSTSEntry(host, false, aFlags, aResult, aCached)) {
if (HostHasHSTSEntry(host, false, aFlags, aOriginAttributes, aResult, aCached)) {
return NS_OK;
}
@ -1280,7 +1414,8 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
// that the entry includes subdomains.
nsAutoCString subdomainString(subdomain);
if (HostHasHSTSEntry(subdomainString, true, aFlags, aResult, aCached)) {
if (HostHasHSTSEntry(subdomainString, true, aFlags, aOriginAttributes, aResult,
aCached)) {
break;
}
@ -1319,11 +1454,13 @@ bool entryStateNotOK(SiteHPKPState& state, mozilla::pkix::Time& aEvalTime) {
}
NS_IMETHODIMP
nsSiteSecurityService::GetKeyPinsForHostname(const nsACString& aHostname,
mozilla::pkix::Time& aEvalTime,
/*out*/ nsTArray<nsCString>& pinArray,
/*out*/ bool* aIncludeSubdomains,
/*out*/ bool* afound)
nsSiteSecurityService::GetKeyPinsForHostname(
const nsACString& aHostname,
mozilla::pkix::Time& aEvalTime,
const OriginAttributes& aOriginAttributes,
/*out*/ nsTArray<nsCString>& pinArray,
/*out*/ bool* aIncludeSubdomains,
/*out*/ bool* afound)
{
// Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) {
@ -1342,23 +1479,30 @@ nsSiteSecurityService::GetKeyPinsForHostname(const nsACString& aHostname,
nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHostname.get()));
nsAutoCString storageKey;
SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
SetStorageKey(host, nsISiteSecurityService::HEADER_HPKP, aOriginAttributes,
storageKey);
SSSLOG(("storagekey '%s'\n", storageKey.get()));
mozilla::DataStorageType storageType = mozilla::DataStorage_Persistent;
nsCString value = mSiteStateStorage->Get(storageKey, storageType);
// decode now
RefPtr<SiteHPKPState> foundEntry = new SiteHPKPState(host, value);
RefPtr<SiteHPKPState> foundEntry =
new SiteHPKPState(host, aOriginAttributes, value);
if (entryStateNotOK(*foundEntry, aEvalTime)) {
// not in permanent storage, try now private
value = mSiteStateStorage->Get(storageKey, mozilla::DataStorage_Private);
RefPtr<SiteHPKPState> privateEntry = new SiteHPKPState(host, value);
RefPtr<SiteHPKPState> privateEntry =
new SiteHPKPState(host, aOriginAttributes, value);
if (entryStateNotOK(*privateEntry, aEvalTime)) {
// not in private storage, try dynamic preload
value = mPreloadStateStorage->Get(storageKey,
nsAutoCString preloadKey;
SetStorageKey(host, nsISiteSecurityService::HEADER_HPKP,
OriginAttributes(), preloadKey);
value = mPreloadStateStorage->Get(preloadKey,
mozilla::DataStorage_Persistent);
RefPtr<SiteHPKPState> preloadEntry = new SiteHPKPState(host, value);
RefPtr<SiteHPKPState> preloadEntry =
new SiteHPKPState(host, aOriginAttributes, value);
if (entryStateNotOK(*preloadEntry, aEvalTime)) {
return NS_OK;
}
@ -1379,6 +1523,9 @@ nsSiteSecurityService::SetKeyPins(const nsACString& aHost,
int64_t aExpires, uint32_t aPinCount,
const char** aSha256Pins,
bool aIsPreload,
JS::HandleValue aOriginAttributes,
JSContext* aCx,
uint8_t aArgc,
/*out*/ bool* aResult)
{
// Child processes are not allowed direct access to this.
@ -1389,6 +1536,17 @@ nsSiteSecurityService::SetKeyPins(const nsACString& aHost,
NS_ENSURE_ARG_POINTER(aResult);
NS_ENSURE_ARG_POINTER(aSha256Pins);
OriginAttributes originAttributes;
if (aArgc > 1) {
// OriginAttributes were passed in.
if (!aOriginAttributes.isObject() ||
!originAttributes.Init(aCx, aOriginAttributes)) {
return NS_ERROR_INVALID_ARG;
}
}
if (aIsPreload && originAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
SSSLOG(("Top of SetKeyPins"));
@ -1405,10 +1563,9 @@ nsSiteSecurityService::SetKeyPins(const nsACString& aHost,
const nsCString& flatHost = PromiseFlatCString(aHost);
nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
RefPtr<SiteHPKPState> dynamicEntry =
new SiteHPKPState(host, aExpires, SecurityPropertySet, aIncludeSubdomains,
sha256keys);
return SetHPKPState(host.get(), *dynamicEntry, 0, aIsPreload);
RefPtr<SiteHPKPState> dynamicEntry = new SiteHPKPState(host, originAttributes,
aExpires, SecurityPropertySet, aIncludeSubdomains, sha256keys);
return SetHPKPState(host.get(), *dynamicEntry, 0, aIsPreload, originAttributes);
}
NS_IMETHODIMP
@ -1431,17 +1588,23 @@ nsSiteSecurityService::SetHSTSPreload(const nsACString& aHost,
nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, host.get(), aExpires,
aIncludeSubdomains, 0, SecurityPropertySet, true);
aIncludeSubdomains, 0, SecurityPropertySet, true,
OriginAttributes());
}
nsresult
nsSiteSecurityService::SetHPKPState(const char* aHost, SiteHPKPState& entry,
uint32_t aFlags, bool aIsPreload)
uint32_t aFlags, bool aIsPreload,
const OriginAttributes& aOriginAttributes)
{
if (aIsPreload && aOriginAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
SSSLOG(("Top of SetPKPState"));
nsAutoCString host(aHost);
nsAutoCString storageKey;
SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
SetStorageKey(host, nsISiteSecurityService::HEADER_HPKP, aOriginAttributes,
storageKey);
bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
mozilla::DataStorageType storageType = isPrivate
? mozilla::DataStorage_Private
@ -1488,15 +1651,21 @@ nsSiteSecurityService::Enumerate(uint32_t aType,
continue;
}
nsCString hostname(
nsCString origin(
StringHead(item.key(), item.key().Length() - keySuffix.Length()));
nsAutoCString hostname;
OriginAttributes originAttributes;
if (!originAttributes.PopulateFromOrigin(origin, hostname)) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsISiteSecurityState> state;
switch(aType) {
case nsISiteSecurityService::HEADER_HSTS:
state = new SiteHSTSState(hostname, item.value());
state = new SiteHSTSState(hostname, originAttributes, item.value());
break;
case nsISiteSecurityService::HEADER_HPKP:
state = new SiteHPKPState(hostname, item.value());
state = new SiteHPKPState(hostname, originAttributes, item.value());
break;
default:
MOZ_ASSERT_UNREACHABLE("SSS:Enumerate got invalid type");

56
security/manager/ssl/nsSiteSecurityService.h
View File

@ -5,6 +5,7 @@
#ifndef __nsSiteSecurityService_h__
#define __nsSiteSecurityService_h__
#include "mozilla/BasePrincipal.h"
#include "mozilla/DataStorage.h"
#include "mozilla/RefPtr.h"
#include "nsCOMPtr.h"
@ -18,6 +19,8 @@
class nsIURI;
class nsISSLStatus;
using mozilla::OriginAttributes;
// {16955eee-6c48-4152-9309-c42a465138a1}
#define NS_SITE_SECURITY_SERVICE_CID \
{0x16955eee, 0x6c48, 0x4152, \
@ -44,6 +47,7 @@ enum SecurityPropertyState {
* the public key pins of a site.
* HPKP state consists of:
* - Hostname (nsCString)
* - Origin attributes (OriginAttributes)
* - Expiry time (PRTime (aka int64_t) in milliseconds)
* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
* - An include subdomains flag (bool, default false)
@ -57,12 +61,16 @@ public:
NS_DECL_NSISITESECURITYSTATE
SiteHPKPState();
SiteHPKPState(const nsCString& aHost, const nsCString& aStateString);
SiteHPKPState(const nsCString& aHost, PRTime aExpireTime,
SecurityPropertyState aState, bool aIncludeSubdomains,
nsTArray<nsCString>& SHA256keys);
SiteHPKPState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
const nsCString& aStateString);
SiteHPKPState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aExpireTime, SecurityPropertyState aState,
bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);
nsCString mHostname;
OriginAttributes mOriginAttributes;
PRTime mExpireTime;
SecurityPropertyState mState;
bool mIncludeSubdomains;
@ -88,6 +96,7 @@ protected:
* the security state of a site. Currently only handles HSTS.
* HSTS state consists of:
* - Hostname (nsCString)
* - Origin attributes (OriginAttributes)
* - Expiry time (PRTime (aka int64_t) in milliseconds)
* - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
* - An include subdomains flag (bool, default false)
@ -99,11 +108,16 @@ public:
NS_DECL_NSISITEHSTSSTATE
NS_DECL_NSISITESECURITYSTATE
SiteHSTSState(const nsCString& aHost, const nsCString& aStateString);
SiteHSTSState(const nsCString& aHost, PRTime aHSTSExpireTime,
SecurityPropertyState aHSTSState, bool aHSTSIncludeSubdomains);
SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
const nsCString& aStateString);
SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
bool aHSTSIncludeSubdomains);
nsCString mHostname;
OriginAttributes mOriginAttributes;
PRTime mHSTSExpireTime;
SecurityPropertyState mHSTSState;
bool mHSTSIncludeSubdomains;
@ -150,30 +164,42 @@ private:
nsresult GetHost(nsIURI *aURI, nsACString &aResult);
nsresult SetHSTSState(uint32_t aType, const char* aHost, int64_t maxage,
bool includeSubdomains, uint32_t flags,
SecurityPropertyState aHSTSState, bool aIsPreload);
SecurityPropertyState aHSTSState, bool aIsPreload,
const OriginAttributes& aOriginAttributes);
nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags, uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult);
nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
uint32_t flags, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult);
uint32_t flags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult);
nsresult ProcessPKPHeader(nsIURI* aSourceURI, const nsCString& aHeader,
nsISSLStatus* aSSLStatus, uint32_t flags,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult);
nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
bool aIsPreload);
bool aIsPreload,
const OriginAttributes& aOriginAttributes);
nsresult RemoveStateInternal(uint32_t aType, nsIURI* aURI, uint32_t aFlags,
const OriginAttributes& aOriginAttributes);
nsresult RemoveStateInternal(uint32_t aType, const nsAutoCString& aHost,
uint32_t aFlags, bool aIsPreload);
uint32_t aFlags, bool aIsPreload,
const OriginAttributes& aOriginAttributes);
bool HostHasHSTSEntry(const nsAutoCString& aHost,
bool aRequireIncludeSubdomains, uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
bool* aResult, bool* aCached);
const nsSTSPreload *GetPreloadListEntry(const char *aHost);
nsresult IsSecureHost(uint32_t aType, const nsACString& aHost,
uint32_t aFlags, bool* aCached, bool* aResult);
uint32_t aFlags,
const OriginAttributes& aOriginAttributes,
bool* aCached, bool* aResult);
uint64_t mMaxMaxAge;
bool mUsePreloadList;

55
security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
View File

@ -101,3 +101,58 @@ add_task(function* () {
unrelatedURI, 0),
"example.org should still be HSTS");
});
// Test the case of processing HSTS and HPKP headers for a.pinning2.example.com
// with various originAttributes, using "Forget About Site" on example.com, and
// then checking that the platform doesn't consider the subdomain to be HSTS or
// HPKP for any originAttributes any longer. Also test that unrelated sites
// don't also get removed.
add_task(function* () {
let originAttributesList = [
{},
{ userContextId: 1 },
{ firstPartyDomain: "foo.com" },
{ userContextId: 1, firstPartyDomain: "foo.com" },
];
let unrelatedURI = Services.io.newURI("https://example.org");
for (let originAttributes of originAttributesList) {
sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
sslStatus, 0, originAttributes);
sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0,
originAttributes);
Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
0, originAttributes),
"a.pinning2.example.com should be HSTS (originAttributes case)");
Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
0, originAttributes),
"a.pinning2.example.com should be HPKP (originAttributes case)");
// Add an unrelated site to HSTS. Not HPKP because we have no valid keys.
sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI,
GOOD_MAX_AGE, sslStatus, 0, originAttributes);
Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
unrelatedURI, 0, originAttributes),
"example.org should be HSTS (originAttributes case)");
}
yield ForgetAboutSite.removeDataFromDomain("example.com");
for (let originAttributes of originAttributesList) {
Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
0, originAttributes),
"a.pinning2.example.com should not be HSTS now " +
"(originAttributes case)");
Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
0, originAttributes),
"a.pinning2.example.com should not be HPKP now " +
"(originAttributes case)");
Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
unrelatedURI, 0, originAttributes),
"example.org should still be HSTS (originAttributes case)");
}
});

2
security/manager/ssl/tests/unit/test_pinning_header_parsing.js
View File

@ -50,7 +50,7 @@ function checkPassValidPin(pinValue, settingPin, expectedMaxAge) {
}
try {
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
pinValue, sslStatus, 0, maxAge);
pinValue, sslStatus, 0, {}, maxAge);
ok(true, "Valid pin should be accepted");
} catch (e) {
ok(false, "Valid pin should have been accepted");

141
security/manager/ssl/tests/unit/test_sss_originAttributes.js Normal file
View File

@ -0,0 +1,141 @@
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
* vim: sw=2 ts=2 sts=2
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// Ensures nsISiteSecurityService APIs respects origin attributes.
do_register_cleanup(() => {
Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
Services.prefs.clearUserPref(
"security.cert_pinning.process_headers_from_non_builtin_roots");
});
const GOOD_MAX_AGE_SECONDS = 69403;
const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
const VALID_PIN = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
const BACKUP_PIN = `pin-sha256="${NON_ISSUED_KEY_HASH}";`;
const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
do_get_profile(); // must be done before instantiating nsIX509CertDB
Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
Services.prefs.setBoolPref(
"security.cert_pinning.process_headers_from_non_builtin_roots", true);
let certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu");
let sss = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
let host = "a.pinning2.example.com";
let uri = Services.io.newURI("https://" + host);
// This test re-uses certificates from pinning tests because that's easier and
// simpler than recreating new certificates, hence the slightly longer than
// necessary domain name.
let sslStatus = new FakeSSLStatus(constructCertFromFile(
"test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"));
// Check if originAttributes1 and originAttributes2 are isolated with respect
// to HSTS/HPKP storage.
function doTest(originAttributes1, originAttributes2, shouldShare) {
sss.clearAll();
for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
Ci.nsISiteSecurityService.HEADER_HPKP]) {
let header = GOOD_MAX_AGE;
if (type == Ci.nsISiteSecurityService.HEADER_HPKP) {
header += VALID_PIN + BACKUP_PIN;
}
// Set HSTS or HPKP for originAttributes1.
sss.processHeader(type, uri, header, sslStatus, 0, originAttributes1);
ok(sss.isSecureURI(type, uri, 0, originAttributes1),
"URI should be secure given original origin attributes");
equal(sss.isSecureURI(type, uri, 0, originAttributes2), shouldShare,
"URI should be secure given different origin attributes if and " +
"only if shouldShare is true");
if (!shouldShare) {
// Remove originAttributes2 from the storage.
sss.removeState(type, uri, 0, originAttributes2);
ok(sss.isSecureURI(type, uri, 0, originAttributes1),
"URI should still be secure given original origin attributes");
}
// Remove originAttributes1 from the storage.
sss.removeState(type, uri, 0, originAttributes1);
ok(!sss.isSecureURI(type, uri, 0, originAttributes1),
"URI should be not be secure after removeState");
}
// Set HPKP for originAttributes1.
sss.setKeyPins(host, false, Date.now() + 1234567890, 2,
[NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH], false,
originAttributes1);
ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0,
originAttributes1),
"URI should be secure after setKeyPins given original origin attributes");
equal(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0,
originAttributes2),
shouldShare, "URI should be secure after setKeyPins given different " +
"origin attributes if and only if shouldShare is true");
sss.clearAll();
ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0,
originAttributes1),
"URI should not be secure after clearAll");
}
function testInvalidOriginAttributes(originAttributes) {
for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
Ci.nsISiteSecurityService.HEADER_HPKP]) {
let header = GOOD_MAX_AGE;
if (type == Ci.nsISiteSecurityService.HEADER_HPKP) {
header += VALID_PIN + BACKUP_PIN;
}
let callbacks = [
() => sss.processHeader(type, uri, header, sslStatus, 0,
originAttributes),
() => sss.isSecureURI(type, uri, 0, originAttributes),
() => sss.removeState(type, uri, 0, originAttributes),
];
for (let callback of callbacks) {
throws(callback, /NS_ERROR_ILLEGAL_VALUE/,
"Should get an error with invalid origin attributes");
}
}
throws(() => sss.setKeyPins(host, false, Date.now() + 1234567890, 2,
[NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH],
false, originAttributes),
/NS_ERROR_ILLEGAL_VALUE/,
"Should get an error with invalid origin attributes");
}
function run_test() {
sss.clearAll();
let originAttributesList = [];
for (let userContextId of [0, 1, 2]) {
for (let firstPartyDomain of ["", "foo.com", "bar.com"]) {
originAttributesList.push({ userContextId, firstPartyDomain });
}
}
for (let attrs1 of originAttributesList) {
for (let attrs2 of originAttributesList) {
// SSS storage is not isolated by userContext
doTest(attrs1, attrs2,
attrs1.firstPartyDomain == attrs2.firstPartyDomain);
}
}
testInvalidOriginAttributes(undefined);
testInvalidOriginAttributes(null);
testInvalidOriginAttributes(1);
testInvalidOriginAttributes("foo");
}

2
security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
View File

@ -19,7 +19,7 @@ function check_ip(s, v, ip) {
let parsedMaxAge = {};
let parsedIncludeSubdomains = {};
s.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
"max-age=1000;includeSubdomains", sslStatus, 0,
"max-age=1000;includeSubdomains", sslStatus, 0, {},
parsedMaxAge, parsedIncludeSubdomains);
ok(!s.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
"URI should not be secure if it contains an IP address");

4
security/manager/ssl/tests/unit/test_sts_parser.js
View File

@ -17,7 +17,7 @@ function testSuccess(header, expectedMaxAge, expectedIncludeSubdomains) {
let includeSubdomains = {};
sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header,
sslStatus, 0, maxAge, includeSubdomains);
sslStatus, 0, {}, maxAge, includeSubdomains);
equal(maxAge.value, expectedMaxAge, "Did not correctly parse maxAge");
equal(includeSubdomains.value, expectedIncludeSubdomains,
@ -31,7 +31,7 @@ function testFailure(header) {
throws(() => {
sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header,
sslStatus, 0, maxAge, includeSubdomains);
sslStatus, 0, {}, maxAge, includeSubdomains);
}, "Parsed invalid header: " + header);
}

1
security/manager/ssl/tests/unit/xpcshell.ini
View File

@ -127,6 +127,7 @@ run-sequentially = hardcoded ports
tags = addons psm
[test_sss_enumerate.js]
[test_sss_eviction.js]
[test_sss_originAttributes.js]
[test_sss_readstate.js]
[test_sss_readstate_child.js]
support-files = sss_readstate_child_worker.js

2
security/manager/tools/getHSTSPreloadList.js
View File

@ -119,7 +119,7 @@ function processStsHeader(host, header, status, securityInfo) {
var sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
uri, header, sslStatus, 0, maxAge,
uri, header, sslStatus, 0, {}, maxAge,
includeSubdomains);
}
catch (e) {

8
servo/Cargo.lock generated
View File

@ -1496,8 +1496,10 @@ dependencies = [
"script_layout_interface 0.0.1",
"script_traits 0.0.1",
"servo_config 0.0.1",
"servo_geometry 0.0.1",
"servo_url 0.0.1",
"style 0.0.1",
"style_traits 0.0.1",
"webdriver_server 0.0.1",
"webrender 0.17.0 (git+https://github.com/servo/webrender)",
"webrender_traits 0.16.0 (git+https://github.com/servo/webrender)",
@ -2645,7 +2647,7 @@ dependencies = [
"heapsize_derive 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 0.9.7 (registry+https://github.com/rust-lang/crates.io-index)",
"url 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"url_serde 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"url_serde 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
@ -3110,7 +3112,7 @@ dependencies = [
[[package]]
name = "url_serde"
version = "0.1.1"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"serde 0.9.7 (registry+https://github.com/rust-lang/crates.io-index)",
@ -3609,7 +3611,7 @@ dependencies = [
"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc"
"checksum unreachable 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1f2ae5ddb18e1c92664717616dd9549dde73f539f01bd7b77c2edb2446bdff91"
"checksum url 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f5ba8a749fb4479b043733416c244fa9d1d3af3d7c23804944651c8a448cb87e"
"checksum url_serde 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c89041feeb06fab9bbf5e3b3fef87605f263e0d98ea080a500a11f41295e230"
"checksum url_serde 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "64ddbc0a67ae30778179166934129e0aeb92c5b7051d8e0b519e3bce73aff106"
"checksum user32-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4ef4711d107b21b410a3a974b1204d9accc8b10dad75d8324b5d755de1617d47"
"checksum utf-8 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a9aee9ba280438b56d1ebc5329f2094f0ff457f811eeeff0b278d75aa99db400"
"checksum utf8-ranges 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "662fab6525a98beff2921d7f61a39e7d59e0b425ebc7d0d9e66d316e55124122"

52
servo/components/constellation/constellation.rs
View File

@ -78,8 +78,8 @@ use event_loop::EventLoop;
use frame::{Frame, FrameChange, FrameState, FrameTreeIterator, FullFrameTreeIterator};
use gfx::font_cache_thread::FontCacheThread;
use gfx_traits::Epoch;
use ipc_channel::Error;
use ipc_channel::ipc::{self, IpcSender};
use ipc_channel::{Error as IpcError};
use ipc_channel::ipc::{self, IpcSender, IpcReceiver};
use ipc_channel::router::ROUTER;
use layout_traits::LayoutThreadFactory;
use log::{Log, LogLevel, LogLevelFilter, LogMetadata, LogRecord};
@ -103,6 +103,7 @@ use script_traits::{LogEntry, ServiceWorkerMsg, webdriver_msg};
use script_traits::{MozBrowserErrorType, MozBrowserEvent, WebDriverCommandMsg, WindowSizeData};
use script_traits::{SWManagerMsg, ScopeThings, WindowSizeType};
use script_traits::WebVREventMsg;
use serde::{Deserialize, Serialize};
use servo_config::opts;
use servo_config::prefs::PREFS;
use servo_rand::{Rng, SeedableRng, ServoRng, random};
@ -145,7 +146,7 @@ pub struct Constellation<Message, LTF, STF> {
/// A channel for the constellation to receive messages from script threads.
/// This is the constellation's view of `script_sender`.
script_receiver: Receiver<FromScriptMsg>,
script_receiver: Receiver<Result<FromScriptMsg, IpcError>>,
/// An IPC channel for layout threads to send messages to the constellation.
/// This is the layout threads' view of `layout_receiver`.
@ -153,7 +154,7 @@ pub struct Constellation<Message, LTF, STF> {
/// A channel for the constellation to receive messages from layout threads.
/// This is the constellation's view of `layout_sender`.
layout_receiver: Receiver<FromLayoutMsg>,
layout_receiver: Receiver<Result<FromLayoutMsg, IpcError>>,
/// A channel for the constellation to receive messages from the compositor thread.
compositor_receiver: Receiver<FromCompositorMsg>,
@ -206,7 +207,7 @@ pub struct Constellation<Message, LTF, STF> {
/// A channel for the constellation to receive messages from the
/// Service Worker Manager thread. This is the constellation's view of
/// `swmanager_sender`.
swmanager_receiver: Receiver<SWManagerMsg>,
swmanager_receiver: Receiver<Result<SWManagerMsg, IpcError>>,
/// A channel for the constellation to send messages to the
/// time profiler thread.
@ -468,6 +469,20 @@ fn log_entry(record: &LogRecord) -> Option<LogEntry> {
/// The number of warnings to include in each crash report.
const WARNINGS_BUFFER_SIZE: usize = 32;
/// Route an ipc receiver to an mpsc receiver, preserving any errors.
/// This is the same as `route_ipc_receiver_to_new_mpsc_receiver`,
/// but does not panic on deserializtion errors.
fn route_ipc_receiver_to_new_mpsc_receiver_preserving_errors<T>(ipc_receiver: IpcReceiver<T>)
-> Receiver<Result<T, IpcError>>
where T: Deserialize + Serialize + Send + 'static
{
let (mpsc_sender, mpsc_receiver) = channel();
ROUTER.add_route(ipc_receiver.to_opaque(), Box::new(move |message| {
drop(mpsc_sender.send(message.to::<T>()))
}));
mpsc_receiver
}
impl<Message, LTF, STF> Constellation<Message, LTF, STF>
where LTF: LayoutThreadFactory<Message=Message>,
STF: ScriptThreadFactory<Message=Message>
@ -482,12 +497,12 @@ impl<Message, LTF, STF> Constellation<Message, LTF, STF>
thread::Builder::new().name("Constellation".to_owned()).spawn(move || {
let (ipc_script_sender, ipc_script_receiver) = ipc::channel().expect("ipc channel failure");
let script_receiver = ROUTER.route_ipc_receiver_to_new_mpsc_receiver(ipc_script_receiver);
let script_receiver = route_ipc_receiver_to_new_mpsc_receiver_preserving_errors(ipc_script_receiver);
let (ipc_layout_sender, ipc_layout_receiver) = ipc::channel().expect("ipc channel failure");
let layout_receiver = ROUTER.route_ipc_receiver_to_new_mpsc_receiver(ipc_layout_receiver);
let layout_receiver = route_ipc_receiver_to_new_mpsc_receiver_preserving_errors(ipc_layout_receiver);
let swmanager_receiver = ROUTER.route_ipc_receiver_to_new_mpsc_receiver(swmanager_receiver);
let swmanager_receiver = route_ipc_receiver_to_new_mpsc_receiver_preserving_errors(swmanager_receiver);
PipelineNamespace::install(PipelineNamespaceId(0));
@ -776,13 +791,24 @@ impl<Message, LTF, STF> Constellation<Message, LTF, STF>
let receiver_from_swmanager = &self.swmanager_receiver;
select! {
msg = receiver_from_script.recv() =>
Request::Script(msg.expect("Unexpected script channel panic in constellation")),
msg.expect("Unexpected script channel panic in constellation").map(Request::Script),
msg = receiver_from_compositor.recv() =>
Request::Compositor(msg.expect("Unexpected compositor channel panic in constellation")),
Ok(Request::Compositor(msg.expect("Unexpected compositor channel panic in constellation"))),
msg = receiver_from_layout.recv() =>
Request::Layout(msg.expect("Unexpected layout channel panic in constellation")),
msg.expect("Unexpected layout channel panic in constellation").map(Request::Layout),
msg = receiver_from_swmanager.recv() =>
Request::FromSWManager(msg.expect("Unexpected panic channel panic in constellation"))
msg.expect("Unexpected panic channel panic in constellation").map(Request::FromSWManager)
}
};
let request = match request {
Ok(request) => request,
Err(err) => {
// Treat deserialization error the same as receiving a panic message
debug!("Deserialization failed ({:?}).", err);
let reason = format!("Deserialization failed ({})", err);
let root_frame_id = self.root_frame_id;
return self.handle_panic(root_frame_id, reason, None);
}
};
@ -1228,7 +1254,7 @@ impl<Message, LTF, STF> Constellation<Message, LTF, STF>
self.pipelines.remove(&pipeline_id);
}
fn handle_send_error(&mut self, pipeline_id: PipelineId, err: Error) {
fn handle_send_error(&mut self, pipeline_id: PipelineId, err: IpcError) {
// Treat send error the same as receiving a panic message
debug!("Pipeline {:?} send error ({}).", pipeline_id, err);
let top_level_frame_id = self.get_top_level_frame_for_pipeline(pipeline_id);

1
servo/components/constellation/lib.rs
View File

@ -31,6 +31,7 @@ extern crate net_traits;
extern crate offscreen_gl_context;
extern crate profile_traits;
extern crate script_traits;
extern crate serde;
#[macro_use]
extern crate serde_derive;
extern crate servo_config;

17
servo/components/script/dom/bindings/codegen/CodegenRust.py
View File

@ -4035,17 +4035,14 @@ def convertConstIDLValueToRust(value):
class CGConstant(CGThing):
def __init__(self, constants):
def __init__(self, constant):
CGThing.__init__(self)
self.constants = constants
self.constant = constant
def define(self):
def stringDecl(const):
name = const.identifier.name
value = convertConstIDLValueToRust(const.value)
return CGGeneric("pub const %s: %s = %s;\n" % (name, builtinNames[const.value.type.tag()], value))
return CGIndenter(CGList(stringDecl(m) for m in self.constants)).define()
name = self.constant.identifier.name
value = convertConstIDLValueToRust(self.constant.value)
return "pub const %s: %s = %s;\n" % (name, builtinNames[self.constant.value.type.tag()], value)
def getUnionTypeTemplateVars(type, descriptorProvider):
@ -5723,10 +5720,10 @@ class CGDescriptor(CGThing):
cgThings.append(CGClassTraceHook(descriptor))
# If there are no constant members, don't make a module for constants
constMembers = [m for m in descriptor.interface.members if m.isConst()]
constMembers = [CGConstant(m) for m in descriptor.interface.members if m.isConst()]
if constMembers:
cgThings.append(CGNamespace.build([descriptor.name + "Constants"],
CGConstant(constMembers),
CGIndenter(CGList(constMembers)),
public=True))
reexports.append(descriptor.name + 'Constants')

2
servo/components/servo/Cargo.toml
View File

@ -47,8 +47,10 @@ script = {path = "../script"}
script_layout_interface = {path = "../script_layout_interface"}
script_traits = {path = "../script_traits"}
servo_config = {path = "../config"}
servo_geometry = {path = "../geometry"}
servo_url = {path = "../url"}
style = {path = "../style", features = ["servo"]}
style_traits = {path = "../style_traits", features = ["servo"]}
webvr = {path = "../webvr"}
webvr_traits = {path = "../webvr_traits"}
webdriver_server = {path = "../webdriver_server", optional = true}

4
servo/components/servo/lib.rs
View File

@ -45,8 +45,11 @@ pub extern crate script;
pub extern crate script_traits;
pub extern crate script_layout_interface;
pub extern crate servo_config;
pub extern crate servo_geometry;
pub extern crate servo_url;
pub extern crate style;
pub extern crate style_traits;
pub extern crate webrender_traits;
pub extern crate webvr;
pub extern crate webvr_traits;
@ -54,7 +57,6 @@ pub extern crate webvr_traits;
extern crate webdriver_server;
extern crate webrender;
extern crate webrender_traits;
#[cfg(feature = "webdriver")]
fn webdriver(port: u16, constellation: Sender<ConstellationMsg>) {

1
servo/components/style/build_gecko.rs
View File

@ -285,6 +285,7 @@ mod bindings {
"mozilla::PropertyStyleAnimationValuePair",
"mozilla::TraversalRootBehavior",
"mozilla::StyleShapeRadius",
"mozilla::StyleGrid.*",
".*ThreadSafe.*Holder",
"AnonymousContent",
"AudioContext",

52
servo/components/style/gecko/values.rs
View File

@ -8,13 +8,14 @@
use app_units::Au;
use cssparser::RGBA;
use gecko_bindings::structs::{nsStyleCoord, StyleShapeRadius};
use gecko_bindings::structs::{nsStyleCoord, StyleGridTrackBreadth, StyleShapeRadius};
use gecko_bindings::sugar::ns_style_coord::{CoordData, CoordDataMut, CoordDataValue};
use std::cmp::max;
use values::{Auto, Either, None_};
use values::{Auto, Either, None_, Normal};
use values::computed::{Angle, LengthOrPercentageOrNone, Number};
use values::computed::{LengthOrPercentage, LengthOrPercentageOrAuto};
use values::computed::basic_shape::ShapeRadius;
use values::specified::grid::{TrackBreadth, TrackKeyword};
/// A trait that defines an interface to convert from and to `nsStyleCoord`s.
pub trait GeckoStyleCoordConvertible : Sized {
@ -137,6 +138,39 @@ impl GeckoStyleCoordConvertible for LengthOrPercentageOrNone {
}
}
impl<L: GeckoStyleCoordConvertible> GeckoStyleCoordConvertible for TrackBreadth<L> {
fn to_gecko_style_coord<T: CoordDataMut>(&self, coord: &mut T) {
match *self {
TrackBreadth::Breadth(ref lop) => lop.to_gecko_style_coord(coord),
TrackBreadth::Flex(fr) => coord.set_value(CoordDataValue::FlexFraction(fr)),
TrackBreadth::Keyword(TrackKeyword::Auto) => coord.set_value(CoordDataValue::Auto),
TrackBreadth::Keyword(TrackKeyword::MinContent) =>
coord.set_value(CoordDataValue::Enumerated(StyleGridTrackBreadth::MinContent as u32)),
TrackBreadth::Keyword(TrackKeyword::MaxContent) =>
coord.set_value(CoordDataValue::Enumerated(StyleGridTrackBreadth::MaxContent as u32)),
}
}
fn from_gecko_style_coord<T: CoordData>(coord: &T) -> Option<Self> {
L::from_gecko_style_coord(coord).map(TrackBreadth::Breadth).or_else(|| {
match coord.as_value() {
CoordDataValue::Enumerated(v) => {
if v == StyleGridTrackBreadth::MinContent as u32 {
Some(TrackBreadth::Keyword(TrackKeyword::MinContent))
} else if v == StyleGridTrackBreadth::MaxContent as u32 {
Some(TrackBreadth::Keyword(TrackKeyword::MaxContent))
} else {
None
}
},
CoordDataValue::FlexFraction(fr) => Some(TrackBreadth::Flex(fr)),
CoordDataValue::Auto => Some(TrackBreadth::Keyword(TrackKeyword::Auto)),
_ => L::from_gecko_style_coord(coord).map(TrackBreadth::Breadth),
}
})
}
}
impl GeckoStyleCoordConvertible for ShapeRadius {
fn to_gecko_style_coord<T: CoordDataMut>(&self, coord: &mut T) {
match *self {
@ -223,6 +257,20 @@ impl GeckoStyleCoordConvertible for None_ {
}
}
impl GeckoStyleCoordConvertible for Normal {
fn to_gecko_style_coord<T: CoordDataMut>(&self, coord: &mut T) {
coord.set_value(CoordDataValue::Normal)
}
fn from_gecko_style_coord<T: CoordData>(coord: &T) -> Option<Self> {
if let CoordDataValue::Normal = coord.as_value() {
Some(Normal)
} else {
None
}
}
}
/// Convert a given RGBA value to `nscolor`.
pub fn convert_rgba_to_nscolor(rgba: &RGBA) -> u32 {
((rgba.alpha as u32) << 24) |

9
servo/components/style/gecko_bindings/structs_debug.rs
View File

@ -537,12 +537,6 @@ pub mod root {
pub const NS_STYLE_GRID_AUTO_FLOW_COLUMN: ::std::os::raw::c_uint = 2;
pub const NS_STYLE_GRID_AUTO_FLOW_DENSE: ::std::os::raw::c_uint = 4;
pub const NS_STYLE_GRID_TEMPLATE_SUBGRID: ::std::os::raw::c_uint = 0;
pub const NS_STYLE_GRID_TRACK_BREADTH_MAX_CONTENT: ::std::os::raw::c_uint
=
1;
pub const NS_STYLE_GRID_TRACK_BREADTH_MIN_CONTENT: ::std::os::raw::c_uint
=
2;
pub const NS_STYLE_GRID_REPEAT_AUTO_FILL: ::std::os::raw::c_uint = 0;
pub const NS_STYLE_GRID_REPEAT_AUTO_FIT: ::std::os::raw::c_uint = 1;
pub const NS_STYLE_WIDTH_MAX_CONTENT: ::std::os::raw::c_uint = 0;
@ -5813,6 +5807,9 @@ pub mod root {
MozGroupbox = 37,
MozPopup = 38,
}
#[repr(u8)]
#[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)]
pub enum StyleGridTrackBreadth { MaxContent = 1, MinContent = 2, }
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct WritingMode([u8; 0]);

9
servo/components/style/gecko_bindings/structs_release.rs
View File

@ -537,12 +537,6 @@ pub mod root {
pub const NS_STYLE_GRID_AUTO_FLOW_COLUMN: ::std::os::raw::c_uint = 2;
pub const NS_STYLE_GRID_AUTO_FLOW_DENSE: ::std::os::raw::c_uint = 4;
pub const NS_STYLE_GRID_TEMPLATE_SUBGRID: ::std::os::raw::c_uint = 0;
pub const NS_STYLE_GRID_TRACK_BREADTH_MAX_CONTENT: ::std::os::raw::c_uint
=
1;
pub const NS_STYLE_GRID_TRACK_BREADTH_MIN_CONTENT: ::std::os::raw::c_uint
=
2;
pub const NS_STYLE_GRID_REPEAT_AUTO_FILL: ::std::os::raw::c_uint = 0;
pub const NS_STYLE_GRID_REPEAT_AUTO_FIT: ::std::os::raw::c_uint = 1;
pub const NS_STYLE_WIDTH_MAX_CONTENT: ::std::os::raw::c_uint = 0;
@ -5653,6 +5647,9 @@ pub mod root {
MozGroupbox = 37,
MozPopup = 38,
}
#[repr(u8)]
#[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)]
pub enum StyleGridTrackBreadth { MaxContent = 1, MinContent = 2, }
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct WritingMode([u8; 0]);

46
servo/components/style/properties/gecko.mako.rs
View File

@ -628,6 +628,7 @@ impl Debug for ${style_struct.gecko_struct_name} {
# Types used with predefined_type()-defined properties that we can auto-generate.
predefined_types = {
"length::LengthOrAuto": impl_style_coord,
"length::LengthOrNormal": impl_style_coord,
"Length": impl_absolute_length,
"Position": impl_position,
"LengthOrPercentage": impl_style_coord,
@ -961,7 +962,7 @@ fn static_assert() {
<%self:impl_trait style_struct_name="Position"
skip_longhands="${skip_position_longhands} z-index box-sizing order align-content
justify-content align-self justify-self align-items
justify-items">
justify-items grid-auto-rows grid-auto-columns">
% for side in SIDES:
<% impl_split_style_coord("%s" % side.ident,
"mOffset",
@ -1083,6 +1084,36 @@ fn static_assert() {
}
% endfor
% for kind in ["rows", "columns"]:
pub fn set_grid_auto_${kind}(&mut self, v: longhands::grid_auto_rows::computed_value::T) {
use values::specified::grid::TrackSize;
match v {
TrackSize::FitContent(lop) => {
// Gecko sets min value to None and max value to the actual value in fit-content
// https://dxr.mozilla.org/mozilla-central/rev/0eef1d5/layout/style/nsRuleNode.cpp#8221
self.gecko.mGridAuto${kind.title()}Min.set_value(CoordDataValue::None);
lop.to_gecko_style_coord(&mut self.gecko.mGridAuto${kind.title()}Max);
},
TrackSize::Breadth(breadth) => {
// Set the value to both fields if there's one breadth value
// https://dxr.mozilla.org/mozilla-central/rev/0eef1d5/layout/style/nsRuleNode.cpp#8230
breadth.to_gecko_style_coord(&mut self.gecko.mGridAuto${kind.title()}Min);
breadth.to_gecko_style_coord(&mut self.gecko.mGridAuto${kind.title()}Max);
},
TrackSize::MinMax(min, max) => {
min.to_gecko_style_coord(&mut self.gecko.mGridAuto${kind.title()}Min);
max.to_gecko_style_coord(&mut self.gecko.mGridAuto${kind.title()}Max);
},
}
}
pub fn copy_grid_auto_${kind}_from(&mut self, other: &Self) {
self.gecko.mGridAuto${kind.title()}Min.copy_from(&other.gecko.mGridAuto${kind.title()}Min);
self.gecko.mGridAuto${kind.title()}Max.copy_from(&other.gecko.mGridAuto${kind.title()}Max);
}
% endfor
</%self:impl_trait>
<% skip_outline_longhands = " ".join("outline-style outline-width".split() +
@ -3011,7 +3042,7 @@ clip-path
</%self:impl_trait>
<%self:impl_trait style_struct_name="Column"
skip_longhands="column-count column-gap column-rule-width">
skip_longhands="column-count column-rule-width">
#[allow(unused_unsafe)]
pub fn set_column_count(&mut self, v: longhands::column_count::computed_value::T) {
@ -3027,17 +3058,6 @@ clip-path
${impl_simple_copy('column_count', 'mColumnCount')}
pub fn set_column_gap(&mut self, v: longhands::column_gap::computed_value::T) {
use values::Either;
match v {
Either::First(len) => self.gecko.mColumnGap.set(len),
Either::Second(_normal) => self.gecko.mColumnGap.set_value(CoordDataValue::Normal),
}
}
<%call expr="impl_coord_copy('column_gap', 'mColumnGap')"></%call>
<% impl_app_units("column_rule_width", "mColumnRuleWidth", need_clone=True,
round_to_pixels=True) %>
</%self:impl_trait>

41
servo/components/style/properties/longhand/position.mako.rs
View File

@ -255,28 +255,31 @@ ${helpers.predefined_type("object-position",
spec="https://drafts.csswg.org/css-images-3/#the-object-position",
animatable=True)}
<% grid_longhands = ["grid-row-start", "grid-row-end", "grid-column-start", "grid-column-end"] %>
% for kind in ["row", "column"]:
${helpers.predefined_type("grid-%s-gap" % kind,
"LengthOrPercentage",
"computed::LengthOrPercentage::Length(Au(0))",
spec="https://drafts.csswg.org/css-grid/#propdef-grid-%s-gap" % kind,
animatable=True,
products="gecko")}
% for longhand in grid_longhands:
${helpers.predefined_type("%s" % longhand,
"GridLine",
% for range in ["start", "end"]:
${helpers.predefined_type("grid-%s-%s" % (kind, range),
"GridLine",
"Default::default()",
animatable=False,
spec="https://drafts.csswg.org/css-grid/#propdef-grid-%s-%s" % (kind, range),
products="gecko",
boxed=True)}
% endfor
// NOTE: According to the spec, this should handle multiple values of `<track-size>`,
// but gecko supports only a single value
${helpers.predefined_type("grid-auto-%ss" % kind,
"TrackSize",
"Default::default()",
animatable=False,
spec="https://drafts.csswg.org/css-grid/#propdef-%s" % longhand,
spec="https://drafts.csswg.org/css-grid/#propdef-grid-auto-%ss" % kind,
products="gecko",
boxed=True)}
% endfor
${helpers.predefined_type("grid-row-gap",
"LengthOrPercentage",
"computed::LengthOrPercentage::Length(Au(0))",
spec="https://drafts.csswg.org/css-grid/#propdef-grid-row-gap",
animatable=True,
products="gecko")}
${helpers.predefined_type("grid-column-gap",
"LengthOrPercentage",
"computed::LengthOrPercentage::Length(Au(0))",
spec="https://drafts.csswg.org/css-grid/#propdef-grid-column-gap",
animatable=True,
products="gecko")}

7
servo/components/style/values/computed/mod.rs
View File

@ -11,6 +11,7 @@ use properties::ComputedValues;
use std::fmt;
use style_traits::ToCss;
use super::{CSSFloat, RGBA, specified};
use super::specified::grid::{TrackBreadth as GenericTrackBreadth, TrackSize as GenericTrackSize};
pub use cssparser::Color as CSSColor;
pub use self::image::{AngleOrCorner, EndingShape as GradientShape, Gradient, GradientKind, Image};
@ -326,6 +327,12 @@ impl ToCss for ClipRect {
/// rect(...) | auto
pub type ClipRectOrAuto = Either<ClipRect, Auto>;
/// The computed value of a grid `<track-breadth>`
pub type TrackBreadth = GenericTrackBreadth<LengthOrPercentage>;
/// The computed value of a grid `<track-size>`
pub type TrackSize = GenericTrackSize<LengthOrPercentage>;
impl ClipRectOrAuto {
/// Return an auto (default for clip-rect and image-region) value
pub fn auto() -> Self {

212
servo/components/style/values/specified/grid.rs
View File

@ -2,22 +2,30 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//! A grid line type.
//! Necessary types for [grid](https://drafts.csswg.org/css-grid/).
use cssparser::Parser;
use cssparser::{Parser, Token};
use parser::{Parse, ParserContext};
use std::fmt;
use style_traits::ToCss;
use values::HasViewportPercentage;
use values::computed::ComputedValueAsSpecified;
use values::{CSSFloat, HasViewportPercentage};
use values::computed::{ComputedValueAsSpecified, Context, ToComputedValue};
use values::specified::LengthOrPercentage;
#[derive(PartialEq, Clone, Debug)]
#[cfg_attr(feature = "servo", derive(HeapSizeOf))]
/// A `<grid-line>` type.
///
/// https://drafts.csswg.org/css-grid/#typedef-grid-row-start-grid-line
#[allow(missing_docs)]
pub struct GridLine {
/// Flag to check whether it's a `span` keyword.
pub is_span: bool,
/// A custom identifier for named lines.
///
/// https://drafts.csswg.org/css-grid/#grid-placement-slot
pub ident: Option<String>,
/// Denotes the nth grid line from grid item's placement.
pub integer: Option<i32>,
}
@ -97,3 +105,199 @@ impl Parse for GridLine {
impl ComputedValueAsSpecified for GridLine {}
no_viewport_percentage!(GridLine);
define_css_keyword_enum!{ TrackKeyword:
"auto" => Auto,
"max-content" => MaxContent,
"min-content" => MinContent
}
#[derive(Clone, PartialEq, Debug)]
#[cfg_attr(feature = "servo", derive(HeapSizeOf))]
/// A track breadth for explicit grid track sizing. It's generic solely to
/// avoid re-implementing it for the computed type.
///
/// https://drafts.csswg.org/css-grid/#typedef-track-breadth
pub enum TrackBreadth<L> {
/// The generic type is almost always a non-negative `<length-percentage>`
Breadth(L),
/// A flex fraction specified in `fr` units.
Flex(CSSFloat),
/// One of the track-sizing keywords (`auto`, `min-content`, `max-content`)
Keyword(TrackKeyword),
}
/// Parse a single flexible length.
pub fn parse_flex(input: &mut Parser) -> Result<CSSFloat, ()> {
match try!(input.next()) {
Token::Dimension(ref value, ref unit) if unit.to_lowercase() == "fr" && value.value.is_sign_positive()
=> Ok(value.value),
_ => Err(()),
}
}
impl Parse for TrackBreadth<LengthOrPercentage> {
fn parse(_context: &ParserContext, input: &mut Parser) -> Result<Self, ()> {
if let Ok(lop) = input.try(LengthOrPercentage::parse_non_negative) {
Ok(TrackBreadth::Breadth(lop))
} else {
if let Ok(f) = input.try(parse_flex) {
Ok(TrackBreadth::Flex(f))
} else {
TrackKeyword::parse(input).map(TrackBreadth::Keyword)
}
}
}
}
impl<L: ToCss> ToCss for TrackBreadth<L> {
fn to_css<W>(&self, dest: &mut W) -> fmt::Result where W: fmt::Write {
match *self {
TrackBreadth::Breadth(ref lop) => lop.to_css(dest),
TrackBreadth::Flex(ref value) => write!(dest, "{}fr", value),
TrackBreadth::Keyword(ref k) => k.to_css(dest),
}
}
}
impl HasViewportPercentage for TrackBreadth<LengthOrPercentage> {
#[inline]
fn has_viewport_percentage(&self) -> bool {
if let TrackBreadth::Breadth(ref lop) = *self {
lop.has_viewport_percentage()
} else {
false
}
}
}
impl<L: ToComputedValue> ToComputedValue for TrackBreadth<L> {
type ComputedValue = TrackBreadth<L::ComputedValue>;
#[inline]
fn to_computed_value(&self, context: &Context) -> Self::ComputedValue {
match *self {
TrackBreadth::Breadth(ref lop) => TrackBreadth::Breadth(lop.to_computed_value(context)),
TrackBreadth::Flex(fr) => TrackBreadth::Flex(fr),
TrackBreadth::Keyword(k) => TrackBreadth::Keyword(k),
}
}
#[inline]
fn from_computed_value(computed: &Self::ComputedValue) -> Self {
match *computed {
TrackBreadth::Breadth(ref lop) =>
TrackBreadth::Breadth(ToComputedValue::from_computed_value(lop)),
TrackBreadth::Flex(fr) => TrackBreadth::Flex(fr),
TrackBreadth::Keyword(k) => TrackBreadth::Keyword(k),
}
}
}
#[derive(Clone, PartialEq, Debug)]
#[cfg_attr(feature = "servo", derive(HeapSizeOf))]
/// A `<track-size>` type for explicit grid track sizing. Like `<track-breadth>`, this is
/// generic only to avoid code bloat. It only takes `<length-percentage>`
///
/// https://drafts.csswg.org/css-grid/#typedef-track-size
pub enum TrackSize<L> {
/// A flexible `<track-breadth>`
Breadth(TrackBreadth<L>),
/// A `minmax` function for a range over an inflexible `<track-breadth>`
/// and a flexible `<track-breadth>`
///
/// https://drafts.csswg.org/css-grid/#valdef-grid-template-columns-minmax
MinMax(TrackBreadth<L>, TrackBreadth<L>),
/// A `fit-content` function.
///
/// https://drafts.csswg.org/css-grid/#valdef-grid-template-columns-fit-content
FitContent(L),
}
impl<L> Default for TrackSize<L> {
fn default() -> Self {
TrackSize::Breadth(TrackBreadth::Keyword(TrackKeyword::Auto))
}
}
impl Parse for TrackSize<LengthOrPercentage> {
fn parse(context: &ParserContext, input: &mut Parser) -> Result<Self, ()> {
if let Ok(b) = input.try(|i| TrackBreadth::parse(context, i)) {
Ok(TrackSize::Breadth(b))
} else {
if input.try(|i| i.expect_function_matching("minmax")).is_ok() {
Ok(try!(input.parse_nested_block(|input| {
let inflexible_breadth = if let Ok(lop) = input.try(LengthOrPercentage::parse_non_negative) {
Ok(TrackBreadth::Breadth(lop))
} else {
TrackKeyword::parse(input).map(TrackBreadth::Keyword)
};
try!(input.expect_comma());
Ok(TrackSize::MinMax(try!(inflexible_breadth), try!(TrackBreadth::parse(context, input))))
})))
} else {
try!(input.expect_function_matching("fit-content"));
Ok(try!(LengthOrPercentage::parse(context, input).map(TrackSize::FitContent)))
}
}
}
}
impl<L: ToCss> ToCss for TrackSize<L> {
fn to_css<W>(&self, dest: &mut W) -> fmt::Result where W: fmt::Write {
match *self {
TrackSize::Breadth(ref b) => b.to_css(dest),
TrackSize::MinMax(ref infexible, ref flexible) => {
try!(dest.write_str("minmax("));
try!(infexible.to_css(dest));
try!(dest.write_str(","));
try!(flexible.to_css(dest));
dest.write_str(")")
},
TrackSize::FitContent(ref lop) => {
try!(dest.write_str("fit-content("));
try!(lop.to_css(dest));
dest.write_str(")")
},
}
}
}
impl HasViewportPercentage for TrackSize<LengthOrPercentage> {
#[inline]
fn has_viewport_percentage(&self) -> bool {
match *self {
TrackSize::Breadth(ref b) => b.has_viewport_percentage(),
TrackSize::MinMax(ref inf_b, ref b) => inf_b.has_viewport_percentage() || b.has_viewport_percentage(),
TrackSize::FitContent(ref lop) => lop.has_viewport_percentage(),
}
}
}
impl<L: ToComputedValue> ToComputedValue for TrackSize<L> {
type ComputedValue = TrackSize<L::ComputedValue>;
#[inline]
fn to_computed_value(&self, context: &Context) -> Self::ComputedValue {
match *self {
TrackSize::Breadth(ref b) => TrackSize::Breadth(b.to_computed_value(context)),
TrackSize::MinMax(ref b_1, ref b_2) =>
TrackSize::MinMax(b_1.to_computed_value(context), b_2.to_computed_value(context)),
TrackSize::FitContent(ref lop) => TrackSize::FitContent(lop.to_computed_value(context)),
}
}
#[inline]
fn from_computed_value(computed: &Self::ComputedValue) -> Self {
match *computed {
TrackSize::Breadth(ref b) =>
TrackSize::Breadth(ToComputedValue::from_computed_value(b)),
TrackSize::MinMax(ref b_1, ref b_2) =>
TrackSize::MinMax(ToComputedValue::from_computed_value(b_1),
ToComputedValue::from_computed_value(b_2)),
TrackSize::FitContent(ref lop) =>
TrackSize::FitContent(ToComputedValue::from_computed_value(lop)),
}
}
}

18
servo/components/style/values/specified/length.rs
View File

@ -496,10 +496,24 @@ impl Parse for Length {
}
}
impl<T> Either<Length, T> {
impl Either<Length, Normal> {
#[inline]
#[allow(missing_docs)]
pub fn parse_non_negative_length(_context: &ParserContext, input: &mut Parser) -> Result<Self, ()> {
pub fn parse_non_negative_length(context: &ParserContext, input: &mut Parser) -> Result<Self, ()> {
if input.try(|input| Normal::parse(context, input)).is_ok() {
return Ok(Either::Second(Normal));
}
Length::parse_internal(input, AllowedNumericType::NonNegative).map(Either::First)
}
}
impl Either<Length, Auto> {
#[inline]
#[allow(missing_docs)]
pub fn parse_non_negative_length(context: &ParserContext, input: &mut Parser) -> Result<Self, ()> {
if input.try(|input| Auto::parse(context, input)).is_ok() {
return Ok(Either::Second(Auto));
}
Length::parse_internal(input, AllowedNumericType::NonNegative).map(Either::First)
}
}

9
servo/components/style/values/specified/mod.rs
View File

@ -10,6 +10,7 @@ use app_units::Au;
use cssparser::{self, Parser, Token};
use euclid::size::Size2D;
use parser::{ParserContext, Parse};
use self::grid::{TrackBreadth as GenericTrackBreadth, TrackSize as GenericTrackSize};
use self::url::SpecifiedUrl;
use std::ascii::AsciiExt;
use std::f32::consts::PI;
@ -22,7 +23,7 @@ use super::computed::Shadow as ComputedShadow;
#[cfg(feature = "gecko")]
pub use self::align::{AlignItems, AlignJustifyContent, AlignJustifySelf, JustifyItems};
pub use self::grid::GridLine;
pub use self::grid::{GridLine, TrackKeyword};
pub use self::image::{AngleOrCorner, ColorStop, EndingShape as GradientEndingShape, Gradient};
pub use self::image::{GradientKind, HorizontalDirection, Image, LengthOrKeyword, LengthOrPercentageOrKeyword};
pub use self::image::{SizeKeyword, VerticalDirection};
@ -554,6 +555,12 @@ impl ToCss for Opacity {
#[allow(missing_docs)]
pub type UrlOrNone = Either<SpecifiedUrl, None_>;
/// The specified value of a grid `<track-breadth>`
pub type TrackBreadth = GenericTrackBreadth<LengthOrPercentage>;
/// The specified value of a grid `<track-size>`
pub type TrackSize = GenericTrackSize<LengthOrPercentage>;
#[derive(Debug, Clone, PartialEq)]
#[cfg_attr(feature = "servo", derive(HeapSizeOf))]
#[allow(missing_docs)]

4
servo/support/rust-task_info/src/lib.rs
View File

@ -10,9 +10,5 @@
#![crate_name = "task_info"]
#![crate_type = "rlib"]
#![feature(libc)]
extern crate libc;
pub mod task_basic_info;

5
servo/support/rust-task_info/src/task_basic_info.rs
View File

@ -10,7 +10,10 @@
//! Interface to the measurements in the task_basic_info struct, gathered by
//! invoking `task_info()` with the `TASK_BASIC_INFO` flavor.
use libc::{c_int, size_t};
use std::os::raw::c_int;
#[allow(non_camel_case_types)]
type size_t = usize;
/// Obtains task_basic_info::virtual_size.
pub fn virtual_size() -> Option<usize> {

42
servo/tests/unit/style/parsing/column.rs Normal file
View File

@ -0,0 +1,42 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use cssparser::Parser;
use media_queries::CSSErrorReporterTest;
use servo_url::ServoUrl;
use style::parser::ParserContext;
use style::stylesheets::Origin;
use style_traits::ToCss;
#[test]
fn test_column_width() {
use style::properties::longhands::column_width;
assert_roundtrip_with_context!(column_width::parse, "auto");
assert_roundtrip_with_context!(column_width::parse, "6px");
assert_roundtrip_with_context!(column_width::parse, "2.5em");
assert_roundtrip_with_context!(column_width::parse, "0.3vw");
let url = ServoUrl::parse("http://localhost").unwrap();
let context = ParserContext::new(Origin::Author, &url, Box::new(CSSErrorReporterTest));
let mut negative = Parser::new("-6px");
assert!(column_width::parse(&context, &mut negative).is_err());
}
#[test]
fn test_column_gap() {
use style::properties::longhands::column_gap;
assert_roundtrip_with_context!(column_gap::parse, "normal");
assert_roundtrip_with_context!(column_gap::parse, "6px");
assert_roundtrip_with_context!(column_gap::parse, "2.5em");
assert_roundtrip_with_context!(column_gap::parse, "0.3vw");
let url = ServoUrl::parse("http://localhost").unwrap();
let context = ParserContext::new(Origin::Author, &url, Box::new(CSSErrorReporterTest));
let mut negative = Parser::new("-6px");
assert!(column_gap::parse(&context, &mut negative).is_err());
}

1
servo/tests/unit/style/parsing/mod.rs
View File

@ -70,6 +70,7 @@ mod animation;
mod background;
mod basic_shape;
mod border;
mod column;
mod font;
mod image;
mod inherited_box;

25
toolkit/components/places/UnifiedComplete.js
View File

@ -265,6 +265,8 @@ const SQL_BOOKMARKED_TYPED_URL_QUERY = urlQuery("AND bookmarked AND h.typed = 1"
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
Cu.import("resource://gre/modules/Services.jsm");
Cu.importGlobalProperties(["fetch"]);
XPCOMUtils.defineLazyModuleGetter(this, "PlacesUtils",
"resource://gre/modules/PlacesUtils.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "TelemetryStopwatch",
@ -559,7 +561,7 @@ function PrefillSite(url, title) {
/**
* Storage object for Prefill Sites.
* add(url, title): adds a site to storage
* populate() : populates the storage with data (hard-coded for now)
* populate(sites) : populates the storage with array of [url,title]
* sites[]: resulting array of sites (PrefillSite objects)
*/
XPCOMUtils.defineLazyGetter(this, "PrefillSiteStorage", () => Object.seal({
@ -570,13 +572,10 @@ XPCOMUtils.defineLazyGetter(this, "PrefillSiteStorage", () => Object.seal({
this.sites.push(site);
},
populate() {
this.add("https://google.com/", "Google");
this.add("https://youtube.com/", "YouTube");
this.add("https://facebook.com/", "Facebook");
this.add("https://baidu.com/", "\u767E\u5EA6\u4E00\u4E0B\uFF0C\u4F60\u5C31\u77E5\u9053");
this.add("https://wikipedia.org/", "Wikipedia");
this.add("https://yahoo.com/", "Yahoo");
populate(sites) {
for (let site of sites) {
this.add(site[0], site[1]);
}
},
}));
@ -2077,7 +2076,11 @@ function UnifiedComplete() {
// to ensure the off-main-thread-IO happens ASAP
// and we don't have to wait for it when doing an autocomplete lookup
ProfileAgeCreatedPromise;
PrefillSiteStorage.populate(); // with hard-coded data for now
fetch("chrome://global/content/unifiedcomplete-top-urls.json")
.then(response => response.json())
.then(sites => PrefillSiteStorage.populate(sites))
.catch(ex => Cu.reportError(ex));
}
}
@ -2148,6 +2151,10 @@ UnifiedComplete.prototype = {
PrefillSiteStorage.add(url, title);
},
populatePrefillSiteStorage(json) {
PrefillSiteStorage.populate(json);
},
// nsIAutoCompleteSearch
startSearch(searchString, searchParam, previousResult, listener) {

2
toolkit/components/places/jar.mn Normal file
View File

@ -0,0 +1,2 @@
toolkit.jar:
content/global/unifiedcomplete-top-urls.json

2
toolkit/components/places/moz.build
View File

@ -95,3 +95,5 @@ with Files('**'):
if CONFIG['GNU_CXX']:
CXXFLAGS += ['-Wno-error=shadow']
JAR_MANIFESTS += ['jar.mn']

8
toolkit/components/places/mozIPlacesAutoComplete.idl
View File

@ -145,4 +145,12 @@ interface mozIPlacesAutoComplete : nsISupports
* The title of added site.
*/
void addPrefillSite(in AUTF8String url, in AUTF8String title);
/**
* Populate list of Prefill Sites from JSON.
*
* @param sites
* Array of [url,title] to populate from.
*/
void populatePrefillSiteStorage(in jsval sites);
};

26
toolkit/components/places/tests/unifiedcomplete/test_prefill_sites.js
View File

@ -9,6 +9,8 @@ const PREF_FEATURE_EXPIRE_DAYS = "browser.urlbar.usepreloadedtopurls.expire_days
const autocompleteObject = Cc["@mozilla.org/autocomplete/search;1?name=unifiedcomplete"]
.getService(Ci.mozIPlacesAutoComplete);
Cu.importGlobalProperties(["fetch"]);
// With or without trailing slash - no matter. URI.spec does have it always.
// Then, check_autocomplete() doesn't cut it off (uses stripPrefix()).
let yahoooURI = NetUtil.newURI("https://yahooo.com/");
@ -114,3 +116,27 @@ add_task(function* test_sorting_against_history() {
yield cleanup();
});
add_task(function* test_data_file() {
let response = yield fetch("chrome://global/content/unifiedcomplete-top-urls.json");
do_print("Source file is supplied and fetched OK");
Assert.ok(response.ok);
do_print("The JSON is parsed");
let sites = yield response.json();
do_print("Storage is populated");
autocompleteObject.populatePrefillSiteStorage(sites);
let lastSite = sites.pop();
let uri = NetUtil.newURI(lastSite[0]);
let title = lastSite[1];
do_print("Storage is populated from JSON correctly");
yield check_autocomplete({
search: uri.host.slice(1), // omit 1st letter to avoid style:"autofill" result
matches: [ { uri, title, style: ["prefill-site"] } ],
});
yield cleanup();
});

8
toolkit/components/places/unifiedcomplete-top-urls.json Normal file
View File

@ -0,0 +1,8 @@
[
["https://google.com/", "Google"],
["https://youtube.com/", "YouTube"],
["https://facebook.com/", "Facebook"],
["https://baidu.com/", "\u767E\u5EA6\u4E00\u4E0B\uFF0C\u4F60\u5C31\u77E5\u9053"],
["https://wikipedia.org/", "Wikipedia"],
["https://yahoo.com/", "Yahoo"]
]

4
toolkit/content/widgets/videocontrols.xml
View File

@ -160,7 +160,7 @@
<progress anonid="progressBar" class="progressBar" value="0" max="100" tabindex="-1"></progress>
</div>
</div>
<input type="range" anonid="scrubber" class="scrubber" tabindex="-1"/>
<input type="range" anonid="scrubber" class="scrubber" tabindex="-1" mozinputrangeignorepreventdefault="true" />
</div>
<span anonid="positionLabel" class="positionLabel" role="presentation"></span>
<span anonid="durationLabel" class="durationLabel" role="presentation"></span>
@ -174,7 +174,7 @@
unmutelabel="&muteButton.unmuteLabel;"
tabindex="-1"/>
<div anonid="volumeStack" class="volumeStack progressContainer" role="none">
<input type="range" anonid="volumeControl" class="volumeControl" min="0" max="100" step="1" tabindex="-1"/>
<input type="range" anonid="volumeControl" class="volumeControl" min="0" max="100" step="1" tabindex="-1" mozinputrangeignorepreventdefault="true" />
</div>
<button anonid="closedCaptionButton" class="closedCaptionButton"/>
<button anonid="fullscreenButton"

6
toolkit/forgetaboutsite/ForgetAboutSite.jsm
View File

@ -202,8 +202,6 @@ this.ForgetAboutSite = {
getService(Ci.nsISiteSecurityService);
for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
Ci.nsISiteSecurityService.HEADER_HPKP]) {
sss.removeState(type, httpsURI, 0);
// Also remove HSTS/HPKP information for subdomains by enumerating the
// information in the site security service.
let enumerator = sss.enumerate(type);
@ -211,10 +209,10 @@ this.ForgetAboutSite = {
let entry = enumerator.getNext();
let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
// If the hostname is aDomain's subdomain, we remove its state.
if (hostname.endsWith("." + aDomain)) {
if (hostname == aDomain || hostname.endsWith("." + aDomain)) {
// This uri is used as a key to remove the state.
let uri = caUtils.makeURI("https://" + hostname);
sss.removeState(type, uri, 0);
sss.removeState(type, uri, 0, entry.originAttributes);
}
}
}

1
widget/NativeKeyToDOMKeyName.h
View File

@ -201,6 +201,7 @@ KEY_MAP_ANDROID (Enter, AKEYCODE_NUMPAD_ENTER)
KEY_MAP_WIN (Tab, VK_TAB)
KEY_MAP_COCOA (Tab, kVK_Tab)
KEY_MAP_GTK (Tab, GDK_Tab)
KEY_MAP_GTK (Tab, GDK_ISO_Left_Tab) // Shift+Tab
KEY_MAP_GTK (Tab, GDK_KP_Tab)
KEY_MAP_ANDROID (Tab, AKEYCODE_TAB)

21
widget/android/nsWindow.cpp
View File

@ -102,6 +102,20 @@ NS_IMPL_ISUPPORTS_INHERITED0(nsWindow, nsBaseWidget)
#include "mozilla/Services.h"
#include "nsThreadUtils.h"
static TimeStamp
GetEventTimeStamp(int64_t aEventTime)
{
// Android's event time is SystemClock.uptimeMillis that is counted in ms
// since OS was booted.
// (https://developer.android.com/reference/android/os/SystemClock.html)
// and this SystemClock.uptimeMillis uses SYSTEM_TIME_MONOTONIC.
// Our posix implemententaion of TimeStamp::Now uses SYSTEM_TIME_MONOTONIC
// too. Due to same implementation, we can use this via FromSystemTime.
int64_t tick =
BaseTimeDurationPlatformUtils::TicksFromMilliseconds(aEventTime);
return TimeStamp::FromSystemTime(tick);
}
// All the toplevel windows that have been created; these are in
// stacking order, so the window at gTopLevelWindows[0] is the topmost
// one.
@ -638,7 +652,7 @@ public:
ScreenPoint origin = ScreenPoint(aX, aY);
ScrollWheelInput input(aTime, TimeStamp::Now(), GetModifiers(aMetaState),
ScrollWheelInput input(aTime, GetEventTimeStamp(aTime), GetModifiers(aMetaState),
ScrollWheelInput::SCROLLMODE_SMOOTH,
ScrollWheelInput::SCROLLDELTA_PIXEL,
origin,
@ -757,7 +771,7 @@ public:
ScreenPoint origin = ScreenPoint(aX, aY);
MouseInput input(mouseType, buttonType, nsIDOMMouseEvent::MOZ_SOURCE_MOUSE, ConvertButtons(buttons), origin, aTime, TimeStamp(), GetModifiers(aMetaState));
MouseInput input(mouseType, buttonType, nsIDOMMouseEvent::MOZ_SOURCE_MOUSE, ConvertButtons(buttons), origin, aTime, GetEventTimeStamp(aTime), GetModifiers(aMetaState));
ScrollableLayerGuid guid;
uint64_t blockId;
@ -828,7 +842,7 @@ public:
return false;
}
MultiTouchInput input(type, aTime, TimeStamp(), 0);
MultiTouchInput input(type, aTime, GetEventTimeStamp(aTime), 0);
input.modifiers = GetModifiers(aMetaState);
input.mTouches.SetCapacity(endIndex - startIndex);
@ -2530,6 +2544,7 @@ InitKeyEvent(WidgetKeyboardEvent& event,
event.mLocation =
WidgetKeyboardEvent::ComputeLocationFromCodeValue(event.mCodeNameIndex);
event.mTime = time;
event.mTimeStamp = GetEventTimeStamp(time);
}
void