From 7f1b744bf33d920e85e972ef0309b10675fbc7ff Mon Sep 17 00:00:00 2001 From: Chris Lord Date: Wed, 22 Oct 2014 18:57:02 +0100 Subject: [PATCH 01/19] Bug 1084321 - Remove b2g app meta viewport work-around. r=kats --- content/base/src/nsDocument.cpp | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp index 57cc4b98128b..26c2ba676ede 100644 --- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -7655,32 +7655,6 @@ nsDocument::GetViewportInfo(const ScreenIntSize& aDisplaySize) /*allowZoom*/true, /*allowDoubleTapZoom*/false); } - - // Bug 940036. This is bad. When FirefoxOS was built, apps installed - // where not using the AsyncPanZoom code. As a result a lot of apps - // in the marketplace does not use it yet and instead are built to - // render correctly in FirefoxOS only. For a smooth transition the above - // code force installed apps to render as if they have a viewport with - // content="width=device-width, height=device-height, user-scalable=no". - // This could be safely remove once it is known that most apps in the - // marketplace use it and that users does not use an old version of the - // app that does not use it. - nsCOMPtr docShell(mDocumentContainer); - if (docShell && docShell->GetIsApp()) { - nsString uri; - GetDocumentURI(uri); - if (!uri.EqualsLiteral("about:blank")) { - nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, - NS_LITERAL_CSTRING("DOM"), this, - nsContentUtils::eDOM_PROPERTIES, - "ImplicitMetaViewportTagFallback"); - } - mViewportType = DisplayWidthHeightNoZoom; - return nsViewportInfo(aDisplaySize, - defaultScale, - /*allowZoom*/false, - /*allowDoubleTapZoom*/false); - } } nsAutoString minScaleStr; From 6dc09988bf5d885eff7353776e7b10f429c4d21c Mon Sep 17 00:00:00 2001 From: Sid Stamm Date: Tue, 28 Jan 2014 09:26:16 -0800 Subject: [PATCH 02/19] Bug 1042135 - Change three-state DNT back to two state and update text. (r=dolske,jst,mcmanus) --HG-- extra : rebase_source : 52556477cba80e87651ce7c84a531a2de500d21a --- browser/app/profile/firefox.js | 1 - browser/components/nsBrowserGlue.js | 16 +++++++- .../preferences/in-content/privacy.js | 37 ------------------- .../preferences/in-content/privacy.xul | 32 +++++++--------- browser/components/preferences/privacy.js | 36 ------------------ browser/components/preferences/privacy.xul | 30 +++++++-------- .../chrome/browser/preferences/privacy.dtd | 4 -- dom/base/Navigator.cpp | 10 +---- .../mochitest/general/test_donottrack.html | 31 ---------------- modules/libpref/init/all.js | 5 +-- netwerk/protocol/http/nsHttpHandler.cpp | 19 ++-------- netwerk/protocol/http/nsHttpHandler.h | 1 - 12 files changed, 47 insertions(+), 175 deletions(-) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 72148374585b..aa8cd14691b3 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -1277,7 +1277,6 @@ pref("services.sync.prefs.sync.privacy.clearOnShutdown.passwords", true); pref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", true); pref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", true); pref("services.sync.prefs.sync.privacy.donottrackheader.enabled", true); -pref("services.sync.prefs.sync.privacy.donottrackheader.value", true); pref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", true); pref("services.sync.prefs.sync.privacy.trackingprotection.enabled", true); pref("services.sync.prefs.sync.security.OCSP.enabled", true); diff --git a/browser/components/nsBrowserGlue.js b/browser/components/nsBrowserGlue.js index d54260737b8b..71b12430bafe 100644 --- a/browser/components/nsBrowserGlue.js +++ b/browser/components/nsBrowserGlue.js @@ -1369,7 +1369,7 @@ BrowserGlue.prototype = { }, _migrateUI: function BG__migrateUI() { - const UI_VERSION = 24; + const UI_VERSION = 25; const BROWSER_DOCURL = "chrome://browser/content/browser.xul"; let currentUIVersion = 0; try { @@ -1617,6 +1617,20 @@ BrowserGlue.prototype = { } } + if (currentUIVersion < 25) { + // Make sure the doNotTrack value conforms to the conversion from + // three-state to two-state. (This reverts a setting of "please track me" + // to the default "don't say anything"). + try { + if (Services.prefs.getBoolPref("privacy.donottrackheader.enabled") && + Services.prefs.getIntPref("privacy.donottrackheader.value") != 1) { + Services.prefs.clearUserPref("privacy.donottrackheader.enabled"); + Services.prefs.clearUserPref("privacy.donottrackheader.value"); + } + } + catch (ex) {} + } + // Update the migration version. Services.prefs.setIntPref("browser.migration.version", UI_VERSION); }, diff --git a/browser/components/preferences/in-content/privacy.js b/browser/components/preferences/in-content/privacy.js index da6cbcc09c59..9048d9760e64 100644 --- a/browser/components/preferences/in-content/privacy.js +++ b/browser/components/preferences/in-content/privacy.js @@ -162,43 +162,6 @@ var gPrivacyPane = { document.getElementById("historyPane").selectedIndex = selectedIndex; }, - /** - * Update the Tracking preferences based on controls. - */ - setTrackingPrefs: function PPP_setTrackingPrefs() - { - let dntRadioGroup = document.getElementById("doNotTrackSelection"), - dntValuePref = document.getElementById("privacy.donottrackheader.value"), - dntEnabledPref = document.getElementById("privacy.donottrackheader.enabled"); - - // if the selected radio button says "no preference", set on/off pref to - // false and don't change the value pref. - if (dntRadioGroup.selectedItem.value == -1) { - dntEnabledPref.value = false; - return dntValuePref.value; - } - - dntEnabledPref.value = true; - return dntRadioGroup.selectedItem.value; - }, - - /** - * Obtain the tracking preference value and reflect it in the UI. - */ - getTrackingPrefs: function PPP_getTrackingPrefs() - { - // XXX avoid using bindings that might not be attached, see bug 859982 - let dntValue = Services.prefs.getIntPref("privacy.donottrackheader.value"), - dntEnabled = Services.prefs.getBoolPref("privacy.donottrackheader.enabled"); - - // if DNT is enbaled, select the value from the selected radio - // button, otherwise choose the "no preference" radio button - if (dntEnabled) - return dntValue; - - return document.getElementById("dntnopref").value; - }, - /** * Update the private browsing auto-start pref and the history mode * micro-management prefs based on the history mode menulist diff --git a/browser/components/preferences/in-content/privacy.xul b/browser/components/preferences/in-content/privacy.xul index dc27b2bd3cc5..973aeacac75f 100644 --- a/browser/components/preferences/in-content/privacy.xul +++ b/browser/components/preferences/in-content/privacy.xul @@ -13,9 +13,6 @@ - diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js index d6b2f0192a55..e933bf95123b 100644 --- a/browser/components/preferences/privacy.js +++ b/browser/components/preferences/privacy.js @@ -124,42 +124,6 @@ var gPrivacyPane = { document.getElementById("historyPane").selectedIndex = selectedIndex; }, - /** - * Update the Tracking preferences based on controls. - */ - setTrackingPrefs: function PPP_setTrackingPrefs() - { - let dntRadioGroup = document.getElementById("doNotTrackSelection"), - dntValuePref = document.getElementById("privacy.donottrackheader.value"), - dntEnabledPref = document.getElementById("privacy.donottrackheader.enabled"); - - // if the selected radio button says "no preference", set on/off pref to - // false and don't change the value pref. - if (dntRadioGroup.selectedItem.value == -1) { - dntEnabledPref.value = false; - return dntValuePref.value; - } - - dntEnabledPref.value = true; - return dntRadioGroup.selectedItem.value; - }, - - /** - * Obtain the tracking preference value and reflect it in the UI. - */ - getTrackingPrefs: function PPP_getTrackingPrefs() - { - let dntValuePref = document.getElementById("privacy.donottrackheader.value"), - dntEnabledPref = document.getElementById("privacy.donottrackheader.enabled"); - - // if DNT is enbaled, select the value from the selected radio - // button, otherwise choose the "no preference" radio button - if (dntEnabledPref.value) - return dntValuePref.value; - - return document.getElementById("dntnopref").value; - }, - /** * Update the private browsing auto-start pref and the history mode * micro-management prefs based on the history mode menulist diff --git a/browser/components/preferences/privacy.xul b/browser/components/preferences/privacy.xul index d85523d1d964..c8ee35d0c69b 100644 --- a/browser/components/preferences/privacy.xul +++ b/browser/components/preferences/privacy.xul @@ -26,9 +26,6 @@ - - - - - - - diff --git a/browser/locales/en-US/chrome/browser/preferences/privacy.dtd b/browser/locales/en-US/chrome/browser/preferences/privacy.dtd index c7d2e517bced..08360e6ad5d3 100644 --- a/browser/locales/en-US/chrome/browser/preferences/privacy.dtd +++ b/browser/locales/en-US/chrome/browser/preferences/privacy.dtd @@ -4,12 +4,8 @@ - - - - diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp index 3ef0cc9dc98b..cbabefe445f5 100644 --- a/dom/base/Navigator.cpp +++ b/dom/base/Navigator.cpp @@ -112,7 +112,6 @@ namespace mozilla { namespace dom { static bool sDoNotTrackEnabled = false; -static uint32_t sDoNotTrackValue = 1; static bool sVibratorEnabled = false; static uint32_t sMaxVibrateMS = 0; static uint32_t sMaxVibrateListLen = 0; @@ -124,9 +123,6 @@ Navigator::Init() Preferences::AddBoolVarCache(&sDoNotTrackEnabled, "privacy.donottrackheader.enabled", false); - Preferences::AddUintVarCache(&sDoNotTrackValue, - "privacy.donottrackheader.value", - 1); Preferences::AddBoolVarCache(&sVibratorEnabled, "dom.vibrator.enabled", true); Preferences::AddUintVarCache(&sMaxVibrateMS, @@ -628,11 +624,7 @@ NS_IMETHODIMP Navigator::GetDoNotTrack(nsAString &aResult) { if (sDoNotTrackEnabled) { - if (sDoNotTrackValue == 0) { - aResult.AssignLiteral("0"); - } else { - aResult.AssignLiteral("1"); - } + aResult.AssignLiteral("1"); } else { aResult.AssignLiteral("unspecified"); } diff --git a/dom/tests/mochitest/general/test_donottrack.html b/dom/tests/mochitest/general/test_donottrack.html index 4b74d44cab79..95c55d948cc8 100644 --- a/dom/tests/mochitest/general/test_donottrack.html +++ b/dom/tests/mochitest/general/test_donottrack.html @@ -14,7 +14,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=629535 + + +
+
T
+
+ + diff --git a/layout/reftests/bugs/reftest.list b/layout/reftests/bugs/reftest.list index 68f2c78e0d47..8e5c1f3c8a2b 100644 --- a/layout/reftests/bugs/reftest.list +++ b/layout/reftests/bugs/reftest.list @@ -1837,4 +1837,5 @@ fails-if(Android) == 1062792-1.html 1062792-1-ref.html test-pref(dom.webcomponents.enabled,true) == 1066554-1.html 1066554-1-ref.html == 1069716-1.html 1069716-1-ref.html == 1078262-1.html about:blank +== 1081072-1.html 1081072-1-ref.html == 1081185-1.html 1081185-1-ref.html From f7ee1527521bcde90437aea041645479d81caf14 Mon Sep 17 00:00:00 2001 From: Daniel Holbert Date: Wed, 22 Oct 2014 13:03:18 -0700 Subject: [PATCH 10/19] Bug 1084500 part 1: Refactor ComputeBackgroundAnchorPoint to take a Position & use a per-component helper method. r=seth --- layout/base/nsCSSRendering.cpp | 53 ++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/layout/base/nsCSSRendering.cpp b/layout/base/nsCSSRendering.cpp index 4f2ddde94647..5a7b7b8f99e1 100644 --- a/layout/base/nsCSSRendering.cpp +++ b/layout/base/nsCSSRendering.cpp @@ -946,15 +946,42 @@ nsCSSRendering::PaintFocus(nsPresContext* aPresContext, //---------------------------------------------------------------------- +/** + * Helper for ComputeBackgroundAnchorPoint; parameters are the same as for + * that function, except they're for a single coordinate / a single size + * dimension. (so, x/width vs. y/height) + */ +typedef nsStyleBackground::Position::PositionCoord PositionCoord; +static void +ComputeBackgroundAnchorCoord(const PositionCoord& aCoord, + const nscoord aOriginBounds, + const nscoord aImageSize, + nscoord* aTopLeftCoord, + nscoord* aAnchorPointCoord) +{ + *aAnchorPointCoord = aCoord.mLength; + *aTopLeftCoord = aCoord.mLength; + + if (aCoord.mHasPercent) { + // Adjust aTopLeftCoord by the specified % of the extra space. + nscoord extraSpace = aOriginBounds - aImageSize; + *aTopLeftCoord += NSToCoordRound(aCoord.mPercent * extraSpace); + + // The anchor-point doesn't care about our image's size; just the size + // of the region we're rendering into. + *aAnchorPointCoord += NSToCoordRound(aCoord.mPercent * aOriginBounds); + } +} + /** * Computes the placement of a background image. * + * @param aPos the CSS value that specify's the image's position. * @param aOriginBounds is the box to which the tiling position should be - * relative - * This should correspond to 'background-origin' for the frame, + * relative. This should correspond to 'background-origin' for the frame, * except when painting on the canvas, in which case the origin bounds * should be the bounds of the root element's frame. - * @param aTopLeft the top-left corner where an image tile should be drawn + * @param aTopLeft the top-left corner where an image tile should be drawn. * @param aAnchorPoint a point which should be pixel-aligned by * nsLayoutUtils::DrawImage. This is the same as aTopLeft, unless CSS * specifies a percentage (including 'right' or 'bottom'), in which case @@ -964,23 +991,19 @@ nsCSSRendering::PaintFocus(nsPresContext* aPresContext, * Points are returned relative to aOriginBounds. */ static void -ComputeBackgroundAnchorPoint(const nsStyleBackground::Layer& aLayer, +ComputeBackgroundAnchorPoint(const nsStyleBackground::Position& aPos, const nsSize& aOriginBounds, const nsSize& aImageSize, nsPoint* aTopLeft, nsPoint* aAnchorPoint) { - double percentX = aLayer.mPosition.mXPosition.mPercent; - nscoord lengthX = aLayer.mPosition.mXPosition.mLength; - aAnchorPoint->x = lengthX + NSToCoordRound(percentX*aOriginBounds.width); - aTopLeft->x = lengthX + - NSToCoordRound(percentX*(aOriginBounds.width - aImageSize.width)); + ComputeBackgroundAnchorCoord(aPos.mXPosition, + aOriginBounds.width, aImageSize.width, + &aTopLeft->x, &aAnchorPoint->x); - double percentY = aLayer.mPosition.mYPosition.mPercent; - nscoord lengthY = aLayer.mPosition.mYPosition.mLength; - aAnchorPoint->y = lengthY + NSToCoordRound(percentY*aOriginBounds.height); - aTopLeft->y = lengthY + - NSToCoordRound(percentY*(aOriginBounds.height - aImageSize.height)); + ComputeBackgroundAnchorCoord(aPos.mYPosition, + aOriginBounds.height, aImageSize.height, + &aTopLeft->y, &aAnchorPoint->y); } nsIFrame* @@ -3167,7 +3190,7 @@ nsCSSRendering::PrepareBackgroundLayer(nsPresContext* aPresContext, // Compute the position of the background now that the background's size is // determined. - ComputeBackgroundAnchorPoint(aLayer, bgPositionSize, imageSize, + ComputeBackgroundAnchorPoint(aLayer.mPosition, bgPositionSize, imageSize, &imageTopLeft, &state.mAnchor); imageTopLeft += bgPositioningArea.TopLeft(); state.mAnchor += bgPositioningArea.TopLeft(); From 01f42ffe4debc62c6e83275cb5e62a62a1128b70 Mon Sep 17 00:00:00 2001 From: Daniel Holbert Date: Wed, 22 Oct 2014 13:03:18 -0700 Subject: [PATCH 11/19] Bug 1084500 part 2: Promote & rename ComputeBackgroundAnchorPoint to nsImageRenderer::ComputeObjectAnchorPoint. r=seth --- layout/base/nsCSSRendering.cpp | 59 +++++++++++++--------------------- layout/base/nsCSSRendering.h | 23 +++++++++++++ 2 files changed, 45 insertions(+), 37 deletions(-) diff --git a/layout/base/nsCSSRendering.cpp b/layout/base/nsCSSRendering.cpp index 5a7b7b8f99e1..4ad6cfc0a3f0 100644 --- a/layout/base/nsCSSRendering.cpp +++ b/layout/base/nsCSSRendering.cpp @@ -947,17 +947,17 @@ nsCSSRendering::PaintFocus(nsPresContext* aPresContext, //---------------------------------------------------------------------- /** - * Helper for ComputeBackgroundAnchorPoint; parameters are the same as for + * Helper for ComputeObjectAnchorPoint; parameters are the same as for * that function, except they're for a single coordinate / a single size * dimension. (so, x/width vs. y/height) */ typedef nsStyleBackground::Position::PositionCoord PositionCoord; static void -ComputeBackgroundAnchorCoord(const PositionCoord& aCoord, - const nscoord aOriginBounds, - const nscoord aImageSize, - nscoord* aTopLeftCoord, - nscoord* aAnchorPointCoord) +ComputeObjectAnchorCoord(const PositionCoord& aCoord, + const nscoord aOriginBounds, + const nscoord aImageSize, + nscoord* aTopLeftCoord, + nscoord* aAnchorPointCoord) { *aAnchorPointCoord = aCoord.mLength; *aTopLeftCoord = aCoord.mLength; @@ -973,37 +973,21 @@ ComputeBackgroundAnchorCoord(const PositionCoord& aCoord, } } -/** - * Computes the placement of a background image. - * - * @param aPos the CSS value that specify's the image's position. - * @param aOriginBounds is the box to which the tiling position should be - * relative. This should correspond to 'background-origin' for the frame, - * except when painting on the canvas, in which case the origin bounds - * should be the bounds of the root element's frame. - * @param aTopLeft the top-left corner where an image tile should be drawn. - * @param aAnchorPoint a point which should be pixel-aligned by - * nsLayoutUtils::DrawImage. This is the same as aTopLeft, unless CSS - * specifies a percentage (including 'right' or 'bottom'), in which case - * it's that percentage within of aOriginBounds. So 'right' would set - * aAnchorPoint.x to aOriginBounds.XMost(). - * - * Points are returned relative to aOriginBounds. - */ -static void -ComputeBackgroundAnchorPoint(const nsStyleBackground::Position& aPos, - const nsSize& aOriginBounds, - const nsSize& aImageSize, - nsPoint* aTopLeft, - nsPoint* aAnchorPoint) +void +nsImageRenderer::ComputeObjectAnchorPoint( + const nsStyleBackground::Position& aPos, + const nsSize& aOriginBounds, + const nsSize& aImageSize, + nsPoint* aTopLeft, + nsPoint* aAnchorPoint) { - ComputeBackgroundAnchorCoord(aPos.mXPosition, - aOriginBounds.width, aImageSize.width, - &aTopLeft->x, &aAnchorPoint->x); + ComputeObjectAnchorCoord(aPos.mXPosition, + aOriginBounds.width, aImageSize.width, + &aTopLeft->x, &aAnchorPoint->x); - ComputeBackgroundAnchorCoord(aPos.mYPosition, - aOriginBounds.height, aImageSize.height, - &aTopLeft->y, &aAnchorPoint->y); + ComputeObjectAnchorCoord(aPos.mYPosition, + aOriginBounds.height, aImageSize.height, + &aTopLeft->y, &aAnchorPoint->y); } nsIFrame* @@ -3190,8 +3174,9 @@ nsCSSRendering::PrepareBackgroundLayer(nsPresContext* aPresContext, // Compute the position of the background now that the background's size is // determined. - ComputeBackgroundAnchorPoint(aLayer.mPosition, bgPositionSize, imageSize, - &imageTopLeft, &state.mAnchor); + nsImageRenderer::ComputeObjectAnchorPoint(aLayer.mPosition, + bgPositionSize, imageSize, + &imageTopLeft, &state.mAnchor); imageTopLeft += bgPositioningArea.TopLeft(); state.mAnchor += bgPositioningArea.TopLeft(); diff --git a/layout/base/nsCSSRendering.h b/layout/base/nsCSSRendering.h index 9e41c1b178b2..dfbb10ca8891 100644 --- a/layout/base/nsCSSRendering.h +++ b/layout/base/nsCSSRendering.h @@ -138,6 +138,29 @@ public: */ mozilla::CSSSizeOrRatio ComputeIntrinsicSize(); + /** + * Computes the placement of a background image. + * + * @param aPos the CSS value that specify's the image's position. + * @param aOriginBounds is the box to which the tiling position should be + * relative. This should correspond to 'background-origin' for the frame, + * except when painting on the canvas, in which case the origin bounds + * should be the bounds of the root element's frame. + * @param aTopLeft the top-left corner where an image tile should be drawn. + * @param aAnchorPoint a point which should be pixel-aligned by + * nsLayoutUtils::DrawImage. This is the same as aTopLeft, unless CSS + * specifies a percentage (including 'right' or 'bottom'), in which case + * it's that percentage within of aOriginBounds. So 'right' would set + * aAnchorPoint.x to aOriginBounds.XMost(). + * + * Points are returned relative to aOriginBounds. + */ + static void ComputeObjectAnchorPoint(const nsStyleBackground::Position& aPos, + const nsSize& aOriginBounds, + const nsSize& aImageSize, + nsPoint* aTopLeft, + nsPoint* aAnchorPoint); + /** * Compute the size of the rendered image using either the 'cover' or * 'contain' constraints (aFitType). From 4aaae25d9554353c69bd55fa32fde343ac6232a3 Mon Sep 17 00:00:00 2001 From: Daniel Holbert Date: Wed, 22 Oct 2014 13:03:19 -0700 Subject: [PATCH 12/19] Bug 1084500 part 3: Make documentation for ComputeObjectAnchorPoint cover non-background use cases. r=seth --- layout/base/nsCSSRendering.h | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/layout/base/nsCSSRendering.h b/layout/base/nsCSSRendering.h index dfbb10ca8891..0d45bd6fa83e 100644 --- a/layout/base/nsCSSRendering.h +++ b/layout/base/nsCSSRendering.h @@ -139,19 +139,23 @@ public: mozilla::CSSSizeOrRatio ComputeIntrinsicSize(); /** - * Computes the placement of a background image. + * Computes the placement for a background image, or for the image data + * inside of a replaced element. * - * @param aPos the CSS value that specify's the image's position. - * @param aOriginBounds is the box to which the tiling position should be - * relative. This should correspond to 'background-origin' for the frame, - * except when painting on the canvas, in which case the origin bounds - * should be the bounds of the root element's frame. - * @param aTopLeft the top-left corner where an image tile should be drawn. - * @param aAnchorPoint a point which should be pixel-aligned by - * nsLayoutUtils::DrawImage. This is the same as aTopLeft, unless CSS - * specifies a percentage (including 'right' or 'bottom'), in which case - * it's that percentage within of aOriginBounds. So 'right' would set - * aAnchorPoint.x to aOriginBounds.XMost(). + * @param aPos The CSS value that specifies the image's position. + * @param aOriginBounds The box to which the tiling position should be + * relative. For background images, this should correspond to + * 'background-origin' for the frame, except when painting on the + * canvas, in which case the origin bounds should be the bounds + * of the root element's frame. For a replaced element, this should + * be the element's content-box. + * @param aTopLeft [out] The top-left corner where an image tile should be + * drawn. + * @param aAnchorPoint [out] A point which should be pixel-aligned by + * nsLayoutUtils::DrawImage. This is the same as aTopLeft, unless + * CSS specifies a percentage (including 'right' or 'bottom'), in + * which case it's that percentage within of aOriginBounds. So + * 'right' would set aAnchorPoint.x to aOriginBounds.XMost(). * * Points are returned relative to aOriginBounds. */ From 2beee538394166550245caa927f9c0d4545b51f7 Mon Sep 17 00:00:00 2001 From: Jan de Mooij Date: Wed, 22 Oct 2014 21:58:25 +0200 Subject: [PATCH 13/19] Bug 1087496 - Optimize codegen for IsNullOrLikeUndefined* instructions. r=h4writer --HG-- extra : rebase_source : 4699073583913d1d471ba7f72487dac305d0eb0b --- js/src/jit/CodeGenerator.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp index 9e6512c81d92..c85de0260072 100644 --- a/js/src/jit/CodeGenerator.cpp +++ b/js/src/jit/CodeGenerator.cpp @@ -5571,9 +5571,11 @@ CodeGenerator::visitIsNullOrLikeUndefined(LIsNullOrLikeUndefined *lir) } Register tag = masm.splitTagForTest(value); - - masm.branchTestNull(Assembler::Equal, tag, nullOrLikeUndefined); - masm.branchTestUndefined(Assembler::Equal, tag, nullOrLikeUndefined); + MDefinition *input = lir->mir()->lhs(); + if (input->mightBeType(MIRType_Null)) + masm.branchTestNull(Assembler::Equal, tag, nullOrLikeUndefined); + if (input->mightBeType(MIRType_Undefined)) + masm.branchTestUndefined(Assembler::Equal, tag, nullOrLikeUndefined); if (ool) { // Check whether it's a truthy object or a falsy object that emulates @@ -5652,8 +5654,11 @@ CodeGenerator::visitIsNullOrLikeUndefinedAndBranch(LIsNullOrLikeUndefinedAndBran Label *ifTrueLabel = getJumpLabelForBranch(ifTrue); Label *ifFalseLabel = getJumpLabelForBranch(ifFalse); - masm.branchTestNull(Assembler::Equal, tag, ifTrueLabel); - masm.branchTestUndefined(Assembler::Equal, tag, ifTrueLabel); + MDefinition *input = lir->cmpMir()->lhs(); + if (input->mightBeType(MIRType_Null)) + masm.branchTestNull(Assembler::Equal, tag, ifTrueLabel); + if (input->mightBeType(MIRType_Undefined)) + masm.branchTestUndefined(Assembler::Equal, tag, ifTrueLabel); if (ool) { masm.branchTestObject(Assembler::NotEqual, tag, ifFalseLabel); From 4932b53b11c37a76718da80ed91be4710f9190ee Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Tue, 21 Oct 2014 19:59:13 -0700 Subject: [PATCH 14/19] Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed (r=sstamm) --- content/base/src/nsCSPParser.cpp | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/content/base/src/nsCSPParser.cpp b/content/base/src/nsCSPParser.cpp index 718e724cf6e5..3fe7207492e8 100644 --- a/content/base/src/nsCSPParser.cpp +++ b/content/base/src/nsCSPParser.cpp @@ -822,13 +822,6 @@ nsCSPParser::directive() return; } - if (mCurDir.Length() < 2) { - const char16_t* params[] = { mCurToken.get() }; - logWarningErrorToConsole(nsIScriptError::warningFlag, "failedToParseUnrecognizedSource", - params, ArrayLength(params)); - return; - } - // Try to create a new CSPDirective nsCSPDirective* cspDir = directiveName(); if (!cspDir) { @@ -840,13 +833,11 @@ nsCSPParser::directive() nsTArray srcs; directiveValue(srcs); - // If we can not parse any srcs; it's not worth having a directive; delete and return + // If we can not parse any srcs; we let the source expression be the empty set ('none') + // see, http://www.w3.org/TR/CSP11/#source-list-parsing if (srcs.Length() == 0) { - const char16_t* params[] = { mCurToken.get() }; - logWarningErrorToConsole(nsIScriptError::warningFlag, "failedToParseUnrecognizedSource", - params, ArrayLength(params)); - delete cspDir; - return; + nsCSPKeywordSrc *keyword = new nsCSPKeywordSrc(CSP_NONE); + srcs.AppendElement(keyword); } // Add the newly created srcs to the directive and add the directive to the policy From 596674802e36b9c6498adcbb983b8c0c56fe5855 Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Tue, 21 Oct 2014 17:47:21 -0700 Subject: [PATCH 15/19] Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed - tests (r=sstamm) --- .../file_csp_invalid_source_expression.html | 11 ++++ content/base/test/csp/mochitest.ini | 2 + .../test_csp_invalid_source_expression.html | 57 +++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 content/base/test/csp/file_csp_invalid_source_expression.html create mode 100644 content/base/test/csp/test_csp_invalid_source_expression.html diff --git a/content/base/test/csp/file_csp_invalid_source_expression.html b/content/base/test/csp/file_csp_invalid_source_expression.html new file mode 100644 index 000000000000..73b1cf8d0927 --- /dev/null +++ b/content/base/test/csp/file_csp_invalid_source_expression.html @@ -0,0 +1,11 @@ + + + + Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed + + +
blocked
+ + + + diff --git a/content/base/test/csp/mochitest.ini b/content/base/test/csp/mochitest.ini index 2304c9091553..6c99d1bf46d1 100644 --- a/content/base/test/csp/mochitest.ini +++ b/content/base/test/csp/mochitest.ini @@ -36,6 +36,7 @@ support-files = file_CSP_inlinestyle_main.html^headers^ file_CSP_inlinestyle_main_allowed.html file_CSP_inlinestyle_main_allowed.html^headers^ + file_csp_invalid_source_expression.html file_CSP_main.html file_CSP_main.html^headers^ file_CSP_main.js @@ -111,6 +112,7 @@ support-files = skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'android' # Times out, not sure why (bug 1008445) [test_CSP_inlinescript.html] [test_CSP_inlinestyle.html] +[test_csp_invalid_source_expression.html] [test_bug836922_npolicies.html] [test_bug886164.html] [test_csp_redirects.html] diff --git a/content/base/test/csp/test_csp_invalid_source_expression.html b/content/base/test/csp/test_csp_invalid_source_expression.html new file mode 100644 index 000000000000..60d41d1e1cc3 --- /dev/null +++ b/content/base/test/csp/test_csp_invalid_source_expression.html @@ -0,0 +1,57 @@ + + + + Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed + + + + + +

+ + + + + From 477e00b11faac7f575f87202e28a19e233993860 Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Tue, 21 Oct 2014 20:28:06 -0700 Subject: [PATCH 16/19] Bug 1086612 - CSP: Let source expression be the empty set in case no valid source can be parsed - update parser tests (r=sstamm) --- content/base/test/TestCSPParser.cpp | 97 ++++++++++++++++++----------- 1 file changed, 62 insertions(+), 35 deletions(-) diff --git a/content/base/test/TestCSPParser.cpp b/content/base/test/TestCSPParser.cpp index ebe9901418fb..3e53ca37f06e 100644 --- a/content/base/test/TestCSPParser.cpp +++ b/content/base/test/TestCSPParser.cpp @@ -438,9 +438,9 @@ nsresult TestSimplePolicies() { return runTestSuite(policies, policyCount, 1); } -// ============================= TestPoliciesThatLogWarning ======================== +// ============================= TestPoliciesWithInvalidSrc ======================== -nsresult TestPoliciesThatLogWarning() { +nsresult TestPoliciesWithInvalidSrc() { static const PolicyTest policies[] = { @@ -448,6 +448,50 @@ nsresult TestPoliciesThatLogWarning() { "script-src http://www.selfuri.com" }, { "script-src 'none' test.com; script-src example.com", "script-src http://test.com" }, + { "default-src **", + "default-src 'none'" }, + { "default-src 'self", + "default-src 'none'" }, + { "default-src 'unsafe-inlin' ", + "default-src 'none'" }, + { "default-src */", + "default-src 'none'" }, + { "default-src", + "default-src 'none'" }, + { "default-src 'unsafe-inlin' ", + "default-src 'none'" }, + { "default-src :88", + "default-src 'none'" }, + { "script-src abc::::::88", + "script-src 'none'" }, + { "script-src *.*:*", + "script-src 'none'" }, + { "img-src *::88", + "img-src 'none'" }, + { "object-src http://localhost:", + "object-src 'none'" }, + { "script-src test..com", + "script-src 'none'" }, + { "script-src sub1.sub2.example+", + "script-src 'none'" }, + { "script-src http://www.example.com//", + "script-src 'none'" }, + { "script-src http://www.example.com:88path-1/", + "script-src 'none'" }, + { "script-src http://www.example.com:88//", + "script-src 'none'" }, + { "script-src http://www.example.com:88//path-1", + "script-src 'none'" }, + { "script-src http://www.example.com:88//path-1", + "script-src 'none'" }, + { "script-src http://www.example.com:88/.js", + "script-src 'none'" }, + { "script-src http://www.example.com:88.js", + "script-src 'none'" }, + { "script-src http://www.example.com:*.js", + "script-src 'none'" }, + { "script-src http://www.example.com:*.", + "script-src 'none'" }, }; uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest); @@ -460,34 +504,12 @@ nsresult TestBadPolicies() { static const PolicyTest policies[] = { - { "default-src **", "" }, - { "default-src 'self", "" }, { "script-sr 'self", "" }, - { "default-src 'unsafe-inlin' ", "" }, - { "default-src */", "" }, - { "default-src", "" }, { "", "" }, { "; ; ; ; ; ; ;", "" }, { "defaut-src asdf", "" }, { "default-src: aaa", "" }, - { "default-src 'unsafe-inlin' ", "" }, - { "default-src :88", "" }, - { "script-src abc::::::88", "" }, { "asdf http://test.com", ""}, - { "script-src *.*:*", "" }, - { "img-src *::88", "" }, - { "object-src http://localhost:", "" }, - { "script-src test..com", "" }, - { "script-src sub1.sub2.example+", "" }, - { "script-src http://www.example.com//", "" }, - { "script-src http://www.example.com:88path-1/", "" }, - { "script-src http://www.example.com:88//", "" }, - { "script-src http://www.example.com:88//path-1", "" }, - { "script-src http://www.example.com:88//path-1", "" }, - { "script-src http://www.example.com:88/.js", "" }, - { "script-src http://www.example.com:88.js", "" }, - { "script-src http://www.example.com:*.js", "" }, - { "script-src http://www.example.com:*.", "" }, }; uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest); @@ -748,8 +770,6 @@ nsresult TestBadGeneratedPolicies() { { "http://other:pass1@self.com/foo", ""}, { "http://user1:pass1@self.com/foo", ""}, { "http://username:password@self.com/bar", ""}, - { "default-src ", ""}, - { "img-src ", ""} }; uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest); @@ -884,17 +904,24 @@ nsresult TestBadGeneratedPoliciesForPathHandling() { static const PolicyTest policies[] = { - { "img-src test1.example.com:88path-1/", "" }, - { "img-src test1.example.com:80.js", "" }, - { "img-src test1.example.com:*.js", "" }, - { "img-src test1.example.com:*.", "" }, - { "img-src http://test1.example.com//", "" }, - { "img-src http://test1.example.com:80//", "" }, - { "img-src http://test1.example.com:80abc", "" }, + { "img-src test1.example.com:88path-1/", + "img-src 'none'" }, + { "img-src test1.example.com:80.js", + "img-src 'none'" }, + { "img-src test1.example.com:*.js", + "img-src 'none'" }, + { "img-src test1.example.com:*.", + "img-src 'none'" }, + { "img-src http://test1.example.com//", + "img-src 'none'" }, + { "img-src http://test1.example.com:80//", + "img-src 'none'" }, + { "img-src http://test1.example.com:80abc", + "img-src 'none'" }, }; uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest); - return runTestSuite(policies, policyCount, 0); + return runTestSuite(policies, policyCount, 1); } // ============================= TestFuzzyPolicies ======================== @@ -1058,7 +1085,7 @@ int main(int argc, char** argv) { if (NS_FAILED(TestIgnoreUpperLowerCasePolicies())) { return 1; } if (NS_FAILED(TestIgnorePaths())) { return 1; } if (NS_FAILED(TestSimplePolicies())) { return 1; } - if (NS_FAILED(TestPoliciesThatLogWarning())) { return 1; } + if (NS_FAILED(TestPoliciesWithInvalidSrc())) { return 1; } if (NS_FAILED(TestBadPolicies())) { return 1; } if (NS_FAILED(TestGoodGeneratedPolicies())) { return 1; } if (NS_FAILED(TestBadGeneratedPolicies())) { return 1; } From a1e41d89c8c73d464d4bacc87e99339a61d22ccb Mon Sep 17 00:00:00 2001 From: Hannes Verschore Date: Wed, 22 Oct 2014 22:12:45 +0200 Subject: [PATCH 17/19] Bug 1042823 - Don't blindly make MMinMax optimize for doubles, r=jandem,sunfish --- js/src/builtin/Utilities.js | 2 +- js/src/jit/MCallOptimize.cpp | 51 ++++++++++++++--- js/src/jit/MIR.cpp | 106 ++++++++++++++++++++++++++++++++++- js/src/jit/MIR.h | 3 +- 4 files changed, 149 insertions(+), 13 deletions(-) diff --git a/js/src/builtin/Utilities.js b/js/src/builtin/Utilities.js index 1dd5a3dfd504..a7af0d67d2d2 100644 --- a/js/src/builtin/Utilities.js +++ b/js/src/builtin/Utilities.js @@ -100,7 +100,7 @@ function ToLength(v) { return 0; // Math.pow(2, 53) - 1 = 0x1fffffffffffff - return v < 0x1fffffffffffff ? v : 0x1fffffffffffff; + return std_Math_min(v, 0x1fffffffffffff); } /********** Testing code **********/ diff --git a/js/src/jit/MCallOptimize.cpp b/js/src/jit/MCallOptimize.cpp index deb7829456f9..4636b646670d 100644 --- a/js/src/jit/MCallOptimize.cpp +++ b/js/src/jit/MCallOptimize.cpp @@ -1147,31 +1147,64 @@ IonBuilder::inlineMathFRound(CallInfo &callInfo) IonBuilder::InliningStatus IonBuilder::inlineMathMinMax(CallInfo &callInfo, bool max) { - if (callInfo.argc() < 2 || callInfo.constructing()) + if (callInfo.argc() < 1 || callInfo.constructing()) return InliningStatus_NotInlined; MIRType returnType = getInlineReturnType(); if (!IsNumberType(returnType)) return InliningStatus_NotInlined; + MDefinitionVector int32_cases(alloc()); for (unsigned i = 0; i < callInfo.argc(); i++) { - MIRType argType = callInfo.getArg(i)->type(); - if (!IsNumberType(argType)) - return InliningStatus_NotInlined; + MDefinition *arg = callInfo.getArg(i); - // When one of the arguments is double, do a double MMinMax. - if (returnType == MIRType_Int32 && IsFloatingPointType(argType)) + switch (arg->type()) { + case MIRType_Int32: + if (!int32_cases.append(arg)) + return InliningStatus_Error; + break; + case MIRType_Double: + case MIRType_Float32: + // Don't force a double MMinMax for arguments that would be a NOP + // when doing an integer MMinMax. + if (arg->isConstant()) { + double cte = arg->toConstant()->value().toDouble(); + // min(int32, cte >= INT32_MAX) = int32 + if (cte >= INT32_MAX && !max) + break; + // max(int32, cte <= INT32_MIN) = int32 + if (cte <= INT32_MIN && max) + break; + } + + // Force double MMinMax if argument is a "effectfull" double. returnType = MIRType_Double; + break; + default: + return InliningStatus_NotInlined; + } } + if (int32_cases.length() == 0) + returnType = MIRType_Double; + callInfo.setImplicitlyUsedUnchecked(); + MDefinitionVector &cases = (returnType == MIRType_Int32) ? int32_cases : callInfo.argv(); + + if (cases.length() == 1) { + MLimitedTruncate *limit = MLimitedTruncate::New(alloc(), cases[0], MDefinition::NoTruncate); + current->add(limit); + current->push(limit); + return InliningStatus_Inlined; + } + // Chain N-1 MMinMax instructions to compute the MinMax. - MMinMax *last = MMinMax::New(alloc(), callInfo.getArg(0), callInfo.getArg(1), returnType, max); + MMinMax *last = MMinMax::New(alloc(), cases[0], cases[1], returnType, max); current->add(last); - for (unsigned i = 2; i < callInfo.argc(); i++) { - MMinMax *ins = MMinMax::New(alloc(), last, callInfo.getArg(i), returnType, max); + for (unsigned i = 2; i < cases.length(); i++) { + MMinMax *ins = MMinMax::New(alloc(), last, cases[2], returnType, max); current->add(ins); last = ins; } diff --git a/js/src/jit/MIR.cpp b/js/src/jit/MIR.cpp index eaa5485f2e7e..736222ca9cf4 100644 --- a/js/src/jit/MIR.cpp +++ b/js/src/jit/MIR.cpp @@ -1830,6 +1830,41 @@ MMinMax::trySpecializeFloat32(TempAllocator &alloc) setResultType(MIRType_Float32); } +MDefinition * +MMinMax::foldsTo(TempAllocator &alloc) +{ + if (!lhs()->isConstant() && !rhs()->isConstant()) + return this; + + MDefinition *operand = lhs()->isConstant() ? rhs() : lhs(); + MConstant *constant = lhs()->isConstant() ? lhs()->toConstant() : rhs()->toConstant(); + + if (operand->isToDouble() && operand->getOperand(0)->type() == MIRType_Int32) { + const js::Value &val = constant->value(); + + // min(int32, cte >= INT32_MAX) = int32 + if (val.isDouble() && val.toDouble() >= INT32_MAX && !isMax()) { + MLimitedTruncate *limit = + MLimitedTruncate::New(alloc, operand->getOperand(0), MDefinition::NoTruncate); + block()->insertBefore(this, limit); + MToDouble *toDouble = MToDouble::New(alloc, limit); + block()->insertBefore(this, toDouble); + return toDouble; + } + + // max(int32, cte <= INT32_MIN) = int32 + if (val.isDouble() && val.toDouble() < INT32_MIN && isMax()) { + MLimitedTruncate *limit = + MLimitedTruncate::New(alloc, operand->getOperand(0), MDefinition::NoTruncate); + block()->insertBefore(this, limit); + MToDouble *toDouble = MToDouble::New(alloc, limit); + block()->insertBefore(this, toDouble); + return toDouble; + } + } + return this; +} + bool MAbs::fallible() const { @@ -2976,7 +3011,7 @@ MCompare::tryFold(bool *result) } bool -MCompare::evaluateConstantOperands(bool *result) +MCompare::evaluateConstantOperands(TempAllocator &alloc, bool *result) { if (type() != MIRType_Boolean && type() != MIRType_Int32) return false; @@ -2984,6 +3019,73 @@ MCompare::evaluateConstantOperands(bool *result) MDefinition *left = getOperand(0); MDefinition *right = getOperand(1); + if (compareType() == Compare_Double) { + // Optimize "MCompare MConstant (MToDouble SomethingInInt32Range). + // In most cases the MToDouble was added, because the constant is + // a double. + // e.g. v < 9007199254740991, where v is an int32 is always true. + if (!lhs()->isConstant() && !rhs()->isConstant()) + return false; + + MDefinition *operand = left->isConstant() ? right : left; + MConstant *constant = left->isConstant() ? left->toConstant() : right->toConstant(); + MOZ_ASSERT(constant->value().isDouble()); + double cte = constant->value().toDouble(); + + if (operand->isToDouble() && operand->getOperand(0)->type() == MIRType_Int32) { + bool replaced = false; + switch (jsop_) { + case JSOP_LT: + if (cte > INT32_MAX || cte < INT32_MIN) { + *result = !((constant == lhs()) ^ (cte < INT32_MIN)); + replaced = true; + } + break; + case JSOP_LE: + if (cte >= INT32_MAX || cte <= INT32_MIN) { + *result = !((constant == lhs()) ^ (cte <= INT32_MIN)); + replaced = true; + } + break; + case JSOP_GT: + if (cte > INT32_MAX || cte < INT32_MIN) { + *result = !((constant == rhs()) ^ (cte < INT32_MIN)); + replaced = true; + } + break; + case JSOP_GE: + if (cte >= INT32_MAX || cte <= INT32_MIN) { + *result = !((constant == rhs()) ^ (cte <= INT32_MIN)); + replaced = true; + } + break; + case JSOP_STRICTEQ: // Fall through. + case JSOP_EQ: + if (cte > INT32_MAX || cte < INT32_MIN) { + *result = false; + replaced = true; + } + break; + case JSOP_STRICTNE: // Fall through. + case JSOP_NE: + if (cte > INT32_MAX || cte < INT32_MIN) { + *result = true; + replaced = true; + } + break; + default: + MOZ_CRASH("Unexpected op."); + } + if (replaced) { + MLimitedTruncate *limit = + MLimitedTruncate::New(alloc, operand->getOperand(0), MDefinition::NoTruncate); + limit->setGuardUnchecked(); + block()->insertBefore(this, limit); + return true; + } + } + } + if (!left->isConstant() || !right->isConstant()) return false; @@ -3092,7 +3194,7 @@ MCompare::foldsTo(TempAllocator &alloc) { bool result; - if (tryFold(&result) || evaluateConstantOperands(&result)) { + if (tryFold(&result) || evaluateConstantOperands(alloc, &result)) { if (type() == MIRType_Int32) return MConstant::New(alloc, Int32Value(result)); diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h index cfad935eb7b4..537ba058c753 100644 --- a/js/src/jit/MIR.h +++ b/js/src/jit/MIR.h @@ -3643,7 +3643,7 @@ class MCompare CompareType compareType); bool tryFold(bool *result); - bool evaluateConstantOperands(bool *result); + bool evaluateConstantOperands(TempAllocator &alloc, bool *result); MDefinition *foldsTo(TempAllocator &alloc); void filtersUndefinedOrNull(bool trueBranch, MDefinition **subject, bool *filtersUndefined, bool *filtersNull); @@ -5008,6 +5008,7 @@ class MMinMax AliasSet getAliasSet() const { return AliasSet::None(); } + MDefinition *foldsTo(TempAllocator &alloc); void computeRange(TempAllocator &alloc); bool writeRecoverData(CompactBufferWriter &writer) const; bool canRecoverOnBailout() const { From 7c18fd1d5d08473b1fe1eaed07c742469d449be6 Mon Sep 17 00:00:00 2001 From: ffxbld Date: Wed, 22 Oct 2014 14:02:46 -0700 Subject: [PATCH 18/19] No bug, Automated HSTS preload list update from host bld-linux64-spot-1094 - a=hsts-update --- .../manager/boot/src/nsSTSPreloadList.errors | 141 +++++++++++- .../manager/boot/src/nsSTSPreloadList.inc | 207 +++++++++++++++++- 2 files changed, 333 insertions(+), 15 deletions(-) diff --git a/security/manager/boot/src/nsSTSPreloadList.errors b/security/manager/boot/src/nsSTSPreloadList.errors index 0ac9b7b3af7b..bde2707c1bc1 100644 --- a/security/manager/boot/src/nsSTSPreloadList.errors +++ b/security/manager/boot/src/nsSTSPreloadList.errors @@ -1,6 +1,9 @@ admin.google.com: did not receive HSTS header (error ignored - included regardless) adsfund.org: could not connect to host airbnb.com: did not receive HSTS header +aiticon.de: did not receive HSTS header +alpha.irccloud.com: could not connect to host +amigogeek.net: could not connect to host api.lookout.com: could not connect to host api.mega.co.nz: could not connect to host api.recurly.com: did not receive HSTS header @@ -8,36 +11,63 @@ apis.google.com: did not receive HSTS header (error ignored - included regardles app.manilla.com: could not connect to host appengine.google.com: did not receive HSTS header (error ignored - included regardless) appseccalifornia.org: did not receive HSTS header +at.search.yahoo.com: did not receive HSTS header +au.search.yahoo.com: did not receive HSTS header +az.search.yahoo.com: did not receive HSTS header azprep.us: did not receive HSTS header bassh.net: did not receive HSTS header bccx.com: could not connect to host +be.search.yahoo.com: did not receive HSTS header bedeta.de: could not connect to host betnet.fr: could not connect to host +bi.search.yahoo.com: did not receive HSTS header bigshinylock.minazo.net: could not connect to host +bitfarm-archiv.com: did not receive HSTS header +bitfarm-archiv.de: did not receive HSTS header blog.lookout.com: did not receive HSTS header -boxcryptor.com: could not connect to host +br.search.yahoo.com: did not receive HSTS header braintreegateway.com: did not receive HSTS header braintreepayments.com: did not receive HSTS header browserid.org: did not receive HSTS header business.medbank.com.mt: did not receive HSTS header -calyxinstitute.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +ca.search.yahoo.com: did not receive HSTS header +calibreapp.com: did not receive HSTS header +calyxinstitute.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] carlolly.co.uk: did not receive HSTS header cartucce24.it: could not connect to host +cd.search.yahoo.com: did not receive HSTS header celltek-server.de: did not receive HSTS header cert.se: max-age too low: 2628001 +cg.search.yahoo.com: did not receive HSTS header +ch.search.yahoo.com: did not receive HSTS header checkout.google.com: did not receive HSTS header (error ignored - included regardless) +chfr.search.yahoo.com: did not receive HSTS header +chit.search.yahoo.com: did not receive HSTS header chrome-devtools-frontend.appspot.com: did not receive HSTS header (error ignored - included regardless) chrome.google.com: did not receive HSTS header (error ignored - included regardless) +cimballa.com: did not receive HSTS header +cl.search.yahoo.com: did not receive HSTS header cloud.google.com: did not receive HSTS header (error ignored - included regardless) +cn.search.yahoo.com: did not receive HSTS header +co.search.yahoo.com: did not receive HSTS header code.google.com: did not receive HSTS header (error ignored - included regardless) codereview.chromium.org: did not receive HSTS header (error ignored - included regardless) +cr.search.yahoo.com: did not receive HSTS header crate.io: did not receive HSTS header crbug.com: did not receive HSTS header crowdcurity.com: did not receive HSTS header crypto.is: did not receive HSTS header csawctf.poly.edu: did not receive HSTS header +ct.search.yahoo.com: did not receive HSTS header +cube.de: max-age too low: 0 +daylightcompany.com: could not connect to host +de.search.yahoo.com: did not receive HSTS header +decibelios.li: did not receive HSTS header +digitaldaddy.net: could not connect to host discovery.lookout.com: did not receive HSTS header +dk.search.yahoo.com: did not receive HSTS header dl.google.com: did not receive HSTS header (error ignored - included regardless) +do.search.yahoo.com: did not receive HSTS header docs.google.com: did not receive HSTS header (error ignored - included regardless) drive.google.com: did not receive HSTS header (error ignored - included regardless) dropbox.com: max-age too low: 2592000 @@ -45,56 +75,95 @@ dropcam.com: did not receive HSTS header ed.gs: did not receive HSTS header edmodo.com: did not receive HSTS header email.lookout.com: could not connect to host +en-maktoob.search.yahoo.com: did not receive HSTS header encrypted.google.com: did not receive HSTS header (error ignored - included regardless) epoxate.com: did not receive HSTS header +es.search.yahoo.com: did not receive HSTS header +espanol.search.yahoo.com: did not receive HSTS header espra.com: could not connect to host -f-droid.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +f-droid.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] fatzebra.com.au: did not receive HSTS header +fi.search.yahoo.com: did not receive HSTS header +filedir.com: did not receive HSTS header +fj.search.yahoo.com: did not receive HSTS header +fr.search.yahoo.com: did not receive HSTS header +freenetproject.org: max-age too low: 864000 gamesdepartment.co.uk: did not receive HSTS header get.zenpayroll.com: did not receive HSTS header getlantern.org: did not receive HSTS header +gl.search.yahoo.com: did not receive HSTS header glass.google.com: did not receive HSTS header (error ignored - included regardless) -globalcs.co.uk: did not receive HSTS header +gm.search.yahoo.com: did not receive HSTS header gmail.com: did not receive HSTS header (error ignored - included regardless) googlemail.com: did not receive HSTS header (error ignored - included regardless) googleplex.com: could not connect to host googleplex.com: could not connect to host (error ignored - included regardless) goto.google.com: did not receive HSTS header (error ignored - included regardless) gparent.org: did not receive HSTS header +gr.search.yahoo.com: did not receive HSTS header greplin.com: could not connect to host groups.google.com: did not receive HSTS header (error ignored - included regardless) hackerone-user-content.com: could not connect to host haste.ch: could not connect to host history.google.com: did not receive HSTS header (error ignored - included regardless) +hk.search.yahoo.com: did not receive HSTS header +hn.search.yahoo.com: did not receive HSTS header hoerbuecher-und-hoerspiele.de: did not receive HSTS header -honeytracks.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +honeytracks.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] +horosho.in: did not receive HSTS header hostedtalkgadget.google.com: did not receive HSTS header (error ignored - included regardless) howrandom.org: could not connect to host +hu.search.yahoo.com: did not receive HSTS header +id.search.yahoo.com: did not receive HSTS header +ie.search.yahoo.com: did not receive HSTS header +ilmconpm.de: did not receive HSTS header +in.search.yahoo.com: did not receive HSTS header in.xero.com: max-age too low: 3600 intercom.io: did not receive HSTS header iop.intuit.com: max-age too low: 86400 -irccloud.com: did not receive HSTS header +irccloud.com: could not connect to host +it.search.yahoo.com: did not receive HSTS header itriskltd.com: did not receive HSTS header jottit.com: could not connect to host keymaster.lookout.com: did not receive HSTS header +khmath.com: did not receive HSTS header kiwiirc.com: max-age too low: 5256000 +klaxn.org: could not connect to host +knowledgehook.com: did not receive HSTS header +kr.search.yahoo.com: did not receive HSTS header +kz.search.yahoo.com: did not receive HSTS header ledgerscope.net: did not receive HSTS header +li.search.yahoo.com: did not receive HSTS header liberty.lavabit.com: could not connect to host -lifeguard.aecom.com: did not receive HSTS header +lifeguard.aecom.com: max-age too low: 86400 lists.mayfirst.org: did not receive HSTS header -logentries.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +logentries.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless) logotype.se: did not receive HSTS header -ludwig.im: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] -lumi.do: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +lovelycorral.com: did not receive HSTS header +lt.search.yahoo.com: did not receive HSTS header +lu.search.yahoo.com: did not receive HSTS header +ludwig.im: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] +lumi.do: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] +luxus-russen.de: did not receive HSTS header +lv.search.yahoo.com: did not receive HSTS header m.gparent.org: could not connect to host mail.google.com: did not receive HSTS header (error ignored - included regardless) +maktoob.search.yahoo.com: did not receive HSTS header +malaysia.search.yahoo.com: did not receive HSTS header market.android.com: did not receive HSTS header (error ignored - included regardless) markusueberallassetmanagement.de: could not connect to host matteomarescotti.name: max-age too low: 0 +megashur.se: did not receive HSTS header +minikneet.nl: did not receive HSTS header mobilethreat.net: could not connect to host mobilethreatnetwork.net: could not connect to host +mqas.net: could not connect to host +mt.search.yahoo.com: did not receive HSTS header +mu.search.yahoo.com: did not receive HSTS header mudcrab.us: could not connect to host +mw.search.yahoo.com: did not receive HSTS header +mx.search.yahoo.com: did not receive HSTS header my.alfresco.com: did not receive HSTS header mydigipass.com: did not receive HSTS header mykolab.com: did not receive HSTS header @@ -103,33 +172,57 @@ netzpolitik.org: did not receive HSTS header nexth.de: could not connect to host nexth.net: could not connect to host nexth.us: could not connect to host +ni.search.yahoo.com: did not receive HSTS header +nl.search.yahoo.com: did not receive HSTS header +no.search.yahoo.com: did not receive HSTS header noexpect.org: could not connect to host +np.search.yahoo.com: did not receive HSTS header +nz.search.yahoo.com: did not receive HSTS header openshift.redhat.com: did not receive HSTS header ottospora.nl: could not connect to host +pa.search.yahoo.com: did not receive HSTS header passwordbox.com: did not receive HSTS header +passwords.google.com: did not receive HSTS header (error ignored - included regardless) paypal.com: max-age too low: 14400 payroll.xero.com: max-age too low: 3600 +pe.search.yahoo.com: did not receive HSTS header +ph.search.yahoo.com: did not receive HSTS header piratenlogin.de: did not receive HSTS header +pk.search.yahoo.com: did not receive HSTS header +pl.search.yahoo.com: did not receive HSTS header platform.lookout.com: could not connect to host play.google.com: did not receive HSTS header (error ignored - included regardless) +pr.search.yahoo.com: did not receive HSTS header pressfreedomfoundation.org: did not receive HSTS header prodpad.com: did not receive HSTS header profiles.google.com: did not receive HSTS header (error ignored - included regardless) promecon-gmbh.de: did not receive HSTS header +py.search.yahoo.com: did not receive HSTS header +qc.search.yahoo.com: did not receive HSTS header rapidresearch.me: could not connect to host +redlatam.org: did not receive HSTS header +regar42.fr: could not connect to host riseup.net: did not receive HSTS header rme.li: did not receive HSTS header +ro.search.yahoo.com: did not receive HSTS header robteix.com: did not receive HSTS header +ru.search.yahoo.com: did not receive HSTS header +rw.search.yahoo.com: did not receive HSTS header sah3.net: could not connect to host saturngames.co.uk: did not receive HSTS header script.google.com: did not receive HSTS header (error ignored - included regardless) +se.search.yahoo.com: did not receive HSTS header +search.yahoo.com: did not receive HSTS header security.google.com: did not receive HSTS header (error ignored - included regardless) +segu-info.com.ar: did not receive HSTS header semenkovich.com: did not receive HSTS header serverdensity.io: did not receive HSTS header +sg.search.yahoo.com: did not receive HSTS header shops.neonisi.com: could not connect to host siammedia.co: did not receive HSTS header silentcircle.org: could not connect to host simon.butcher.name: max-age too low: 2629743 +simplyfixit.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] sites.google.com: did not receive HSTS header (error ignored - included regardless) sol.io: could not connect to host souyar.de: could not connect to host @@ -142,16 +235,34 @@ ssl.panoramio.com: did not receive HSTS header stocktrade.de: could not connect to host sunshinepress.org: could not connect to host surfeasy.com: did not receive HSTS header +sv.search.yahoo.com: did not receive HSTS header talk.google.com: did not receive HSTS header (error ignored - included regardless) talkgadget.google.com: did not receive HSTS header (error ignored - included regardless) tektoria.de: did not receive HSTS header +temehu.com: did not receive HSTS header +terrax.berlin: could not connect to host +th.search.yahoo.com: did not receive HSTS header +tobias-kluge.de: could not connect to host +tr.search.yahoo.com: did not receive HSTS header translate.googleapis.com: did not receive HSTS header (error ignored - included regardless) +tv.search.yahoo.com: could not connect to host +tw.search.yahoo.com: did not receive HSTS header +ua.search.yahoo.com: did not receive HSTS header +uk.search.yahoo.com: did not receive HSTS header uprotect.it: could not connect to host +uy.search.yahoo.com: did not receive HSTS header +uz.search.yahoo.com: did not receive HSTS header +ve.search.yahoo.com: did not receive HSTS header +vn.search.yahoo.com: did not receive HSTS header wallet.google.com: did not receive HSTS header (error ignored - included regardless) webmail.mayfirst.org: did not receive HSTS header +wf-training-master.appspot.com: could not connect to host +wf-training-master.appspot.com: could not connect to host (error ignored - included regardless) whonix.org: did not receive HSTS header +wikidsystems.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] wiz.biz: did not receive HSTS header -www.calyxinstitute.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 126" data: no] +wohnungsbau-ludwigsburg.de: did not receive HSTS header +www.calyxinstitute.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134" data: no] www.cueup.com: could not connect to host www.developer.mydigipass.com: could not connect to host www.dropbox.com: max-age too low: 2592000 @@ -159,6 +270,7 @@ www.elanex.biz: did not receive HSTS header www.gmail.com: did not receive HSTS header (error ignored - included regardless) www.googlemail.com: did not receive HSTS header (error ignored - included regardless) www.greplin.com: could not connect to host +www.irccloud.com: could not connect to host www.jitsi.org: did not receive HSTS header www.ledgerscope.net: did not receive HSTS header www.logentries.com: did not receive HSTS header @@ -169,4 +281,11 @@ www.rme.li: did not receive HSTS header www.roddis.net: did not receive HSTS header www.sandbox.mydigipass.com: could not connect to host www.surfeasy.com: did not receive HSTS header +xa.search.yahoo.com: did not receive HSTS header +xtream-hosting.com: could not connect to host +xtream-hosting.de: could not connect to host +xtream-hosting.eu: could not connect to host +xtreamhosting.eu: could not connect to host +za.search.yahoo.com: did not receive HSTS header +zh.search.yahoo.com: did not receive HSTS header zoo24.de: max-age too low: 2592000 diff --git a/security/manager/boot/src/nsSTSPreloadList.inc b/security/manager/boot/src/nsSTSPreloadList.inc index 9ba118fb3afc..06265db5a7da 100644 --- a/security/manager/boot/src/nsSTSPreloadList.inc +++ b/security/manager/boot/src/nsSTSPreloadList.inc @@ -8,7 +8,7 @@ /*****************************************************************************/ #include -const PRTime gPreloadListExpirationTime = INT64_C(1424513391772000); +const PRTime gPreloadListExpirationTime = INT64_C(1424897629315000); class nsSTSPreload { @@ -18,6 +18,10 @@ class nsSTSPreload }; static const nsSTSPreload kSTSPreloadList[] = { + { "17hats.com", true }, + { "1a-diamantscheiben.de", true }, + { "1a-vermessung.at", true }, + { "1a-werkstattgeraete.de", true }, { "accounts.firefox.com", true }, { "accounts.google.com", true }, { "aclu.org", false }, @@ -26,10 +30,19 @@ static const nsSTSPreload kSTSPreloadList[] = { { "addvocate.com", true }, { "admin.google.com", true }, { "adsfund.org", true }, + { "ahoyconference.com", true }, { "aie.de", true }, + { "aiticon.com", true }, { "aladdinschools.appspot.com", false }, { "alexsexton.com", true }, { "alpha.irccloud.com", false }, + { "andreasbreitenlohner.de", true }, + { "anetaben.nl", true }, + { "angularjs.org", true }, + { "annahmeschluss.de", true }, + { "annevankesteren.com", true }, + { "annevankesteren.nl", true }, + { "annevankesteren.org", true }, { "ansdell.net", true }, { "anycoin.me", true }, { "apadvantage.com", true }, @@ -44,22 +57,31 @@ static const nsSTSPreload kSTSPreloadList[] = { { "app.simpletax.ca", false }, { "app.yinxiang.com", false }, { "appengine.google.com", true }, + { "aprz.de", true }, { "archlinux.de", true }, { "arivo.com.br", true }, + { "arlen.io", true }, { "auf-feindgebiet.de", true }, { "baer.im", true }, + { "balcan-underground.net", true }, + { "baldwinkoo.com", true }, { "bank.simple.com", false }, { "barcodeberlin.com", true }, + { "barslecht.com", true }, + { "barslecht.nl", true }, { "baruch.me", true }, + { "bautied.de", true }, { "bayrisch-fuer-anfaenger.de", true }, { "bccx.com", true }, { "bcrook.com", false }, { "beastowner.com", true }, { "beastowner.li", true }, { "bedeta.de", true }, + { "bedreid.dk", true }, { "beneathvt.com", true }, { "benjamins.com", true }, { "best-wedding-quotes.com", true }, + { "bigbrownpromotions.com.au", true }, { "bitbucket.org", false }, { "bitfactory.ws", true }, { "bl4ckb0x.com", true }, @@ -68,46 +90,58 @@ static const nsSTSPreload kSTSPreloadList[] = { { "bl4ckb0x.net", true }, { "bl4ckb0x.org", true }, { "blacklane.com", true }, + { "blessnet.jp", true }, { "blocksatz-medien.de", true }, { "blog.cyveillance.com", true }, { "blog.gparent.org", true }, { "blog.linode.com", false }, { "blog.torproject.org", false }, + { "bodo-wolff.de", true }, { "bohramt.de", true }, { "boxcryptor.com", true }, { "brunosouza.org", true }, { "buddhistische-weisheiten.org", true }, { "bugzil.la", true }, { "bugzilla.mozilla.org", true }, + { "bulktrade.de", true }, { "business.lookout.com", false }, + { "buzzconcert.com", true }, { "bytepark.de", false }, { "ca.gparent.org", false }, + { "call.me", true }, { "carezone.com", false }, { "cartouche24.eu", true }, + { "cdnb.co", true }, { "certible.com", true }, { "check.torproject.org", false }, { "checkout.google.com", true }, + { "chrisjean.com", true }, { "chrome-devtools-frontend.appspot.com", true }, { "chrome.google.com", true }, { "chromiumcodereview.appspot.com", false }, + { "chulado.com", true }, { "clapping-rhymes.com", true }, { "cloud.google.com", true }, { "cloudcert.org", true }, { "cloudns.com.au", true }, { "cloudsecurityalliance.org", true }, + { "cloudstoragemaus.com", true }, { "cloudup.com", true }, { "code-poets.co.uk", true }, { "code.google.com", true }, + { "codepref.com", true }, { "codereview.appspot.com", false }, { "codereview.chromium.org", true }, + { "comdurav.com", true }, { "config.schokokeks.org", false }, { "conformal.com", true }, { "conrad-kostecki.de", true }, { "controlcenter.gigahost.dk", true }, + { "cotonea.de", true }, { "crm.onlime.ch", false }, { "crypto.cat", false }, { "cryptopartyatx.org", true }, - { "cube.de", true }, + { "cujanovic.com", true }, { "cupcake.io", true }, { "cupcake.is", true }, { "cybershambles.com", true }, @@ -118,72 +152,105 @@ static const nsSTSPreload kSTSPreloadList[] = { { "data.qld.gov.au", false }, { "datenkeks.de", true }, { "davidlyness.com", true }, + { "deadbeef.ninja", true }, + { "debtkit.co.uk", true }, { "dedimax.de", true }, + { "denh.am", true }, { "derhil.de", true }, { "detectify.com", false }, { "developer.mydigipass.com", false }, + { "devh.de", true }, + { "diamante.ro", true }, { "die-besten-weisheiten.de", true }, { "dillonkorman.com", true }, { "dist.torproject.org", false }, { "dl.google.com", true }, + { "dlc.viasinc.com", true }, { "dm.lookout.com", false }, { "dm.mylookout.com", false }, { "docs.google.com", true }, { "docs.python.org", true }, { "domains.google.com", true }, + { "domaris.de", true }, { "donmez.ws", false }, { "download.jitsi.org", false }, { "drive.google.com", true }, { "ebanking.indovinabank.com.vn", false }, { "ecosystem.atlassian.net", true }, + { "edit.yahoo.com", false }, { "edyou.eu", true }, { "eff.org", true }, + { "eldietista.es", true }, + { "elnutricionista.es", true }, { "emailprivacytester.com", true }, { "encircleapp.com", true }, + { "encryptallthethings.net", true }, { "encrypted.google.com", true }, { "energy-drink-magazin.de", true }, + { "enorekcah.com", true }, { "entropia.de", false }, { "errors.zenpayroll.com", false }, + { "esec.rs", true }, { "espra.com", true }, { "ethitter.com", true }, { "eurotramp.com", true }, + { "everhome.de", true }, + { "evstatus.com", true }, { "explodie.org", true }, { "f-droid.org", true }, { "factor.cc", false }, { "fairbill.com", true }, { "faq.lookout.com", false }, + { "fedorapeople.org", true }, { "feedbin.com", false }, { "ferienhaus-polchow-ruegen.de", false }, { "fiken.no", true }, { "firemail.io", true }, { "fischer-its.com", true }, + { "fixingdns.com", true }, { "fj.simple.com", false }, + { "flamer-scene.com", true }, + { "fleximus.org", false }, + { "floobits.com", true }, { "flynn.io", true }, { "forewordreviews.com", true }, { "forodeespanol.com", true }, { "forum.linode.com", false }, { "forum.quantifiedself.com", true }, + { "frederik-braun.com", true }, { "freeshell.de", true }, + { "fronteers.nl", true }, + { "fundingempire.com", true }, + { "futos.de", true }, + { "gamercredo.com", true }, + { "garron.net", true }, { "gemeinfreie-lieder.de", true }, + { "gerardozamudio.mx", true }, { "gernert-server.de", true }, { "getcloak.com", false }, { "getdigitized.net", true }, + { "getssl.uz", true }, { "giacomopelagatti.it", true }, + { "github.com", true }, { "glass.google.com", true }, { "globuli-info.de", true }, { "gmail.com", false }, { "gmantra.org", true }, + { "gmcd.co", true }, { "go.xero.com", false }, { "gocardless.com", true }, { "googlemail.com", false }, { "googleplex.com", true }, { "goto.google.com", true }, + { "gplintegratedit.com", true }, { "grc.com", false }, { "greensolid.biz", true }, { "grepular.com", true }, { "groups.google.com", true }, + { "gunnarhafdal.com", true }, { "guphi.net", true }, { "guthabenkarten-billiger.de", true }, + { "hack.li", true }, { "hackerone.com", true }, { "harvestapp.com", true }, { "hasilocke.de", true }, @@ -191,22 +258,37 @@ static const nsSTSPreload kSTSPreloadList[] = { { "haufschild.de", true }, { "hausverbrauch.de", true }, { "heha.co", true }, + { "heid.ws", true }, + { "heijblok.com", true }, { "helichat.de", true }, { "help.simpletax.ca", false }, { "helpium.de", true }, { "hex2013.com", true }, + { "hexony.com", true }, { "history.google.com", true }, + { "honeybadger.io", false }, { "hostedtalkgadget.google.com", true }, { "hostinginnederland.nl", true }, { "hostix.de", true }, { "howrandom.org", true }, + { "howsmyssl.com", true }, + { "howsmytls.com", true }, + { "hpac-portal.com", true }, + { "html5.org", true }, + { "ian.sh", true }, { "iban.is", true }, + { "id-co.in", true }, { "id.atlassian.com", false }, { "id.mayfirst.org", false }, + { "ideaweb.de", true }, { "ihrlotto.de", true }, + { "ilikerainbows.co.uk", false }, { "imouto.my", false }, { "inertianetworks.com", true }, + { "inleaked.com", true }, + { "insouciant.org", true }, { "irische-segenswuensche.info", true }, + { "ironfistdesign.com", true }, { "isitchristmas.com", true }, { "it-schwerin.de", true }, { "jackyyf.com", false }, @@ -218,14 +300,20 @@ static const nsSTSPreload kSTSPreloadList[] = { { "jitsi.org", false }, { "jonas-keidel.de", true }, { "jonaswitmer.ch", true }, + { "jonnybarnes.uk", true }, { "julian-kipka.de", true }, + { "jwilsson.me", true }, { "k-dev.de", true }, + { "kaheim.de", true }, { "kardize24.pl", true }, + { "kdex.de", true }, { "keeperapp.com", true }, { "keepersecurity.com", true }, { "kernel-error.de", true }, + { "kevincox.ca", true }, { "keyerror.com", true }, { "kinderbuecher-kostenlos.de", true }, + { "kinogb.net", false }, { "kinsights.com", false }, { "kitsta.com", true }, { "klatschreime.de", true }, @@ -236,6 +324,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "koordinate.net", true }, { "kraken.io", true }, { "kura.io", true }, + { "labina.com.tr", true }, { "lagerauftrag.info", true }, { "lasst-uns-beten.de", true }, { "lastpass.com", false }, @@ -243,9 +332,14 @@ static const nsSTSPreload kSTSPreloadList[] = { { "lavalite.de", true }, { "lb-toner.de", true }, { "library.linode.com", false }, + { "liebel.org", true }, + { "limpid.nl", true }, + { "lingolia.com", true }, { "linode.com", false }, - { "linx.net", false }, + { "linx.net", true }, + { "ljs.io", true }, { "lockify.com", true }, + { "lodash.com", true }, { "loenshotel.de", true }, { "loftboard.eu", true }, { "logentries.com", false }, @@ -253,6 +347,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "login.persona.org", true }, { "login.sapo.pt", true }, { "login.xero.com", false }, + { "login.yahoo.com", false }, { "lolicore.ch", true }, { "lookout.com", false }, { "lumi.do", false }, @@ -260,32 +355,47 @@ static const nsSTSPreload kSTSPreloadList[] = { { "mach-politik.ch", true }, { "mail.de", true }, { "mail.google.com", true }, + { "mail.yahoo.com", false }, { "mailbox.org", false }, { "makeyourlaws.org", true }, { "malnex.de", true }, + { "man3s.jp", true }, { "manage.zenpayroll.com", false }, { "manageprojects.com", true }, { "manager.linode.com", false }, { "mandala-ausmalbilder.de", true }, { "market.android.com", true }, { "markusueberallassetmanagement.de", true }, + { "matatall.com", true }, { "mathiasbynens.be", true }, + { "matteomarescotti.it", true }, { "mattmccutchen.net", true }, { "mbp.banking.co.at", false }, + { "md5file.com", true }, { "mediacru.sh", true }, { "medium.com", true }, { "mega.co.nz", false }, + { "meinebo.it", true }, { "members.mayfirst.org", false }, { "members.nearlyfreespeech.net", false }, + { "miasarafina.de", true }, { "mig5.net", true }, { "mikewest.org", true }, { "miku.hatsune.my", true }, + { "minez-nightswatch.com", true }, + { "minikneet.com", true }, + { "minnesotadata.com", true }, { "miskatonic.org", true }, + { "mkcert.org", true }, { "mnsure.org", true }, { "mobile.usaa.com", false }, { "mondwandler.de", true }, + { "mothereff.in", true }, + { "mountainmusicpromotions.com", true }, { "mountainroseherbs.com", true }, { "movlib.org", true }, + { "msc-seereisen.net", true }, + { "mths.be", true }, { "mudcrab.us", true }, { "munich-rage.de", true }, { "musicgamegalaxy.de", true }, @@ -293,25 +403,42 @@ static const nsSTSPreload kSTSPreloadList[] = { { "mwe.st", true }, { "my.onlime.ch", false }, { "my.xero.com", false }, + { "mygadgetguardian.lookout.com", false }, + { "mykreuzfahrt.de", true }, { "mylookout.com", false }, { "mynigma.org", true }, { "nachsenden.info", true }, { "neg9.org", false }, { "neilwynne.com", false }, + { "net-safe.info", true }, { "netzbit.de", true }, + { "newstarnootropics.com", true }, { "ng-security.com", true }, + { "nmctest.net", true }, { "npw.net", true }, + { "okmx.de", true }, + { "omitech.co.uk", true }, + { "onedot.nl", true }, { "onedrive.com", true }, { "onedrive.live.com", false }, { "oplop.appspot.com", true }, { "opsmate.com", false }, { "optimus.io", true }, + { "orbograph-hrcm.com", true }, + { "oscarvk.ch", true }, + { "osterkraenzchen.de", true }, + { "otakurepublic.com", true }, { "otakuworld.de", true }, { "oversight.io", true }, { "p.linode.com", false }, { "packagist.org", false }, { "pajonzeck.de", true }, { "palava.tv", true }, + { "parent5446.us", true }, + { "partyvan.eu", true }, + { "partyvan.it", true }, + { "partyvan.nl", true }, + { "partyvan.se", true }, { "passport.yandex.by", false }, { "passport.yandex.com", false }, { "passport.yandex.com.tr", false }, @@ -319,20 +446,29 @@ static const nsSTSPreload kSTSPreloadList[] = { { "passport.yandex.ru", false }, { "passport.yandex.ua", false }, { "passwd.io", true }, + { "password.codes", true }, + { "passwords.google.com", true }, { "paste.linode.com", false }, { "pastebin.linode.com", false }, + { "patt.us", true }, { "pay.gigahost.dk", true }, { "paymill.com", true }, { "paymill.de", true }, { "pdf.yt", true }, + { "peercraft.com", true }, { "picksin.club", true }, { "pierre-schmitz.com", true }, + { "pisidia.de", true }, { "pixi.me", true }, - { "play.google.com", false }, + { "play.google.com", true }, + { "plothost.com", true }, { "plus.google.com", false }, { "plus.sandbox.google.com", false }, { "portal.tirol.gv.at", true }, { "posteo.de", true }, + { "powerplannerapp.com", true }, + { "prakharprasad.com", true }, + { "prefontaine.name", true }, { "profiles.google.com", true }, { "projektzentrisch.de", true }, { "prowhisky.de", true }, @@ -342,10 +478,13 @@ static const nsSTSPreload kSTSPreloadList[] = { { "pypi.python.org", true }, { "python.org", false }, { "qetesh.de", true }, + { "quuz.org", true }, { "rad-route.de", true }, { "raiseyourflag.com", true }, + { "ravchat.com", true }, { "redports.org", true }, { "reedloden.com", true }, + { "reishunger.de", true }, { "reserve-online.net", true }, { "reviews.anime.my", true }, { "riccy.org", true }, @@ -353,66 +492,106 @@ static const nsSTSPreload kSTSPreloadList[] = { { "rippleunion.com", true }, { "roddis.net", false }, { "romab.com", true }, + { "room-checkin24.de", true }, { "rosenkeller.org", true }, { "roundcube.mayfirst.org", false }, + { "ru-sprachstudio.ch", true }, { "rws-vertriebsportal.de", true }, { "s-c.se", true }, { "sakaki.anime.my", true }, { "salaervergleich.com", true }, + { "sale4ru.ru", true }, + { "salserocafe.com", true }, + { "samizdat.cz", true }, { "sandbox.mydigipass.com", false }, + { "schachburg.de", true }, { "schokokeks.org", false }, + { "schreiber-netzwerk.eu", true }, { "schwarzer.it", true }, + { "sciencex.com", true }, + { "scotthelme.co.uk", true }, { "scrambl.is", true }, { "script.google.com", true }, { "sdsl-speedtest.de", true }, + { "securify.nl", true }, { "security-carpet.com", true }, { "security.google.com", true }, { "securityheaders.com", true }, { "secuvera.de", true }, { "seifried.org", true }, { "servethecity-karlsruhe.de", true }, + { "shaaaaaaaaaaaaa.com", true }, { "sherbers.de", true }, + { "shiinko.com", true }, + { "shipard.com", true }, { "shodan.io", true }, + { "shohruh.uz", false }, + { "shopontarget.com", true }, { "silentcircle.com", false }, { "simbolo.co.uk", false }, { "simple.com", false }, { "simpletax.ca", false }, { "simplystudio.com", true }, + { "siraweb.org", true }, { "sites.google.com", true }, { "skydrive.live.com", false }, + { "slattery.co", true }, + { "slidebatch.com", true }, + { "smartship.co.jp", true }, + { "southside-crew.com", true }, + { "spdysync.com", true }, + { "spideroak.com", true }, { "spreadsheets.google.com", true }, { "sprueche-zum-valentinstag.de", true }, { "sprueche-zur-geburt.info", true }, { "sprueche-zur-hochzeit.de", true }, { "sprueche-zur-konfirmation.de", true }, { "squareup.com", false }, + { "sro.center", true }, { "ssl.google-analytics.com", true }, + { "sslmate.com", true }, { "stage.wepay.com", false }, + { "standardssuck.org", true }, { "static.wepay.com", false }, { "stationary-traveller.eu", true }, + { "steventress.com", true }, { "stocktrade.de", false }, { "stripe.com", true }, { "strongest-privacy.com", true }, { "studydrive.net", true }, { "subrosa.io", true }, + { "suite73.org", true }, { "supplies24.at", true }, { "supplies24.es", true }, { "support.mayfirst.org", false }, { "surkatty.org", true }, + { "sylaps.com", true }, + { "sysctl.se", true }, + { "syss.de", true }, { "tageau.com", true }, { "talk.google.com", true }, { "talkgadget.google.com", true }, { "tatort-fanpage.de", true }, + { "tauchkater.de", true }, + { "tekshrek.com", true }, { "tent.io", true }, + { "testsuite.org", true }, { "texte-zur-taufe.de", true }, + { "thecustomizewindows.com", true }, { "thepaymentscompany.com", true }, { "therapynotes.com", false }, + { "theshadestore.com", true }, + { "thorncreek.net", false }, + { "tickopa.co.uk", true }, { "tinfoilsecurity.com", false }, { "tinte24.de", true }, { "tintenfix.net", true }, { "tipps-fuer-den-haushalt.de", true }, { "tittelbach.at", true }, + { "tno.io", true }, + { "tollmanz.com", true }, { "tomfisher.eu", true }, + { "tomvote.com", true }, { "toner24.at", true }, { "toner24.co.uk", true }, { "toner24.es", true }, @@ -430,8 +609,11 @@ static const nsSTSPreload kSTSPreloadList[] = { { "tonex.de", true }, { "tonex.nl", true }, { "torproject.org", false }, + { "toshnix.com", true }, { "translate.googleapis.com", true }, + { "translatoruk.co.uk", true }, { "trauertexte.info", true }, + { "tresorit.com", true }, { "tunebitfm.de", true }, { "twitter.com", false }, { "ub3rk1tten.com", true }, @@ -439,11 +621,16 @@ static const nsSTSPreload kSTSPreloadList[] = { { "ukrainians.ch", true }, { "unterfrankenclan.de", true }, { "usaa.com", false }, + { "uzstyle.com", false }, + { "vaddder.com", true }, + { "viasinc.com", false }, { "viennan.net", true }, { "vmoagents.com", false }, { "vocaloid.my", true }, + { "vortexhobbies.com", true }, { "w-spotlight.appspot.com", true }, { "wallet.google.com", true }, + { "warrencreative.com", false }, { "webandmore.de", true }, { "webcollect.org.uk", true }, { "webfilings-eu-mirror.appspot.com", true }, @@ -454,8 +641,10 @@ static const nsSTSPreload kSTSPreloadList[] = { { "webmail.onlime.ch", false }, { "webmail.schokokeks.org", false }, { "websenat.de", true }, + { "weggeweest.nl", true }, { "welches-kinderfahrrad.de", true }, { "wepay.com", false }, + { "wepay.in.th", true }, { "wf-bigsky-master.appspot.com", true }, { "wf-demo-eu.appspot.com", true }, { "wf-demo-hrd.appspot.com", true }, @@ -465,10 +654,15 @@ static const nsSTSPreload kSTSPreloadList[] = { { "wf-training-hrd.appspot.com", true }, { "wf-training-master.appspot.com", true }, { "wf-trial-hrd.appspot.com", true }, + { "whatwg.org", true }, + { "when-release.ru", true }, + { "wieninternational.at", true }, { "wiki.python.org", true }, { "wildbee.org", true }, + { "willnorris.com", true }, { "winhistory-forum.net", true }, { "writeapp.me", false }, + { "wubthecaptain.eu", true }, { "wunderlist.com", true }, { "www.aclu.org", false }, { "www.airbnb.com", true }, @@ -488,6 +682,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "www.gov.uk", false }, { "www.grc.com", false }, { "www.heliosnet.com", true }, + { "www.honeybadger.io", false }, { "www.intercom.io", false }, { "www.irccloud.com", false }, { "www.lastpass.com", false }, @@ -508,13 +703,17 @@ static const nsSTSPreload kSTSPreloadList[] = { { "www.torproject.org", false }, { "www.twitter.com", false }, { "www.usaa.com", false }, + { "www.viasinc.com", true }, { "www.wepay.com", false }, { "www.zenpayroll.com", false }, { "xbrlsuccess.appspot.com", true }, + { "xn--maraa-rta.org", true }, { "xps2pdf.co.uk", true }, { "y-o-w.com", true }, { "z.ai", true }, { "zenpayroll.com", false }, + { "zeplin.io", false }, { "zeropush.com", true }, + { "zixiao.wang", true }, { "zotero.org", true }, }; From 918c518e8b6b1909c59b5e38c05c2085d5b60dc2 Mon Sep 17 00:00:00 2001 From: ffxbld Date: Wed, 22 Oct 2014 14:02:48 -0700 Subject: [PATCH 19/19] No bug, Automated HPKP preload list update from host bld-linux64-spot-1094 - a=hpkp-update --- security/manager/boot/src/StaticHPKPins.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/manager/boot/src/StaticHPKPins.h b/security/manager/boot/src/StaticHPKPins.h index b055c0bad65c..f189e71dcfef 100644 --- a/security/manager/boot/src/StaticHPKPins.h +++ b/security/manager/boot/src/StaticHPKPins.h @@ -1040,9 +1040,10 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "media.mozilla.com", true, false, true, -1, &kPinset_mozilla }, { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom }, { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test }, { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN }, - { "play.google.com", false, false, false, -1, &kPinset_google_root_pems }, + { "play.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems }, @@ -1088,8 +1089,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems }, }; -// Pinning Preload List Length = 331; +// Pinning Preload List Length = 332; static const int32_t kUnknownId = -1; -static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1422094197058000); +static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1422478437605000);