Commit Graph

340 Commits

Author SHA1 Message Date
Christoph Kerschbaumer
071f422450 Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-14 12:38:15 -08:00
Christoph Kerschbaumer
238b5ed942 Bug 1208946 - Update tests for URI stripping in CSP reports (r=dveditz) 2016-01-14 12:37:15 -08:00
Christoph Kerschbaumer
3d4a5ddffa Bug 1208946 - Strip URIs in CSP reports (r=dveditz) 2016-01-14 12:36:50 -08:00
Ben Kelly
0e30d8b611 Bug 1237455 P1 Make file_CrossSiteXHR_server.sjs check headers on redirects. r=ehsan 2016-01-19 13:54:14 -08:00
Christoph Kerschbaumer
18e28eaf42 Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking) 2016-01-19 09:10:50 -08:00
Nigel Babu
7089beabc7 Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage
--HG--
extra : commitid : ytS8fc4lFu
2016-01-14 08:04:37 +05:30
Christoph Kerschbaumer
c42851930c Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-13 15:51:43 -08:00
Andrew McCreight
9c67777407 Bug 1237799, part 2 - Use setTestPluginEnabledState in various tests. r=gfritzsche
This make these tests pass with e10s.

Also, add a missing open quote to test_bug827160.html.
2016-01-12 16:50:34 -08:00
Shu-yu Guo
1768759efb Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm) 2016-01-06 16:02:16 -08:00
Ethan Tseng
caf218fa3e Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb 2015-12-17 12:07:37 +08:00
Christoph Kerschbaumer
93de65860e Bug 1223743 - Test CSP enforcement for multipart channels (r=sicking) 2015-12-14 10:06:47 -08:00
Bogdan Postelnicu
9811f5c2eb Bug 1228497 - initialize 3 members in class. r=christophkerschbaumer 2015-12-10 00:33:00 +01:00
Jonas Sicking
0bb4231605 Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb 2015-12-06 18:33:15 -05:00
Jonas Sicking
f7193fdf30 Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly 2015-12-06 18:33:15 -05:00
Jonas Sicking
28de02f687 Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb 2015-12-06 18:33:14 -05:00
Jonas Sicking
6cc5074df0 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout 2015-12-05 16:34:47 +01:00
Jonas Sicking
993136c2c9 Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb 2015-12-05 01:46:21 -08:00
Jonas Sicking
7fae3fd853 Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly 2015-12-05 01:46:20 -08:00
Jonas Sicking
ff12f48c5a Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb 2015-12-05 01:46:20 -08:00
Jonas Sicking
df33e62850 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-05 01:46:20 -08:00
Yury Delendik
5576308d8c Bug 1218029 - Implements progressive Unicode chars decoding in nsScriptLoader. r=djvj
--HG--
extra : commitid : 4fqBUFXilM5
2015-11-30 08:54:52 -06:00
Yury Delendik
aeaf497a64 Bug 1218029 - Adds SRICheckDataVerifier for progressing data handling. r=francois
--HG--
extra : commitid : DLkHFWfJFxT
2015-11-30 08:54:40 -06:00
Yury Delendik
66199890c4 Bug 1218029 - Adds IncrementalStreamLoader interface stubs. r=djvj
--HG--
extra : commitid : J0UubFG9gvz
2015-11-30 08:54:11 -06:00
Christoph Kerschbaumer
20d9928a1b Bug 1228116 - Relax Security checks for DTD loads. r=sicking
--HG--
extra : rebase_source : 53f2deeb44dd29dbb4d6f50a8435763cb07df8a1
2015-11-25 13:38:05 -08:00
sajitk
5fb2c53074 Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini 2015-11-23 11:09:25 -08:00
Ehsan Akhgari
76fa5db947 Bug 1210302 - Part 4: Add automated tests; r=sicking 2015-11-20 16:32:53 -05:00
Christoph Kerschbaumer
143b334dd4 Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz) 2015-11-20 10:55:54 -08:00
Christoph Kerschbaumer
d4843470df Bug 1226324 - Do not use NS_ENSURCE_SUCCESS(rv, NS_OK) within nsContentSecurityManager. r=tanvi 2015-11-19 14:22:57 -08:00
Nigel Babu
ba8444d785 Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE 2015-11-19 14:26:33 +05:30
Christoph Kerschbaumer
ab10273998 Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz) 2015-11-18 19:23:28 -08:00
Andrea Marchesini
36e922b9b7 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger 2015-11-16 22:41:54 +00:00
Wes Kocher
9d1f194cbb Backed out 2 changesets (bug 1218433) for wpt failures CLOSED TREE
Backed out changeset 1cc8cc0444c0 (bug 1218433)
Backed out changeset 5418ca0e0378 (bug 1218433)

--HG--
extra : commitid : H1h8VHrzxx8
2015-11-16 11:13:43 -08:00
Andrea Marchesini
76aba80dc5 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger 2015-11-16 16:57:29 +00:00
Sebastian Hengst
a0cf7d50ad Backed out 2 changesets (22360424ed15, 325a67608df0) (bug 1218433) for W(1,2) failures. r=backout on a CLOSED TREE
Backed out changeset 22360424ed15 (bug 1218433)
Backed out changeset 325a67608df0 (bug 1218433)
2015-11-15 15:56:45 +01:00
Andrea Marchesini
3285721a07 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking 2015-11-15 11:57:22 +00:00
Christoph Kerschbaumer
c941fd4008 Bug 663570 - Test 5: doc.write(meta csp) (r=sicking) 2015-11-14 19:30:24 -08:00
Christoph Kerschbaumer
749afb19d4 Bug 663570 - Test 4: update referrer tests (r=sicking) 2015-11-14 19:30:16 -08:00
Christoph Kerschbaumer
74f7445a35 Bug 663570 - Test 3: update upgrade-insecure-requests tests (r=sicking) 2015-11-14 19:30:08 -08:00
Christoph Kerschbaumer
55d2e60a7e Bug 663570 - Test 2: meta and header dual test (r=sicking) 2015-11-14 19:29:58 -08:00
Christoph Kerschbaumer
82df3d1b9b Bug 663570 - Test 1: baseline tests (r=sicking) 2015-11-14 19:29:45 -08:00
Christoph Kerschbaumer
3bac30dca9 Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking) 2015-11-14 19:29:18 -08:00
Christoph Kerschbaumer
96f42dd458 Bug 663570 - MetaCSP Part 1: CSP parser changes (r=sicking) 2015-11-14 19:27:59 -08:00
Jonas Sicking
27c89ea082 Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
--HG--
rename : dom/workers/test/serviceworkers/test_eval_not_allowed.html^headers^ => dom/workers/test/serviceworkers/test_eval_allowed.html^headers^
2015-11-10 21:16:12 -08:00
Wes Kocher
2e6d1e7dfb Backed out changeset d12f758f5f36 (bug 1223647) for android csp test failures
--HG--
extra : commitid : GRTvvKDy9Ki
2015-11-11 14:27:52 -08:00
Jonas Sicking
ea6cf63b0f Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb 2015-11-10 21:16:12 -08:00
Kit Cambridge
8431cd65cd Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana
--HG--
extra : commitid : 6RrHT77kcOj
extra : rebase_source : b5b498cc266e2c1c97459ace3da3febbb6a34e65
2015-11-10 10:50:46 -08:00
Christoph Kerschbaumer
1873ead519 Bug 1219931 - CSP: Don't allow removing a policy (r=sicking) 2015-11-02 08:04:15 -08:00
Christoph Kerschbaumer
50588ca7c1 Bug 1188028 - Queue up CSP console messages till windowID is available (r=sicking) 2015-11-11 06:23:57 -08:00
Christoph Kerschbaumer
a876eba5c9 Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking) 2015-07-27 11:57:56 -07:00
Phil Ringnalda
b98d58e46d Back out changeset 4d6d9c1e52e4 (bug 1223647) for failures in test_csp.html, csp/test_redirects.html and csp/test_worker_redirect.html
--HG--
extra : rebase_source : a4a53053968cfa19e6544dd3e59e36ef23fcf353
2015-11-10 23:10:04 -08:00
Jonas Sicking
426e42e7f9 Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb 2015-11-10 21:16:12 -08:00
Kate McKinley
00b9a85bd6 Bug 1045891 - Tests for child-src r=ckerschb 2015-11-09 16:42:26 +09:00
Kate McKinley
67f4155fe6 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Carsten "Tomcat" Book
4d6f05d2f8 merge mozilla-inbound to mozilla-central a=merge 2015-11-09 14:55:30 +01:00
Gregor Wagner
96837db759 Bug 1222478 - Enable more mulet tests. r=gerard-majax 2015-11-06 20:01:45 +01:00
Andrea Marchesini
9d98f9a481 Bug 1215235 - Drop support for jar: URIs by default, r=bz 2015-11-04 11:19:02 +00:00
Jonas Sicking
c9e5049446 Bug 1213646: Allow URI_IS_UI_RESOURCE and safe about: URIs when SEC_ALLOW_CHROME is set. r=bz 2015-11-04 00:05:16 -08:00
Andrew McCreight
0d2779ef10 Bug 1222105 - Make test_report.html and test_blocked_uri_in_reports.html work with e10s. r=ckerschb 2015-11-06 16:03:03 -08:00
Paolo Amadini
0238bd1276 Bug 1221365 - Tests for "Is origin potentially trustworthy?" logic. r=ckerschb,bkelly 2015-11-06 11:10:08 -08:00
Matthew Noorenberghe
a0a2b249c4 Bug 1221365 - Move "Is origin potentially trustworthy?" logic outside ServiceWorkerManager.cpp. r=ckerschb,bkelly 2015-11-06 11:10:17 -08:00
Wes Kocher
f8ad8afb5a Backed out 4 changesets (bug 1045891) for b2g mochitest 7 failures
Backed out changeset c590b18c5885 (bug 1045891)
Backed out changeset 14818a2329a4 (bug 1045891)
Backed out changeset e44d41985fed (bug 1045891)
Backed out changeset 781a76befe01 (bug 1045891)

--HG--
extra : commitid : 77UlfZzjWcg
2015-11-06 09:36:49 -08:00
Kate McKinley
3b59b81c93 Bug 1045891 - CSP 2 child-src implementation. r=ckerschb 2015-10-28 16:32:27 -07:00
Kate McKinley
ad73bf4611 Bug 1045891 - Tests for child-src. r=ckerschb 2015-09-30 15:26:25 -07:00
Carsten "Tomcat" Book
30ff2fd956 Backed out changeset 26e162e72ae1 (bug 1045891) 2015-11-02 10:37:52 +01:00
Carsten "Tomcat" Book
deb9310786 Backed out changeset 895c42544609 (bug 1045891) 2015-11-02 10:37:51 +01:00
Kate McKinley
d4da8266d4 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Kate McKinley
38bf8db214 Bug 1045891 - Tests for child-src r=ckerschb 2015-09-30 15:26:25 -07:00
Andrew McCreight
5981b92f78 Bug 1219842 - Enable a bunch of mochitest-plain tests under e10s. r=mrbkap 2015-10-31 06:26:44 -07:00
Makoto Kato
1929f6c7c4 Bug 1218315 - Replace NS_LITERAL_STRING(...).get() with MOZ_UTF16(...) on dom. r=nfroyd 2015-10-28 14:29:57 +09:00
Christoph Kerschbaumer
d4eaf0fdf6 Bug 1191645 - Use channel->asycnOpen2 in dom/base/nsSyncLoadService.cpp. r=sicking 2015-10-26 14:22:59 -07:00
Christoph Kerschbaumer
ddb2d645e5 Bug 1194526 - Use channel->asycnOpen2 in dom/base/nsScriptLoader.cpp (r=sicking) 2015-10-19 18:33:37 -07:00
Jonas Sicking
d3a92a7fa1 Bug 1195167 part 5: Make FetchDriver use AsyncOpen2. r=bkelly 2015-10-19 18:24:36 -07:00
Jonas Sicking
be2deca017 Bug 1195167 part 1: Let necko handle all protocols. r=bkelly 2015-10-19 18:24:36 -07:00
Jonas Sicking
cc10dd7ad3 Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan 2015-10-19 11:14:54 -07:00
Jonas Sicking
4316c13003 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-19 11:14:54 -07:00
Christoph Kerschbaumer
643f27c257 Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz) 2015-10-18 19:59:18 -07:00
Christoph Kerschbaumer
733163ef2b Bug 1208559 - Tests. r=bholley 2015-10-18 19:37:40 -07:00
Nathan Froyd
01583602a9 Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout.  The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.

CLOSED TREE makes big refactorings like this a piece of cake.

 # The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    xargs perl -p -i -e '
 s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
 s/nsRefPtr ?</RefPtr</g;   # handle declarations and variables
'

 # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h

 # Handle nsRefPtr.h itself, a couple places that define constructors
 # from nsRefPtr, and code generators specially.  We do this here, rather
 # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
 # things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
     mfbt/nsRefPtr.h \
     xpcom/glue/nsCOMPtr.h \
     xpcom/base/OwningNonNull.h \
     ipc/ipdl/ipdl/lower.py \
     ipc/ipdl/ipdl/builtin.py \
     dom/bindings/Codegen.py \
     python/lldbutils/lldbutils/utils.py

 # In our indiscriminate substitution above, we renamed
 # nsRefPtrGetterAddRefs, the class behind getter_AddRefs.  Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
    xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'

if [ -d .git ]; then
    git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
    hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi

--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
Wes Kocher
c2b3d9275b Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
2015-10-15 14:07:06 -07:00
Jonas Sicking
2578b19458 Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan 2015-10-15 12:18:21 -07:00
Jonas Sicking
81a15a3362 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-15 12:18:20 -07:00
Ben Kelly
d803731730 Bug 1210413 P2 Test CORS credentials on cross-origin redirects. r=sicking a=dveditz 2015-10-07 14:33:31 -07:00
Francois Marier
5adc75d084 Bug 1208629 - Properly support data: and blob: URIs with an integrity atribute. r=ckerschb 2015-10-07 11:27:19 -07:00
Carsten "Tomcat" Book
08997000eb Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE
Backed out changeset 647025383676 (bug 1202902)
Backed out changeset d70c7fe532c6 (bug 1202902)
2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central
Backed out changeset cfc1820361f5 (bug 1202902)

--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6 Bug 1202902 - Scripted fix the world. 2015-10-06 14:00:31 -07:00
Ehsan Akhgari
48e01cb303 Tests for bug 1200869; r=sicking 2015-09-29 23:12:52 -04:00
Ehsan Akhgari
1b07208138 Tests for bug 1200856; r=sicking 2015-09-29 23:12:51 -04:00
Christoph Kerschbaumer
fda3fd3cbf Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStylesheetCompiler.cpp (r=sicking) 2015-09-28 16:34:47 -07:00
Christoph Kerschbaumer
a28aacf667 Bug 1048048 - add preload content policy types - tests (r=dveditz)
CLOSED TREE

--HG--
extra : source : 02c6d6aef163530bafee0d39761f18ca3aa1f40c
extra : amend_source : bff4f1c8ed0fe42addb24774b8c6dd89fe2c7905
2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
f3e1d73e58 Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
2015-09-20 14:56:34 -07:00
Wes Kocher
cd079d2bf9 Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
2015-09-21 09:08:34 -07:00
Christoph Kerschbaumer
b2de9adb18 Bug 1048048 - add preload content policy types - csp changes (r=dveditz) 2015-09-20 14:56:34 -07:00
Christoph Kerschbaumer
47de316d52 Bug 1048048 - add preload content policy types - tests (r=dveditz) 2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
6d3847c487 Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
Wes Kocher
8414be2356 Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer
b01fc3ad90 Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking) 2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer
796647f603 Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz) 2015-09-17 22:34:49 -07:00
Christoph Kerschbaumer
8001d76219 Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz) 2015-09-17 22:34:16 -07:00
Ehsan Akhgari
59c135c176 Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi 2015-09-16 19:15:30 -04:00
Chris Peterson
bfd0628cd5 Bug 1203234 - Re-enable -Wshadow warnings in /dom/security. r=ckerschb 2015-09-14 22:54:22 -07:00
Christoph Kerschbaumer
1e5ee64415 Bug 1195162 - Use channel->ascynOpen2 dom/xbl/nsXBLService.cpp (r=sicking) 2015-09-14 18:59:35 -07:00
Ehsan Akhgari
a4ac3ec0b4 Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell
--HG--
rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp
rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h
2015-09-12 19:20:52 -04:00
Michael Layzell
092e4a4b9e Bug 1188932 - Allow the User-Agent header to be explicitly set by requests, r=bkelly, r=jgraham 2015-09-12 12:46:09 -04:00
Christoph Kerschbaumer
60c4905182 Bug 1069762 - CSP: blocked-uri in violation reports should not contain sensitive data - tests (r=sstamm) 2014-10-17 14:22:27 -07:00
Richard Barnes
cba82e6dbd Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi 2015-09-09 15:14:27 -04:00
Francois Marier
14eac63103 Bug 1202027 - Make SRI require CORS loads for cross-origin resources. r=ckerschb 2015-09-09 00:11:38 -07:00
Francois Marier
e510ad6b31 Bug 1202015 - Better document the SRI strings for translators. r=ckerschb 2015-09-09 00:10:25 -07:00
Ehsan Akhgari
6ac40622c3 Bug 1201229 - Return an empty string for a header when an error occurs; r=dragana
This fixes nsIHttpChannel::GetRequestHeader() and
nsIHttpChannel::GetResponseHeader() to always empty out their string
argument even when they fail.  This prevents programming mistakes of
passing the same string object to multiple of these calls and using the
string value without checking the nsresult error code, since otherwise
the string value may be unchanged from a previous call.

Note that this doesn't affect JS consumers of these APIs since we only
empty out the string argument in case the method fails, which will be
translated to a JS exception, and the JS code will never get to see the
emptied string.
2015-09-08 20:08:35 -04:00
Ehsan Akhgari
978f461b95 Bug 1200869 - Empty the header value for code hygiene; r=sicking 2015-09-02 19:53:35 -04:00
Ehsan Akhgari
a01e0f79fc Bug 1200856 - Avoid the extra variable to make the string manipulation faster; r=sicking 2015-09-02 19:52:46 -04:00
Nicholas Nethercote
f44287005f Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.

--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
Kyle Huey
b930db3a55 Bug 1196592: Make retargeting Fetch to another thread actually work. r=nsm
--HG--
extra : rebase_source : 24801ef2546f6aa3d74b9193a104bb35e8103699
2015-08-28 13:49:07 -07:00
Christoph Kerschbaumer
a2daed5950 Bug 1198422 - CSP: Test fallback for nonce-src and hash-src (r=devitz) 2015-08-27 09:02:32 -07:00
Christoph Kerschbaumer
0500c010b8 Bug 1198422 - CSP: Allow nonce to load if default-src is not specified in second policy (r=dveditz) 2015-08-25 16:11:04 -07:00
Ehsan Akhgari
1dda7b7d34 Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm 2015-08-25 21:43:40 -04:00
Francois Marier
f04275bd0b Bug 1196740 - Consider redirects when looking for SRI-eligibility. r=ckerschb
--HG--
rename : dom/security/test/sri/iframe_style_sameorigin.html => dom/security/test/sri/iframe_style_crossdomain.html
rename : dom/security/test/sri/script_crossdomain4.js => dom/security/test/sri/script_crossdomain5.js
rename : dom/security/test/sri/style1.css => dom/security/test/sri/style_301.css
rename : dom/security/test/sri/test_style_sameorigin.html => dom/security/test/sri/test_style_crossdomain.html
2015-08-25 13:38:39 -07:00
Christoph Kerschbaumer
be38f76461 Bug 1096724 - Update csp/test_base-uri to rely on postmessage instead of observers. r=dveditz 2015-08-18 11:42:43 -07:00
Ryan VanderMeulen
ec860a87f6 No bug - Use the correct requestLongerTimeout syntax. a=bustage 2015-08-18 12:53:55 -04:00
Ryan VanderMeulen
210ad6260a No bug - Request a longer timeout for test_CrossSiteXHR_origin.html due to teetering on the edge of timing out on B2G debug. 2015-08-18 10:39:17 -04:00
Francois Marier
a196b8ef35 Bug 1195572 - Enable -Wformat-security in DOM::Security. r=ckerschb 2015-08-17 21:48:07 -07:00
Tanvi Vyas
550a74f51e Bug 1182551 - HTTP top level page with HTTPS mixed passive frame should have STATE_IS_INSECURE. r=ttaubert 2015-08-13 17:13:51 -07:00
Tanvi Vyas
aa87627fac Bug 1182551 - Don't set STATE_IS_BROKEN on HTTP pages when mixed content is allowed by default. r=smaug 2015-08-13 17:13:43 -07:00
Christoph Kerschbaumer
dad90516d6 Bug 1192955 - Use channel->ascynOpen2 for PING in docshell/base/nsDocShell.cpp (r=sicking) 2015-08-13 08:53:28 -07:00
Francois Marier
2a4ad76933 Bug 992096 - Implement Sub Resource Integrity [2/2]. r=ckerschb
Mochitests
2015-08-12 20:19:16 -07:00
Francois Marier
34de332db0 Bug 992096 - Implement Sub Resource Integrity [1/2]. r=baku,r=ckerschb
Code changes
2015-08-12 20:19:11 -07:00
Christoph Kerschbaumer
4b7d4aaed5 Bug 1187165 - Use channel->ascynOpen2 in dom/base/ImportManager (r=sicking) 2015-08-10 10:25:20 -07:00
Christoph Kerschbaumer
b7e53859ad Bug 1182544 - Use channel->ascynOpen2 in dom/xml/XMLDocument.cpp (r=sicking) 2015-08-10 10:19:08 -07:00
Blake Kaplan
9b31f6bcfe Bug 661604 - Re-enable this test because it works now. rs=wchen and try 2015-08-06 10:35:49 -07:00
Christoph Kerschbaumer
5dfe6ac07d Bug 1188637 - Use channel->ascynOpen2 in dom/base/EventSource.cpp (r=sicking) 2015-08-04 20:06:19 -07:00
Christoph Kerschbaumer
221df08158 Bug 1182543 - Use channel->ascynOpen2 in dom/plugins/base/nsPluginHost.cpp (r=sicking) 2015-08-04 20:05:37 -07:00
Carsten "Tomcat" Book
57a966656a merge mozilla-inbound to mozilla-central a=merge 2015-08-04 13:01:07 +02:00
Tanvi Vyas
87164ced3c Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug 2015-08-03 15:25:21 -07:00
Christoph Kerschbaumer
f7e2152921 Bug 1096724 - Fix intermittent test_base-uri.html failures. r=ryanvm 2015-07-29 14:16:37 -07:00
Christoph Kerschbaumer
5d6e8c751f Bug 1152574 - Do not report aborted XHR requests in web console (r=sicking) 2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer
f75b477899 Bug 1182539 - Use channel->ascynOpen2 in dom/base/nsDocument.cpp (r=sicking) 2015-07-31 08:58:14 -07:00
Christoph Kerschbaumer
90fee9adce Bug 1182537 - Use channel->ascynOpen2 in dom/security/nsCORSListenerProxy (r=sicking) 2015-07-30 08:59:20 -07:00
Christoph Kerschbaumer
8f5542d747 Bug 1182537 - Use channel->ascynOpen2 in dom/base/Navigator.cpp (r=sicking,bz) 2015-07-27 20:39:17 -07:00
Marcos Caceres
2465cf3a99 Bug 1171200 - Add means of checking if a document links to a manifest. r=billm
--HG--
rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm
rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm
rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-30 11:56:12 -04:00
Carsten "Tomcat" Book
401a15426c Backed out changeset 4b328a6f7448 (bug 1171200) for frequent asan m1 test failures on a CLOSED TREE
--HG--
rename : dom/manifest/ImageObjectProcessor.jsm => dom/manifest/ImageObjectProcessor.js
rename : dom/manifest/ManifestProcessor.jsm => dom/manifest/ManifestProcessor.js
rename : dom/manifest/ValueExtractor.jsm => dom/manifest/ValueExtractor.js
extra : amend_source : 0a9fc98e1c76d4ede43714bac63bba8b43efe5d7
2015-07-30 15:11:48 +02:00
Marcos Caceres
79d86a6353 Bug 1171200 - Add means of checking if a document links to a manifest. r=billm
--HG--
rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm
rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm
rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-29 16:58:00 +02:00
Francois Marier
7080a1190a Bug 1187711 - Restrict -Wshadow to gcc and clang. r=KWierso CLOSED TREE 2015-07-27 17:12:58 -07:00
Francois Marier
5556697f0b Bug 1187711 - Enable -Wshadow in DOM::Security. r=ckerschb 2015-07-27 16:14:56 -07:00
Christoph Kerschbaumer
9d66aa4b3b Bug 1182540 - Use channel->ascynOpen2 in dom/html/HTMLTrackElement.cpp (r=sicking) 2015-07-25 10:29:22 -07:00
Josh Matthews
4130ff6d80 Bug 1186589 - Ensure CORS preflight requests are never intercepted. r=sicking 2015-07-23 10:25:12 -04:00
Christoph Kerschbaumer
25bee46b21 Bug 1173708 - Fix intermittent test_inlinescript error. r=dveditz
--HG--
rename : dom/security/test/csp/file_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript.html
2015-07-20 11:25:24 -07:00
Carsten "Tomcat" Book
f821af7776 Backed out changeset cc377dd50503 (bug 1152574) for causing memory leaks on a CLOSED TREE
--HG--
extra : rebase_source : 819a2a12c3fd9adb5a756292a287288efbdc01a3
2015-07-21 11:50:45 +02:00
Christoph Kerschbaumer
6b484e43cd Bug 1152574 - Do not report aborted XHR requests in web console. r=sicking 2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer
bab1940d4a Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-19 19:12:11 -07:00