Christoph Kerschbaumer
071f422450
Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking)
2016-01-14 12:38:15 -08:00
Christoph Kerschbaumer
238b5ed942
Bug 1208946 - Update tests for URI stripping in CSP reports (r=dveditz)
2016-01-14 12:37:15 -08:00
Christoph Kerschbaumer
3d4a5ddffa
Bug 1208946 - Strip URIs in CSP reports (r=dveditz)
2016-01-14 12:36:50 -08:00
Ben Kelly
0e30d8b611
Bug 1237455 P1 Make file_CrossSiteXHR_server.sjs check headers on redirects. r=ehsan
2016-01-19 13:54:14 -08:00
Christoph Kerschbaumer
18e28eaf42
Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking)
2016-01-19 09:10:50 -08:00
Nigel Babu
7089beabc7
Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage
...
--HG--
extra : commitid : ytS8fc4lFu
2016-01-14 08:04:37 +05:30
Christoph Kerschbaumer
c42851930c
Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking)
2016-01-13 15:51:43 -08:00
Andrew McCreight
9c67777407
Bug 1237799, part 2 - Use setTestPluginEnabledState in various tests. r=gfritzsche
...
This make these tests pass with e10s.
Also, add a missing open quote to test_bug827160.html.
2016-01-12 16:50:34 -08:00
Shu-yu Guo
1768759efb
Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm)
2016-01-06 16:02:16 -08:00
Ethan Tseng
caf218fa3e
Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb
2015-12-17 12:07:37 +08:00
Christoph Kerschbaumer
93de65860e
Bug 1223743 - Test CSP enforcement for multipart channels (r=sicking)
2015-12-14 10:06:47 -08:00
Bogdan Postelnicu
9811f5c2eb
Bug 1228497 - initialize 3 members in class. r=christophkerschbaumer
2015-12-10 00:33:00 +01:00
Jonas Sicking
0bb4231605
Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb
2015-12-06 18:33:15 -05:00
Jonas Sicking
f7193fdf30
Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly
2015-12-06 18:33:15 -05:00
Jonas Sicking
28de02f687
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-06 18:33:14 -05:00
Jonas Sicking
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d
Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout
2015-12-05 16:34:47 +01:00
Jonas Sicking
993136c2c9
Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb
2015-12-05 01:46:21 -08:00
Jonas Sicking
7fae3fd853
Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly
2015-12-05 01:46:20 -08:00
Jonas Sicking
ff12f48c5a
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-05 01:46:20 -08:00
Jonas Sicking
df33e62850
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-05 01:46:20 -08:00
Yury Delendik
5576308d8c
Bug 1218029 - Implements progressive Unicode chars decoding in nsScriptLoader. r=djvj
...
--HG--
extra : commitid : 4fqBUFXilM5
2015-11-30 08:54:52 -06:00
Yury Delendik
aeaf497a64
Bug 1218029 - Adds SRICheckDataVerifier for progressing data handling. r=francois
...
--HG--
extra : commitid : DLkHFWfJFxT
2015-11-30 08:54:40 -06:00
Yury Delendik
66199890c4
Bug 1218029 - Adds IncrementalStreamLoader interface stubs. r=djvj
...
--HG--
extra : commitid : J0UubFG9gvz
2015-11-30 08:54:11 -06:00
Christoph Kerschbaumer
20d9928a1b
Bug 1228116 - Relax Security checks for DTD loads. r=sicking
...
--HG--
extra : rebase_source : 53f2deeb44dd29dbb4d6f50a8435763cb07df8a1
2015-11-25 13:38:05 -08:00
sajitk
5fb2c53074
Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini
2015-11-23 11:09:25 -08:00
Ehsan Akhgari
76fa5db947
Bug 1210302 - Part 4: Add automated tests; r=sicking
2015-11-20 16:32:53 -05:00
Christoph Kerschbaumer
143b334dd4
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-20 10:55:54 -08:00
Christoph Kerschbaumer
d4843470df
Bug 1226324 - Do not use NS_ENSURCE_SUCCESS(rv, NS_OK) within nsContentSecurityManager. r=tanvi
2015-11-19 14:22:57 -08:00
Nigel Babu
ba8444d785
Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE
2015-11-19 14:26:33 +05:30
Christoph Kerschbaumer
ab10273998
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-18 19:23:28 -08:00
Andrea Marchesini
36e922b9b7
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 22:41:54 +00:00
Wes Kocher
9d1f194cbb
Backed out 2 changesets (bug 1218433) for wpt failures CLOSED TREE
...
Backed out changeset 1cc8cc0444c0 (bug 1218433)
Backed out changeset 5418ca0e0378 (bug 1218433)
--HG--
extra : commitid : H1h8VHrzxx8
2015-11-16 11:13:43 -08:00
Andrea Marchesini
76aba80dc5
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 16:57:29 +00:00
Sebastian Hengst
a0cf7d50ad
Backed out 2 changesets (22360424ed15, 325a67608df0) (bug 1218433) for W(1,2) failures. r=backout on a CLOSED TREE
...
Backed out changeset 22360424ed15 (bug 1218433)
Backed out changeset 325a67608df0 (bug 1218433)
2015-11-15 15:56:45 +01:00
Andrea Marchesini
3285721a07
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking
2015-11-15 11:57:22 +00:00
Christoph Kerschbaumer
c941fd4008
Bug 663570 - Test 5: doc.write(meta csp) (r=sicking)
2015-11-14 19:30:24 -08:00
Christoph Kerschbaumer
749afb19d4
Bug 663570 - Test 4: update referrer tests (r=sicking)
2015-11-14 19:30:16 -08:00
Christoph Kerschbaumer
74f7445a35
Bug 663570 - Test 3: update upgrade-insecure-requests tests (r=sicking)
2015-11-14 19:30:08 -08:00
Christoph Kerschbaumer
55d2e60a7e
Bug 663570 - Test 2: meta and header dual test (r=sicking)
2015-11-14 19:29:58 -08:00
Christoph Kerschbaumer
82df3d1b9b
Bug 663570 - Test 1: baseline tests (r=sicking)
2015-11-14 19:29:45 -08:00
Christoph Kerschbaumer
3bac30dca9
Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking)
2015-11-14 19:29:18 -08:00
Christoph Kerschbaumer
96f42dd458
Bug 663570 - MetaCSP Part 1: CSP parser changes (r=sicking)
2015-11-14 19:27:59 -08:00
Jonas Sicking
27c89ea082
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
...
--HG--
rename : dom/workers/test/serviceworkers/test_eval_not_allowed.html^headers^ => dom/workers/test/serviceworkers/test_eval_allowed.html^headers^
2015-11-10 21:16:12 -08:00
Wes Kocher
2e6d1e7dfb
Backed out changeset d12f758f5f36 (bug 1223647) for android csp test failures
...
--HG--
extra : commitid : GRTvvKDy9Ki
2015-11-11 14:27:52 -08:00
Jonas Sicking
ea6cf63b0f
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
Kit Cambridge
8431cd65cd
Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana
...
--HG--
extra : commitid : 6RrHT77kcOj
extra : rebase_source : b5b498cc266e2c1c97459ace3da3febbb6a34e65
2015-11-10 10:50:46 -08:00
Christoph Kerschbaumer
1873ead519
Bug 1219931 - CSP: Don't allow removing a policy (r=sicking)
2015-11-02 08:04:15 -08:00
Christoph Kerschbaumer
50588ca7c1
Bug 1188028 - Queue up CSP console messages till windowID is available (r=sicking)
2015-11-11 06:23:57 -08:00
Christoph Kerschbaumer
a876eba5c9
Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking)
2015-07-27 11:57:56 -07:00
Phil Ringnalda
b98d58e46d
Back out changeset 4d6d9c1e52e4 (bug 1223647) for failures in test_csp.html, csp/test_redirects.html and csp/test_worker_redirect.html
...
--HG--
extra : rebase_source : a4a53053968cfa19e6544dd3e59e36ef23fcf353
2015-11-10 23:10:04 -08:00
Jonas Sicking
426e42e7f9
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
Kate McKinley
00b9a85bd6
Bug 1045891
- Tests for child-src r=ckerschb
2015-11-09 16:42:26 +09:00
Kate McKinley
67f4155fe6
Bug 1045891
- CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
Carsten "Tomcat" Book
4d6f05d2f8
merge mozilla-inbound to mozilla-central a=merge
2015-11-09 14:55:30 +01:00
Gregor Wagner
96837db759
Bug 1222478 - Enable more mulet tests. r=gerard-majax
2015-11-06 20:01:45 +01:00
Andrea Marchesini
9d98f9a481
Bug 1215235 - Drop support for jar: URIs by default, r=bz
2015-11-04 11:19:02 +00:00
Jonas Sicking
c9e5049446
Bug 1213646: Allow URI_IS_UI_RESOURCE and safe about: URIs when SEC_ALLOW_CHROME is set. r=bz
2015-11-04 00:05:16 -08:00
Andrew McCreight
0d2779ef10
Bug 1222105 - Make test_report.html and test_blocked_uri_in_reports.html work with e10s. r=ckerschb
2015-11-06 16:03:03 -08:00
Paolo Amadini
0238bd1276
Bug 1221365 - Tests for "Is origin potentially trustworthy?" logic. r=ckerschb,bkelly
2015-11-06 11:10:08 -08:00
Matthew Noorenberghe
a0a2b249c4
Bug 1221365 - Move "Is origin potentially trustworthy?" logic outside ServiceWorkerManager.cpp. r=ckerschb,bkelly
2015-11-06 11:10:17 -08:00
Wes Kocher
f8ad8afb5a
Backed out 4 changesets (bug 1045891
) for b2g mochitest 7 failures
...
Backed out changeset c590b18c5885 (bug 1045891
)
Backed out changeset 14818a2329a4 (bug 1045891
)
Backed out changeset e44d41985fed (bug 1045891
)
Backed out changeset 781a76befe01 (bug 1045891
)
--HG--
extra : commitid : 77UlfZzjWcg
2015-11-06 09:36:49 -08:00
Kate McKinley
3b59b81c93
Bug 1045891
- CSP 2 child-src implementation. r=ckerschb
2015-10-28 16:32:27 -07:00
Kate McKinley
ad73bf4611
Bug 1045891
- Tests for child-src. r=ckerschb
2015-09-30 15:26:25 -07:00
Carsten "Tomcat" Book
30ff2fd956
Backed out changeset 26e162e72ae1 (bug 1045891
)
2015-11-02 10:37:52 +01:00
Carsten "Tomcat" Book
deb9310786
Backed out changeset 895c42544609 (bug 1045891
)
2015-11-02 10:37:51 +01:00
Kate McKinley
d4da8266d4
Bug 1045891
- CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
Kate McKinley
38bf8db214
Bug 1045891
- Tests for child-src r=ckerschb
2015-09-30 15:26:25 -07:00
Andrew McCreight
5981b92f78
Bug 1219842 - Enable a bunch of mochitest-plain tests under e10s. r=mrbkap
2015-10-31 06:26:44 -07:00
Makoto Kato
1929f6c7c4
Bug 1218315 - Replace NS_LITERAL_STRING(...).get() with MOZ_UTF16(...) on dom. r=nfroyd
2015-10-28 14:29:57 +09:00
Christoph Kerschbaumer
d4eaf0fdf6
Bug 1191645 - Use channel->asycnOpen2 in dom/base/nsSyncLoadService.cpp. r=sicking
2015-10-26 14:22:59 -07:00
Christoph Kerschbaumer
ddb2d645e5
Bug 1194526 - Use channel->asycnOpen2 in dom/base/nsScriptLoader.cpp (r=sicking)
2015-10-19 18:33:37 -07:00
Jonas Sicking
d3a92a7fa1
Bug 1195167 part 5: Make FetchDriver use AsyncOpen2. r=bkelly
2015-10-19 18:24:36 -07:00
Jonas Sicking
be2deca017
Bug 1195167 part 1: Let necko handle all protocols. r=bkelly
2015-10-19 18:24:36 -07:00
Jonas Sicking
cc10dd7ad3
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-19 11:14:54 -07:00
Jonas Sicking
4316c13003
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-19 11:14:54 -07:00
Christoph Kerschbaumer
643f27c257
Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz)
2015-10-18 19:59:18 -07:00
Christoph Kerschbaumer
733163ef2b
Bug 1208559 - Tests. r=bholley
2015-10-18 19:37:40 -07:00
Nathan Froyd
01583602a9
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
...
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout. The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.
CLOSED TREE makes big refactorings like this a piece of cake.
# The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
xargs perl -p -i -e '
s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
s/nsRefPtr ?</RefPtr</g; # handle declarations and variables
'
# Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h
# Handle nsRefPtr.h itself, a couple places that define constructors
# from nsRefPtr, and code generators specially. We do this here, rather
# than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
# things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
mfbt/nsRefPtr.h \
xpcom/glue/nsCOMPtr.h \
xpcom/base/OwningNonNull.h \
ipc/ipdl/ipdl/lower.py \
ipc/ipdl/ipdl/builtin.py \
dom/bindings/Codegen.py \
python/lldbutils/lldbutils/utils.py
# In our indiscriminate substitution above, we renamed
# nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'
if [ -d .git ]; then
git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
Wes Kocher
c2b3d9275b
Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors
...
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
2015-10-15 14:07:06 -07:00
Jonas Sicking
2578b19458
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-15 12:18:21 -07:00
Jonas Sicking
81a15a3362
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-15 12:18:20 -07:00
Ben Kelly
d803731730
Bug 1210413 P2 Test CORS credentials on cross-origin redirects. r=sicking a=dveditz
2015-10-07 14:33:31 -07:00
Francois Marier
5adc75d084
Bug 1208629 - Properly support data: and blob: URIs with an integrity atribute. r=ckerschb
2015-10-07 11:27:19 -07:00
Carsten "Tomcat" Book
08997000eb
Backed out 2 changesets (bug 1202902
) to recking bug 1202902
to be able to reopen inbound on a CLOSED TREE
...
Backed out changeset 647025383676 (bug 1202902
)
Backed out changeset d70c7fe532c6 (bug 1202902
)
2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d
Backed out 1 changesets (bug 1202902
) for causing merge conflicts to mozilla-central
...
Backed out changeset cfc1820361f5 (bug 1202902
)
--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6
Bug 1202902
- Scripted fix the world.
2015-10-06 14:00:31 -07:00
Ehsan Akhgari
48e01cb303
Tests for bug 1200869; r=sicking
2015-09-29 23:12:52 -04:00
Ehsan Akhgari
1b07208138
Tests for bug 1200856; r=sicking
2015-09-29 23:12:51 -04:00
Christoph Kerschbaumer
fda3fd3cbf
Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStylesheetCompiler.cpp (r=sicking)
2015-09-28 16:34:47 -07:00
Christoph Kerschbaumer
a28aacf667
Bug 1048048 - add preload content policy types - tests (r=dveditz)
...
CLOSED TREE
--HG--
extra : source : 02c6d6aef163530bafee0d39761f18ca3aa1f40c
extra : amend_source : bff4f1c8ed0fe42addb24774b8c6dd89fe2c7905
2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
f3e1d73e58
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
...
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
2015-09-20 14:56:34 -07:00
Wes Kocher
cd079d2bf9
Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE
...
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
2015-09-21 09:08:34 -07:00
Christoph Kerschbaumer
b2de9adb18
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
2015-09-20 14:56:34 -07:00
Christoph Kerschbaumer
47de316d52
Bug 1048048 - add preload content policy types - tests (r=dveditz)
2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
6d3847c487
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
...
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
Wes Kocher
8414be2356
Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
...
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer
b01fc3ad90
Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking)
2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer
796647f603
Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz)
2015-09-17 22:34:49 -07:00
Christoph Kerschbaumer
8001d76219
Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz)
2015-09-17 22:34:16 -07:00
Ehsan Akhgari
59c135c176
Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi
2015-09-16 19:15:30 -04:00
Chris Peterson
bfd0628cd5
Bug 1203234 - Re-enable -Wshadow warnings in /dom/security. r=ckerschb
2015-09-14 22:54:22 -07:00
Christoph Kerschbaumer
1e5ee64415
Bug 1195162
- Use channel->ascynOpen2 dom/xbl/nsXBLService.cpp (r=sicking)
2015-09-14 18:59:35 -07:00
Ehsan Akhgari
a4ac3ec0b4
Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell
...
--HG--
rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp
rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h
2015-09-12 19:20:52 -04:00
Michael Layzell
092e4a4b9e
Bug 1188932 - Allow the User-Agent header to be explicitly set by requests, r=bkelly, r=jgraham
2015-09-12 12:46:09 -04:00
Christoph Kerschbaumer
60c4905182
Bug 1069762 - CSP: blocked-uri in violation reports should not contain sensitive data - tests (r=sstamm)
2014-10-17 14:22:27 -07:00
Richard Barnes
cba82e6dbd
Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi
2015-09-09 15:14:27 -04:00
Francois Marier
14eac63103
Bug 1202027 - Make SRI require CORS loads for cross-origin resources. r=ckerschb
2015-09-09 00:11:38 -07:00
Francois Marier
e510ad6b31
Bug 1202015 - Better document the SRI strings for translators. r=ckerschb
2015-09-09 00:10:25 -07:00
Ehsan Akhgari
6ac40622c3
Bug 1201229 - Return an empty string for a header when an error occurs; r=dragana
...
This fixes nsIHttpChannel::GetRequestHeader() and
nsIHttpChannel::GetResponseHeader() to always empty out their string
argument even when they fail. This prevents programming mistakes of
passing the same string object to multiple of these calls and using the
string value without checking the nsresult error code, since otherwise
the string value may be unchanged from a previous call.
Note that this doesn't affect JS consumers of these APIs since we only
empty out the string argument in case the method fails, which will be
translated to a JS exception, and the JS code will never get to see the
emptied string.
2015-09-08 20:08:35 -04:00
Ehsan Akhgari
978f461b95
Bug 1200869 - Empty the header value for code hygiene; r=sicking
2015-09-02 19:53:35 -04:00
Ehsan Akhgari
a01e0f79fc
Bug 1200856 - Avoid the extra variable to make the string manipulation faster; r=sicking
2015-09-02 19:52:46 -04:00
Nicholas Nethercote
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
Kyle Huey
b930db3a55
Bug 1196592: Make retargeting Fetch to another thread actually work. r=nsm
...
--HG--
extra : rebase_source : 24801ef2546f6aa3d74b9193a104bb35e8103699
2015-08-28 13:49:07 -07:00
Christoph Kerschbaumer
a2daed5950
Bug 1198422 - CSP: Test fallback for nonce-src and hash-src (r=devitz)
2015-08-27 09:02:32 -07:00
Christoph Kerschbaumer
0500c010b8
Bug 1198422 - CSP: Allow nonce to load if default-src is not specified in second policy (r=dveditz)
2015-08-25 16:11:04 -07:00
Ehsan Akhgari
1dda7b7d34
Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm
2015-08-25 21:43:40 -04:00
Francois Marier
f04275bd0b
Bug 1196740 - Consider redirects when looking for SRI-eligibility. r=ckerschb
...
--HG--
rename : dom/security/test/sri/iframe_style_sameorigin.html => dom/security/test/sri/iframe_style_crossdomain.html
rename : dom/security/test/sri/script_crossdomain4.js => dom/security/test/sri/script_crossdomain5.js
rename : dom/security/test/sri/style1.css => dom/security/test/sri/style_301.css
rename : dom/security/test/sri/test_style_sameorigin.html => dom/security/test/sri/test_style_crossdomain.html
2015-08-25 13:38:39 -07:00
Christoph Kerschbaumer
be38f76461
Bug 1096724 - Update csp/test_base-uri to rely on postmessage instead of observers. r=dveditz
2015-08-18 11:42:43 -07:00
Ryan VanderMeulen
ec860a87f6
No bug - Use the correct requestLongerTimeout syntax. a=bustage
2015-08-18 12:53:55 -04:00
Ryan VanderMeulen
210ad6260a
No bug - Request a longer timeout for test_CrossSiteXHR_origin.html due to teetering on the edge of timing out on B2G debug.
2015-08-18 10:39:17 -04:00
Francois Marier
a196b8ef35
Bug 1195572 - Enable -Wformat-security in DOM::Security. r=ckerschb
2015-08-17 21:48:07 -07:00
Tanvi Vyas
550a74f51e
Bug 1182551 - HTTP top level page with HTTPS mixed passive frame should have STATE_IS_INSECURE. r=ttaubert
2015-08-13 17:13:51 -07:00
Tanvi Vyas
aa87627fac
Bug 1182551 - Don't set STATE_IS_BROKEN on HTTP pages when mixed content is allowed by default. r=smaug
2015-08-13 17:13:43 -07:00
Christoph Kerschbaumer
dad90516d6
Bug 1192955 - Use channel->ascynOpen2 for PING in docshell/base/nsDocShell.cpp (r=sicking)
2015-08-13 08:53:28 -07:00
Francois Marier
2a4ad76933
Bug 992096 - Implement Sub Resource Integrity [2/2]. r=ckerschb
...
Mochitests
2015-08-12 20:19:16 -07:00
Francois Marier
34de332db0
Bug 992096 - Implement Sub Resource Integrity [1/2]. r=baku,r=ckerschb
...
Code changes
2015-08-12 20:19:11 -07:00
Christoph Kerschbaumer
4b7d4aaed5
Bug 1187165 - Use channel->ascynOpen2 in dom/base/ImportManager (r=sicking)
2015-08-10 10:25:20 -07:00
Christoph Kerschbaumer
b7e53859ad
Bug 1182544 - Use channel->ascynOpen2 in dom/xml/XMLDocument.cpp (r=sicking)
2015-08-10 10:19:08 -07:00
Blake Kaplan
9b31f6bcfe
Bug 661604 - Re-enable this test because it works now. rs=wchen and try
2015-08-06 10:35:49 -07:00
Christoph Kerschbaumer
5dfe6ac07d
Bug 1188637 - Use channel->ascynOpen2 in dom/base/EventSource.cpp (r=sicking)
2015-08-04 20:06:19 -07:00
Christoph Kerschbaumer
221df08158
Bug 1182543 - Use channel->ascynOpen2 in dom/plugins/base/nsPluginHost.cpp (r=sicking)
2015-08-04 20:05:37 -07:00
Carsten "Tomcat" Book
57a966656a
merge mozilla-inbound to mozilla-central a=merge
2015-08-04 13:01:07 +02:00
Tanvi Vyas
87164ced3c
Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug
2015-08-03 15:25:21 -07:00
Christoph Kerschbaumer
f7e2152921
Bug 1096724 - Fix intermittent test_base-uri.html failures. r=ryanvm
2015-07-29 14:16:37 -07:00
Christoph Kerschbaumer
5d6e8c751f
Bug 1152574 - Do not report aborted XHR requests in web console (r=sicking)
2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer
f75b477899
Bug 1182539 - Use channel->ascynOpen2 in dom/base/nsDocument.cpp (r=sicking)
2015-07-31 08:58:14 -07:00
Christoph Kerschbaumer
90fee9adce
Bug 1182537 - Use channel->ascynOpen2 in dom/security/nsCORSListenerProxy (r=sicking)
2015-07-30 08:59:20 -07:00
Christoph Kerschbaumer
8f5542d747
Bug 1182537 - Use channel->ascynOpen2 in dom/base/Navigator.cpp (r=sicking,bz)
2015-07-27 20:39:17 -07:00
Marcos Caceres
2465cf3a99
Bug 1171200 - Add means of checking if a document links to a manifest. r=billm
...
--HG--
rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm
rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm
rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-30 11:56:12 -04:00
Carsten "Tomcat" Book
401a15426c
Backed out changeset 4b328a6f7448 (bug 1171200) for frequent asan m1 test failures on a CLOSED TREE
...
--HG--
rename : dom/manifest/ImageObjectProcessor.jsm => dom/manifest/ImageObjectProcessor.js
rename : dom/manifest/ManifestProcessor.jsm => dom/manifest/ManifestProcessor.js
rename : dom/manifest/ValueExtractor.jsm => dom/manifest/ValueExtractor.js
extra : amend_source : 0a9fc98e1c76d4ede43714bac63bba8b43efe5d7
2015-07-30 15:11:48 +02:00
Marcos Caceres
79d86a6353
Bug 1171200 - Add means of checking if a document links to a manifest. r=billm
...
--HG--
rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm
rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm
rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-29 16:58:00 +02:00
Francois Marier
7080a1190a
Bug 1187711 - Restrict -Wshadow to gcc and clang. r=KWierso CLOSED TREE
2015-07-27 17:12:58 -07:00
Francois Marier
5556697f0b
Bug 1187711 - Enable -Wshadow in DOM::Security. r=ckerschb
2015-07-27 16:14:56 -07:00
Christoph Kerschbaumer
9d66aa4b3b
Bug 1182540 - Use channel->ascynOpen2 in dom/html/HTMLTrackElement.cpp (r=sicking)
2015-07-25 10:29:22 -07:00
Josh Matthews
4130ff6d80
Bug 1186589
- Ensure CORS preflight requests are never intercepted. r=sicking
2015-07-23 10:25:12 -04:00
Christoph Kerschbaumer
25bee46b21
Bug 1173708 - Fix intermittent test_inlinescript error. r=dveditz
...
--HG--
rename : dom/security/test/csp/file_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript.html
2015-07-20 11:25:24 -07:00
Carsten "Tomcat" Book
f821af7776
Backed out changeset cc377dd50503 (bug 1152574) for causing memory leaks on a CLOSED TREE
...
--HG--
extra : rebase_source : 819a2a12c3fd9adb5a756292a287288efbdc01a3
2015-07-21 11:50:45 +02:00
Christoph Kerschbaumer
6b484e43cd
Bug 1152574 - Do not report aborted XHR requests in web console. r=sicking
2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer
bab1940d4a
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi)
2015-07-19 19:12:11 -07:00