Commit Graph

1519 Commits

Author SHA1 Message Date
Boris Zbarsky
dc120449d2 Bug 1275698. Get rid of nsScriptSecurityManager::ScriptAllowed and replace it with xpc::Scriptability::Get(obj).Allowed() for better performance and less indirection. r=khuey 2016-05-27 20:26:56 -04:00
Boris Zbarsky
4ec7cc4fc1 Bug 1276138. Remove the current/safe JSContext getters from nsScriptSecurityManager. r=mrbkap 2016-05-27 13:28:14 -04:00
Chris Peterson
e343bcae34 Bug 1274415 - Fix -Wshadow warnings in caps/ directory. r=dveditz
caps/BasePrincipal.cpp:562:28 [-Wshadow] declaration shadows a local variable
caps/nsScriptSecurityManager.cpp:675:18 [-Wshadow] declaration shadows a local variable
caps/nsScriptSecurityManager.cpp:854:14 [-Wshadow] declaration shadows a local variable
2016-05-19 01:04:46 -07:00
Christoph Kerschbaumer
d7757bf8dd Bug 1273364 - Trying to set a CSP on a SystemPrincipal should return NS_ERROR (r=njn) 2016-05-21 19:36:24 +02:00
Joel Maher
b6788df19c Bug 1067022 - add expected assertion on windows for test_bug995943.xul. r=RyanVM
MozReview-Commit-ID: 3cg9fQgorhG

--HG--
extra : rebase_source : 76c75b2fab084240c33eab1311ebb6c8f7b9f856
2016-05-16 06:47:59 -04:00
Chris Peterson
353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Andrea Marchesini
487efd0283 Bug 1270679 - Ensure blob URLs are only accessible within the same usercontextId, r=bz 2016-05-11 19:53:13 +02:00
Jonathan Watt
73ea9dd190 Bug 1162772, part 3 - Add a getChannelResultPrincipalIfNotSandboxed method to nsIScriptSecurityManager. r=bz
MozReview-Commit-ID: 4QwM1y6wRb
2016-04-28 11:13:09 +01:00
Sebastian Hengst
bec59714da Backed out changeset c32539fd746a (bug 1162772) 2016-04-30 09:54:01 +02:00
Jonathan Watt
c40b7e121f Bug 1162772, part 3 - Add a getChannelResultPrincipalIfNotSandboxed method to nsIScriptSecurityManager. r=bz
MozReview-Commit-ID: 4QwM1y6wRb
2016-04-28 11:13:09 +01:00
Yoshi Huang
ba1bb72568 Bug 1263496 - Part 3: fix for nsNullPrincipal::Create
This fixed the locations listed by
http://searchfox.org/mozilla-central/search?q=nsNullPrincipal::Create(&redirect=true
that needs to inherit origin attributes.
2016-04-27 18:38:07 +08:00
Yoshi Huang
7ae2e09f40 Bug 1263496 - Part 2: fix for NS_NULLPRINCIPAL_CONTRACTID. r=bholley
This fixed the locations listed by
http://searchfox.org/mozilla-central/search?q=NS_NULLPRINCIPAL_CONTRACTID&redirect=true
2016-04-27 18:38:03 +08:00
Kris Maglione
6d36833e42 Bug 1254194: Apply a content security policy to all WebExtension documents. r=gabor
MozReview-Commit-ID: HsFFbWdq00b

--HG--
extra : rebase_source : 07e4b6ec8c32f696d5b5987091ffc5ebde2c3061
extra : histedit_source : 20983fe6a9590d7f410276fac248c3d2f711caaa
2016-04-23 20:56:56 -07:00
Kris Maglione
623a4f8665 Bug 1254194: [webext] Allow extensions to register custom content security policies. r=billm f=aswan
MozReview-Commit-ID: 8L6ZsyDjIpf

--HG--
extra : rebase_source : b6ccbcf849b0e7db835d14a0ba9de588c0188869
extra : histedit_source : 7f966c1d821641fc3551dc4c508f5ce8f990d5a3%2Cafa5697b301620119147292745a2007961907fa8
2016-04-23 21:29:15 -07:00
Kris Maglione
cc1c10dbae Bug 1254194: Add a validator for custom add-on content security policies. r=billm f=aswan
MozReview-Commit-ID: LtBbXBCFc32

--HG--
extra : rebase_source : 1da81c92a1ffb75df071d1b32ff04b7d1a9b905a
2016-04-23 20:41:14 -07:00
Tanvi Vyas
c73e96a53d Bug 1105556 - Call Create(originAttributes) when loadinfo->loadingPrincipal is null, instead of CreatePrincipalWithInheritedAttributes(). r=sicking 2016-04-13 16:30:22 -07:00
Dave Huseby
c01e63f1a5 Bug 1238177 - fix extension content needs to use the correct user context id origin attribute. r=sicking
(HEAD -> oa, refs/patches/oa/Bug_1238177)
Fixes Bug 1238177 -- extension content needs to use the correct user context id origin attribute
2016-04-04 12:20:00 +02:00
Chris Manchester
f7a1b3fb60 Bug 1242051 - Add inter-directory test support file dependencies to ini manifests. r=gps
Previously, every test and support file would be synced to the objdir
when running any test. Now that only those support files and tests requested
are synced, we note support files required beyond those in a test's
directory in ini manifests.

MozReview-Commit-ID: EmlDz9d4lqt
2016-04-04 14:56:52 -07:00
Carsten "Tomcat" Book
394034a83e Backed out changeset 0519406b6e57 (bug 1238177) for eslint test failures 2016-04-03 09:30:03 +02:00
Dave Huseby
32251ddc37 Bug 1238177 - Extension content needs to use the correct user context id origin attribute. r=bholley
--HG--
extra : amend_source : f8d3bb6f6b1426ac73669491b651900614f6461c
2016-04-02 13:14:00 -04:00
Dave Huseby
b9cbf42ad8 Bug 1237479 -- nsScriptSecurityManager needs to use the correct user context id in the origin attributes in a few places. r=sicking 2016-04-01 22:36:00 -04:00
Matthew Wein
9c7f3d9e91 Bug 1185773 - Enable the moz-extension mochitest on android. r=kmag
MozReview-Commit-ID: ICxmwE1BI8A

--HG--
extra : transplant_source : %9B%BDd%0B%18%EC9Y%09%B9%25k%3F%9924%F2AaW
2016-03-28 10:04:59 -07:00
Benjamin Bouvier
70202e15a1 Bug 1251308; r=luke
MozReview-Commit-ID: AqsMX4m7Qh9

--HG--
extra : rebase_source : 519aef2cf8c0bb39771d4589069e8fd1a06970c3
2016-03-09 11:20:11 +01:00
Mike Hommey
fed1d8ce2b Bug 1254906 - Change the annotation on JSPrincipals::dump's definition to match that of its declaration. r=bz
The current discrepancy works because gecko and js don't actually agree
on the meaning of JS_EXPORT_API and JS_PUBLIC_API, but moving the
configure flags that incluences their meaning is going to make them
agree, and that adds a fatal warning when building nsJSPrincipals.cpp
because of the discrepancy.
2016-03-11 09:38:28 +09:00
J. Ryan Stinnett
798c13a0fa Bug 1238160 - Test frame principal when toggling isolation. r=bz
Test frame principals in different configurations to verify the new isolated
attribute works as expected.

MozReview-Commit-ID: CQNRo2bK9iU
2016-03-02 10:35:56 -06:00
J. Ryan Stinnett
95f8000ac8 Bug 1238160 - Add assertions in non-desktop code paths. r=bz,fabrice
Several code paths try to ask the principal if it's in a browser element, but
the principal now only knows about *isolated* browser elements.  All such code
paths are currently unused on desktop.  The frame loader now asserts that
isolation remains enabled for cases where apps are used.

MozReview-Commit-ID: 775DZecc35t
2016-03-02 10:35:56 -06:00
J. Ryan Stinnett
2a55d065b7 Bug 1238160 - Rename OriginAttributes.mInBrowser and associated methods. r=bz,mayhemer
This change renames OriginAttributes.mInBrowser to mInIsolatedMozBrowser and
nsIPrincipal::GetIsInBrowserElement to GetIsInIsolatedMozBrowserElement.  Other
methods that pass these values around also have name changes.

Tokens such as "inBrowser" have previously been serialized into cache keys, used
as DB column names, stored in app registries, etc.  No changes are made to any
serialization formats.  Only runtime method and variable names are updated.

No behavior changes are made in this patch, so some renamed methods may have
nonsensical implementations.  These are corrected in subsequent patches
focused on behavior.

MozReview-Commit-ID: 66HfMlsXFLs
2016-03-02 10:35:56 -06:00
Dave Huseby
4fdeeb7cf9 Bug 1229222 - tests for bug 1229222. r=sicking
(HEAD -> oa, refs/patches/oa/Bug_1229222_Tests)
Tests Bug 1229222

--HG--
extra : rebase_source : baf12ec8819e0e82b7d6f7cf4975636172d98eb6
2016-02-29 12:27:00 +01:00
Dave Huseby
0c0cf070cf Bug 1229222 - add chromeutils for the creation of origin attributes with the correct default values. r=sicking
(HEAD -> oa, refs/patches/oa/Bug_1229222)
Fixes Bug 1229222

--HG--
extra : rebase_source : 299742335452d5b5ac3cf25a3bd2d71ec655049f
2016-02-29 12:26:00 +01:00
Boris Zbarsky
87574e4920 Bug 1251311. JS::DescribeScriptedCaller can't throw JS exceptions. Adjust some callers accordingly. r=khuey 2016-02-26 15:23:13 -05:00
Carsten "Tomcat" Book
9164177faa Backed out changeset 736daf4b4a56 (bug 1229222) for bc6 test failures in browser_339445.js 2016-02-19 15:56:27 +01:00
Dave Huseby
4f029016db Bug 1229222 - tests bug 1229222. r=sicking
(HEAD -> oa, refs/patches/oa/Bug_1229222_Tests)
Tests Bug 1229222
2016-02-17 12:19:00 +01:00
Bill McCloskey
d70c91802b Bug 1210099 - Fix structured clone of expanded principal (r=bholley) 2016-02-04 22:30:21 -08:00
Yoshi Huang
be5bd39145 Bug 1240651 - Annotate addonId into crash report (r=bholley) 2016-02-01 16:05:53 -08:00
Gijs Kruitbosch
ef04fd0f90 Bug 1172165 - check all nested URI schemes in CAPS. Make view-source dangerous to load, and about: URIs use per-URI flags so they keep working, r=bz
Also, add an opt-out for crashtest/reftest for the view-source thing so they don't all break, r=bz

--HG--
extra : commitid : 8NqvmbphSgh
extra : rebase_source : bbe0b6f11a77d7e6241a5733931d9baa95bb3fed
2015-12-11 08:06:41 -05:00
Henry Chang
b02a011eef Bug 1211590 - Inherits OriginAttributes from loading principal for GetChannelURIPrincipal. r=sicking 2016-01-13 05:30:00 +01:00
Luke Wagner
72ea23c63e Bug 1239601 - improve the UniquePtr situation (r=jandem)
--HG--
extra : commitid : JegWAoGsuQ9
extra : rebase_source : 995c1b6ab8e4fd3b83c44741cd84a2d7b0d934d7
2016-01-15 18:26:20 -06:00
Christoph Kerschbaumer
fecee7be59 Bug 1224694 - Unify and clean up initialization of CSP (r=sicking) 2016-01-14 13:21:31 -08:00
Nigel Babu
ccbf22eae8 Backed out changeset f001a01c85d7 (bug 1224694) for browser-chrome bustage on a CLOSED TREE
--HG--
extra : commitid : 5BUjoFsY8bv
2016-01-14 08:04:50 +05:30
Christoph Kerschbaumer
86457169b6 Bug 1224694 - Unify and clean up initialization of CSP (r=sicking) 2016-01-13 15:51:30 -08:00
Blake Kaplan
5749c2ed94 Bug 1237141 - Make this test pass in e10s. r=felipe
--HG--
extra : rebase_source : e9aad0388bea8401c08f137357ca10720622bc05
2016-01-07 10:28:27 -08:00
Andrea Marchesini
a365470b87 Bug 1235657 - Session storage needs to handle origin attributes correctly - part 1 - createOriginAttributesWithUserContextId, r=huseby 2016-01-06 10:08:30 +00:00
Honza Bambas
a0a6f7e23c Bug 1165214 - Use OriginAttributes in DOM Storage. r=smaug, r=bholley
--HG--
extra : rebase_source : b63ddb5a24a335f771a856cd20c69cdeb0c92ca0
2016-01-05 07:25:00 -05:00
Jonas Sicking
6cc5074df0 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout 2015-12-05 16:34:47 +01:00
Jonas Sicking
df33e62850 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-05 01:46:20 -08:00
Yoshi Huang
4b500464f5 Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking. 2015-11-03 09:50:54 +08:00
Christoph Kerschbaumer
b967444f19 Bug 663570 - MetaCSP Part 2: Principal changes (r=bz) 2015-11-14 19:28:23 -08:00
Christoph Kerschbaumer
a876eba5c9 Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking) 2015-07-27 11:57:56 -07:00
Gijs Kruitbosch
f1d4d15e39 Bug 1210703 - followup: fix test file used in caps and fix assertions to have actual/expected value in the right order, rs=bustage on a CLOSED TREE
--HG--
extra : commitid : 29mAEwGdSuM
2015-11-09 19:10:23 +00:00