Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 17:25:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
689,112 Commits 615 Branches 98 Tags 5.9 GiB
3bdc45bf22
Commit Graph

1445 Commits

Author SHA1 Message Date
Tom Ritter
20a474798e Bug 1582512 - Fixup: correct filemode 
Differential Revision: https://phabricator.services.mozilla.com/D53974

--HG--
extra : moz-landing-system : lando
 2019-11-20 16:11:58 +00:00
Tom Ritter
571911416d Bug 1582512 - Add in exception cases where we disable the javascript load restrictions r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D53245

--HG--
extra : moz-landing-system : lando
 2019-11-20 16:11:58 +00:00
Tom Ritter
52b85ecf29 Bug 1582512 - Record a Telemetry Event if we receive a request to load a script filename we aren't expecting r=chutten 
While we're here, we also extend the collection period for evalUsage, as it is taking longer to deploy than expected.

Differential Revision: https://phabricator.services.mozilla.com/D53233

--HG--
extra : moz-landing-system : lando
 2019-11-19 16:10:51 +00:00
Tom Ritter
7ce42ac1ac Bug 1582512 - Rename FilenameToEvalType to FilenameToFilenameType r=Gijs,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D53232

--HG--
extra : moz-landing-system : lando
 2019-11-18 20:44:56 +00:00
Tom Ritter
035192e513 Bug 1582512 - Rename FilenameType to FilenameTypeAndDetails r=Gijs,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D53231

--HG--
extra : moz-landing-system : lando
 2019-11-18 20:44:48 +00:00
Tom Ritter
e7037fe85f Bug 1582512 - Register a ScriptValidationCallback to examine script loads in the parent process r=Gijs,ckerschb 
Additionally, we disable validation on PAC scripts.

Differential Revision: https://phabricator.services.mozilla.com/D46500

--HG--
extra : moz-landing-system : lando
 2019-11-19 13:04:00 +00:00
Kashav Madan
de916ceae2 Bug 1595183 - Unskip tests that are failing cleanly or no longer timing out, r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D53090

--HG--
extra : moz-landing-system : lando
 2019-11-19 03:44:07 +00:00
Ehsan Akhgari
30cf316b38 Bug 1595934 - Make nsICookieManager cookie enumerators return Array<nsICookie> instead of nsISimpleEnumerator; r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D52761

--HG--
extra : moz-landing-system : lando
 2019-11-17 07:21:14 +00:00
Tom Ritter
4d04d9e9fa Bug 1596421 - Disable eval restrictions if the web extension process is disabled r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D53026

--HG--
extra : moz-landing-system : lando
 2019-11-15 15:36:42 +00:00
Christoph Kerschbaumer
515d2c1cdb Bug 1595762: Make type object loads subject to CSP frame ancestors. r=jkt,annevk 
Differential Revision: https://phabricator.services.mozilla.com/D52806

--HG--
extra : moz-landing-system : lando
 2019-11-13 14:52:55 +00:00
Sebastian Streich
0ccaa6de78 Bug 1591932 - Enable Sniffing on No Mime+ XCTO nosniff r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50816

--HG--
extra : moz-landing-system : lando
 2019-11-13 12:12:34 +00:00
Sebastian Streich
4829a03b44 Bug 1595541 - enable test_same_site_cookies_laxByDefault with fission r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D52552

--HG--
extra : moz-landing-system : lando
 2019-11-12 07:50:25 +00:00
Tom Ritter
525cd2f1c2 Bug 1592321 - Collect a sanitized path for files doing eval() on Windows in the same manner as untrusted modules r=aklotz 
Differential Revision: https://phabricator.services.mozilla.com/D50957

--HG--
extra : moz-landing-system : lando
 2019-11-11 15:39:21 +00:00
Matt Woodrow
936025ce74 Bug 1594166 - Dont do nsContentSecurityManager checks for internal redirects. r=baku,ckerschb 
We fail this during test_invalid_mime_type_blob.html when using DocumentChannel for blobs without this.
DocumentChannelChild reports an internal redirect as it replaces itself with the real channel (BlobURLChannel), and we fail the CheckLoadURIWithPrincipal checks.

The old channel has a null principal (due to being a sandboxed iframe), and we compare that to the blob principal computed from the URI, which is a normal content principal.

Differential Revision: https://phabricator.services.mozilla.com/D51905

--HG--
extra : moz-landing-system : lando
 2019-11-07 19:13:59 +00:00
Christoph Kerschbaumer
28d322dce6 Bug 1593321: Ignore XFO on channels that will be redirected. r=jkt,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D51988

--HG--
extra : moz-landing-system : lando
 2019-11-06 12:53:46 +00:00
Sebastian Streich
799a5345a7 Bug 1585000 - Enable Samesite Cookies for Fission r=ckerschb,farre 
Differential Revision: https://phabricator.services.mozilla.com/D49424

--HG--
extra : moz-landing-system : lando
 2019-11-05 09:39:13 +00:00
Christoph Kerschbaumer
e8e2dc31b7 Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh,flod 
Differential Revision: https://phabricator.services.mozilla.com/D50588

--HG--
extra : moz-landing-system : lando
 2019-10-31 08:28:35 +00:00
Kashav Madan
c39158719d Bug 1582531 - Update fission annotations for tests that pass, r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D50507

--HG--
extra : moz-landing-system : lando
 2019-10-30 21:51:22 +00:00
Razvan Maries
dc147d06b0 Backed out changeset 5f185a11889b (bug 1584998) for perma fails on browser_bug593387.js. CLOSED TREE 2019-10-30 23:26:01 +02:00
Christoph Kerschbaumer
36376205fb Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh 
Differential Revision: https://phabricator.services.mozilla.com/D50588

--HG--
extra : moz-landing-system : lando
 2019-10-30 17:54:36 +00:00
Daniel Varga
617d42c7ed Backed out changeset ac8f6632f7e0 (bug 1584998) on request by dev. On a CLOSED TREE 2019-10-30 19:33:29 +02:00
Thomas Nguyen
ac066415f5 Bug 1586684 - Rewrite test_navigate_to.html to pass when fission enable r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D51096

--HG--
extra : moz-landing-system : lando
 2019-10-30 17:14:56 +00:00
Christoph Kerschbaumer
9c55479432 Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh 
Differential Revision: https://phabricator.services.mozilla.com/D50588

--HG--
extra : moz-landing-system : lando
 2019-10-30 14:47:19 +00:00
Tom Ritter
1d804e6a9a Bug 1584602 - Enforce eval restrictions in Workers and do not enforce restrictions in Release r=ckerschb 
This commit does two things. Firstly it enforces eval restrictions in Workers per Bug 1584602.
We're collecting telemetry on these in Beta (and not seeing any) so we can let enforcement ride up to Beta.

Secondly, it disables enforcement checks on Release (and late Beta, as explained in the comment) until
we can gather data about what's happening in Release. This is a counterpart to Bug 1592349 for -central.

We have two separate commits because the first part of this is a change in the same code and we'd have
rebase problems if we tried to do them both separately.

This does tie enforcement to a build-time constant instead of leaving it as a pref. This doesn't make
me very happy inside, but I don't think the extra complexity is worth it...

Differential Revision: https://phabricator.services.mozilla.com/D50970

--HG--
extra : moz-landing-system : lando
 2019-10-30 15:21:57 +00:00
Christoph Kerschbaumer
3ae6cda13c Bug 1557712: Fix intermittent test failure for test_frameancestors_userpass.html. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D51071

--HG--
extra : moz-landing-system : lando
 2019-10-30 10:24:00 +00:00
Tom Ritter
d72a6eb2f3 Bug 1588816 - Remove userChrome.css case since XBL is dead in Nightly r=bgrins 
Differential Revision: https://phabricator.services.mozilla.com/D50964

--HG--
extra : moz-landing-system : lando
 2019-10-29 17:10:59 +00:00
Christoph Kerschbaumer
8f2c346f91 Bug 1557712: Fix intermittent test failure for test_frameancestors_userpass.html. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D50907

--HG--
extra : moz-landing-system : lando
 2019-10-29 09:23:57 +00:00
Thomas Nguyen
feddf115a9 Bug 1590321 - Rewrite browser_test_referrer_loadInOtherProcess.js to work with fission enabled r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50570

--HG--
extra : moz-landing-system : lando
 2019-10-28 09:44:30 +00:00
kriswright
10581910fe Bug 1591226 - Convert network.http.referer.defaultPolicy.* to static prefs r=njn 
Converts network.http.referer.defaultPolicy, network.http.referer.defaultPolicy.trackers, network.http.referer.defaultPolicy.pbmode, and network.http.referer.defaultPolicy.trackers.pbmode to static prefs and updates the uses of their old mirror values.

Differential Revision: https://phabricator.services.mozilla.com/D50541

--HG--
extra : moz-landing-system : lando
 2019-10-25 19:13:19 +00:00
kriswright
87eaba1b18 Bug 1591226 - Convert network.http.referer.XOriginTrimmingPolicy to static pref. r=njn 
Converts network.http.referer.XOriginTrimmingPolicy to a static pref. Leverages do_not_use_directly and a getter to clamp the pref value.

Differential Revision: https://phabricator.services.mozilla.com/D50540

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:55:12 +00:00
kriswright
22476a1d9e Bug 1591226 - Convert network.http.referer.trimmingPolicy to static pref. r=njn 
Converts network.http.referer.trimmingPolicy and leverages do_not_use_directly with a getter to clamp the value.

Differential Revision: https://phabricator.services.mozilla.com/D50539

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:53:08 +00:00
kriswright
45ce89e55d Bug 1591226 - Convert network.http.referer.XOriginPolicy to static pref. r=njn 
Converts network.http.referer.XOriginPolicy to a static pref and leverages 'do_not_use_directly' and a getter in order to clamp the value.

Differential Revision: https://phabricator.services.mozilla.com/D50537

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:52:05 +00:00
kriswright
23017ea284 Bug 1591226 - Convert network.http.referer.referrerLengthLimit to static pref. r=njn 
Converts network.http.referer.referrerLengthLimit to a static pref and replaces its mirror variable.

Differential Revision: https://phabricator.services.mozilla.com/D50536

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:25:38 +00:00
kriswright
be277687fd Bug 1591226 - Convert network.http.sendRefererHeader to a static pref. r=njn 
Converts network.http.sendRefererHeader to a static pref. The original mirror variable was clamped between 0 and 2, so the pref has been updated with DoNotUseDirectly and a getter.

Differential Revision: https://phabricator.services.mozilla.com/D50535

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:20:39 +00:00
kriswright
9ac026787f Bug 1591226 - Convert network.http.referer.hideOnionSource to a static pref. r=njn 
Converts network.http.referer.hideOnionSource to a static pref and removes its mirror variable and varcache pref definition.

Differential Revision: https://phabricator.services.mozilla.com/D50534

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:16:29 +00:00
kriswright
f634517db3 Bug 1591226 - Convert network.http.referer.spoofSource to static pref. r=njn 
Converts network.http.referer.spoofSource to a static pref and removes the varcache instance and mirror variable.

Differential Revision: https://phabricator.services.mozilla.com/D50533

--HG--
extra : moz-landing-system : lando
 2019-10-25 04:15:11 +00:00
Sebastian Streich
07e8abd797 Bug 1590322 - Enable Cache-Split-Test with fission r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50476

--HG--
extra : moz-landing-system : lando
 2019-10-24 14:50:06 +00:00
Thomas Nguyen
cf2f2ec008 Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre 
Differential Revision: https://phabricator.services.mozilla.com/D48825

--HG--
extra : moz-landing-system : lando
 2019-10-23 19:39:00 +00:00
Christoph Kerschbaumer
be72bce5f7 Bug 1590777: Add Null check for referrerinfo within ParseCSPAndEnforceFrameAncestorCheck. r=tnguyen 
Differential Revision: https://phabricator.services.mozilla.com/D50239

--HG--
extra : moz-landing-system : lando
 2019-10-23 15:21:48 +00:00
Christoph Kerschbaumer
a9ab8a0285 Bug 1590784: Move GetHttpChannelHelper into nsContentSecurityUtils. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D50238

--HG--
extra : moz-landing-system : lando
 2019-10-23 15:17:21 +00:00
Razvan Maries
7fb625f8cf Backed out changeset ae33b9c001e5 (bug 1580462) for build bustages on nsWindow.cpp. CLOSED TREE 2019-10-23 11:07:00 +03:00
Thomas Nguyen
a220530f6b Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre 
Differential Revision: https://phabricator.services.mozilla.com/D48825

--HG--
extra : moz-landing-system : lando
 2019-10-22 14:36:00 +00:00
Sebastian Streich
f4b2f14328 Bug 1585664 - Add GetAsciiSpecForLogging and update callers r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47909

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:03:27 +00:00
Sebastian Streich
14d2d23a81 Bug 1590318 - Make browser_test_FTP_console_warning.js fission ready r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50075

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:20:11 +00:00
Sebastian Streich
a2f3e00d0d Bug 1583553 - Make browser_CORS-console-warnings.js fission ready r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50080

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:20:09 +00:00
Christoph Kerschbaumer
61c17da3e9 Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49147

--HG--
extra : moz-landing-system : lando
 2019-10-22 10:57:43 +00:00
Bogdan Tara
e1b6bc2222 Backed out changeset 8705284b50d4 (bug 1584993) for test_report_uri_missing_in_report_only_header.html failures CLOSED TREE 2019-10-22 13:25:49 +03:00
Christoph Kerschbaumer
2d974555d2 Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49147

--HG--
extra : moz-landing-system : lando
 2019-10-22 08:53:47 +00:00
Christoph Kerschbaumer
f5cd986818 Bug 1583044: Make nsMozIconURI serializeable. r=valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49442

--HG--
extra : moz-landing-system : lando
 2019-10-21 14:16:49 +00:00
Razvan Maries
f1b8926d68 Backed out changeset fb8fb91d2a96 (bug 1583044) for causing perma fails on test_DownloadUtils.js and reftests. CLOSED TREE 2019-10-18 15:25:07 +03:00
Christoph Kerschbaumer
89195abaf2 Bug 1583044: Make nsMozIconURI serializeable. r=valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49442

--HG--
extra : moz-landing-system : lando
 2019-10-18 10:49:55 +00:00
Christoph Kerschbaumer
ecf163cc61 Bug 1587417: Add about:logo to allowlist of CSP assertion. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D48703

--HG--
extra : moz-landing-system : lando
 2019-10-09 13:33:15 +00:00
Tom Ritter
23ba7b6fe3 Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku 
This patch does several things.  Because Workers aren't on the main thread,
many of the things done are in the name of off main thread access.

1) Changes a parameter in IsEvalAllowed from a nsIPrincipal to a bool.
   We only used the principal to determined if it was the System Principal.
   Principals aren't thread safe and can only be accessed on Main Thread, so
   if we passed a Principal in, we would be in error. Instead only pass in
   the bool which - for workers - comes from a thread-safe location.

2) Separates out the Telemetry Event Recording and sending a message to the
   console into a new function nsContentSecurityUtils::NotifyEvalUsage. (And
   creates a runnable that calls it.)

   We do this because we will need to only call this method on the main thread.

   Telemetry Event Recording has only ever been called on the Main Thread.
   While I possibly-successfully cut it over to happen Off Main Thread (OMT)
   by porting preferences to StaticPrefs, I don't know if there were other
   threading assumptions in the Telemetry Code. So it would be much safer to
   just continue recording Event Telemetry on the main thread.

   Sending a message to the console requires calling GetStringBundleService()
   which requires main thread. I didn't investigate if this could be made
   thread-safe, I just threw it onto the main thread too.

   If, in IsEvalAllowed, we are on the main thread - we call NotifyEvalUsage
   directly. If we are not, we create a runnable which will then call
   NotifyEvalUsage for us on the main thread.

3) Ports allow_eval_with_system_principal and allow_eval_in_parent_process
   from bools to RelaxedAtomicBool - because we now check these prefs OMT.

4) In RuntimeService.cpp, adds the call to IsEvalAllowed.

5) Add resource://gre/modules/workers/require.js to the allowlist of eval
   usage. This was the script that identified this gap in the first place.
   It uses eval (twice) for structural reasons (scope and line number
   massaging.)  The contents of the eval are the result of a request to a
   uri (which may be internal, like resource://). The whole point of this
   is to implement a CommonJS require() api.

   This usage of eval is safe because the only way an attacker can inject
   into it is by either controlling the response of the uri request or
   controlling (or appending to) the argument. If they can do that, they
   are able to inject script into Firefox even if we cut this usage of eval
   over to some other type of safe(r) script loader.

   Bug 1584564 tracks making sure calls to require.js are safe.

6) Adds cld-worker.js to the allowlist. Bug 1584605 is for refactoring that
   eval usage, which is decidedly non-trivial.

7) Does _not_ enforce the eval restrictions for workers. While I've gotten
   try to be green and not throw up any instances of eval-usage by workers,
   it is much safer to deploy this is Telemetry-only mode for Workers for
   a little bit to see if anything pops up from the Nightly population.

   Bug 1584602 is for enforcing the checks.

Differential Revision: https://phabricator.services.mozilla.com/D47480

--HG--
extra : moz-landing-system : lando
 2019-10-08 17:31:35 +00:00
Sebastian Streich
ceace3f3aa Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
***

Use Window.opener in test

Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-07 12:05:36 +00:00
Sylvestre Ledru
f12b9fa5c3 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D47737

--HG--
extra : moz-landing-system : lando
 2019-10-06 18:29:55 +00:00
Jonathan Kingston
e7760ef29c Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47888

--HG--
extra : moz-landing-system : lando
 2019-10-02 11:17:28 +00:00
Oana Pop Rus
ee3312ea5b Backed out changeset 7978f68a5355 (bug 1585055) for multiple mochitest-plain-chunked failures. on a CLOSED TREE 2019-10-02 02:26:13 +03:00
Sebastian Streich
cb72b07f82 Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-01 09:43:36 +00:00
Geoff Brown
a93eb8d621 Bug 1580643 - Skip test_navigate_to.html on fission; r=mccr8 
Avoid frequent intermittent test failures on fission.

Differential Revision: https://phabricator.services.mozilla.com/D47695

--HG--
extra : moz-landing-system : lando
 2019-10-01 17:21:41 +00:00
Christoph Kerschbaumer
28f91efa92 Bug 1584992: Make upgrade-insecure-requests work with fission enabled. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47650

--HG--
extra : moz-landing-system : lando
 2019-09-30 21:33:28 +00:00
Sebastian Streich
c494962b4b Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-30 10:38:32 +00:00
Christoph Kerschbaumer
877c77623f Bug 1583489: TIghten CSP assertion for about: pages. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47423

--HG--
extra : moz-landing-system : lando
 2019-09-27 12:33:27 +00:00
Anny Gakhokidze
f1c694e18f Bug 1582531 - Update fission annotations for skipped tests that are now passing succesfully, r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D47347

--HG--
extra : moz-landing-system : lando
 2019-09-27 14:25:10 +00:00
Christoph Kerschbaumer
30285b4a58 Bug 1499354: Add object-src 'none' to the CSP of all about: pages. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D46950

--HG--
extra : moz-landing-system : lando
 2019-09-26 16:22:41 +00:00
Noemi Erli
68edbc8842 Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE 
--HG--
extra : rebase_source : 5c71e17d6c48d398a11aa919208963aa47209064
extra : amend_source : 8802cdb433e0f770c0648a91bb876dae7dd51100
 2019-09-26 17:00:16 +03:00
Sebastian Streich
245b87853c Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 12:34:17 +00:00
Noemi Erli
ba7231bd82 Backed out changeset af8ca81b90e4 (bug 1583932) for causing build bustages in nsCSPService.cpp CLOSED TREE 2019-09-26 14:31:33 +03:00
Sebastian Streich
84f7f4dcb4 Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:16:36 +00:00
Sebastian Streich
154d7196d0 Bug 1581512 - Use plain or octetStream as default mime for XTCO -r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46004

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:06:05 +00:00
Alex Catarineu
8d86dd4c94 Bug 1573276 - Always allow localization in error pages r=johannh,peterv 
Differential Revision: https://phabricator.services.mozilla.com/D43216

--HG--
extra : moz-landing-system : lando
 2019-09-25 10:39:45 +00:00
Christoph Kerschbaumer
53d5895e71 Bug 1497200: Apply Meta CSP to about:downloads. r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D45330

--HG--
extra : moz-landing-system : lando
 2019-09-25 13:50:28 +00:00
Jonas Allmann
ce89ff6a7a Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46452

--HG--
extra : moz-landing-system : lando
 2019-09-25 12:30:23 +00:00
Matt Woodrow
1a317c31b2 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:42 +00:00
Matt Woodrow
edbd9409af Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:22 +00:00
Cosmin Sabou
ff85d01d81 Bug 1580565 - Disable tests that crash on fission. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D46872

--HG--
extra : moz-landing-system : lando
 2019-09-24 17:03:40 +00:00
Cosmin Sabou
89350c28cd Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE 
Backed out changeset e3e31e1dfc13 (bug 1583076)
Backed out changeset 97e4bfbc5578 (bug 1583076)
Backed out changeset 6ccf5880c324 (bug 1583076)
Backed out changeset b4140efc183d (bug 1583076)
 2019-09-25 08:22:10 +03:00
Matt Woodrow
f6c8016c29 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:51:13 +00:00
Matt Woodrow
6aa089f744 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:50:44 +00:00
Bogdan Tara
f1b65b22c7 Backed out 5 changesets (bug 1583076) for href-location-redirected-blocked.sub.html failures CLOSED TREE 
Backed out changeset dd4117098844 (bug 1583076)
Backed out changeset 97bc75b1cfe1 (bug 1583076)
Backed out changeset 084b244a33c0 (bug 1583076)
Backed out changeset 1baaf14e2451 (bug 1583076)
Backed out changeset 56c3918b5c21 (bug 1583076)
 2019-09-25 00:53:46 +03:00
Mihai Alexandru Michis
ca805e6ecb Bug 1583076 - Fix bustages in nsCSPService.cpp:317:12 a=bustage-fix CLOSED TREE 2019-09-24 23:15:00 +03:00
Matt Woodrow
ce6f028211 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Depends on D46741

Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:13:51 +00:00
Matt Woodrow
29c34b4b28 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Depends on D46739

Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:12:18 +00:00
Andreea Pavel
e7cf747b38 Bug 1580771 - Set test_main.html to always fail on fission r=neha 
Differential Revision: https://phabricator.services.mozilla.com/D46278

--HG--
extra : moz-landing-system : lando
 2019-09-19 13:26:22 +00:00
Tom Ritter
c2e992ed6e Bug 1570681 - Enforce eval restrictions in system contexts and the parent process r=ckerschb 
We log to MOZ_LOG, report an error to the console, send telemetry, and in debug builds - crash

Differential Revision: https://phabricator.services.mozilla.com/D45055

--HG--
extra : moz-landing-system : lando
 2019-09-19 02:32:41 +00:00
Tom Ritter
9621f537b0 Bug 1570681 - Move Eval testing logic from nsContentSecurityManager to nsContentSecurityUtils r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D45484

--HG--
extra : moz-landing-system : lando
 2019-09-18 19:36:31 +00:00
Valentin Gosu
9be69aefcb Bug 1580750 - Enable more fission tests r=JuniorHsu 
Differential Revision: https://phabricator.services.mozilla.com/D46175

--HG--
extra : moz-landing-system : lando
 2019-09-17 19:35:00 +00:00
Christoph Kerschbaumer
ecfde38ed8 Bug 1580710: Expose functionality on the CSP Object to allow skipping the inline style checks. r=bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D45631

--HG--
extra : moz-landing-system : lando
 2019-09-16 23:47:19 +00:00
Agi Sferro
0d2253119a Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37488

--HG--
extra : moz-landing-system : lando
 2019-09-13 03:31:57 +00:00
Kris Maglione
f261e424d2 Bug 1580377: Re-disable test_reloadInFreshProcess under Fission. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D45670

--HG--
extra : moz-landing-system : lando
 2019-09-12 14:17:49 +00:00
Andreas Farre
7af5f952e6 Bug 1560110 - Remove skip-ifs for tests. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D45379

--HG--
extra : moz-landing-system : lando
 2019-09-11 08:51:09 +00:00
Benjamin
934da4e096 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-10 22:33:51 +00:00
Kris Maglione
165096efe5 Bug 1579820 - Handle window.open() from remote subframes. r=nika 
The CommonCreateWindow code requires having a BrowserHost for the tab that's
creating the window, which it tries to get from the requestor's BrowserParent.
For remote BrowserParents, though, there is no BrowserHost, so we need to get
it from the top-level embedder instead.

Differential Revision: https://phabricator.services.mozilla.com/D45172

--HG--
extra : moz-landing-system : lando
 2019-09-10 09:04:17 +00:00
Christoph Kerschbaumer
507cd448aa Bug 1566386: Assert that every about: page on Android ships with a CSP. r=snorp 
Differential Revision: https://phabricator.services.mozilla.com/D45193

--HG--
extra : moz-landing-system : lando
 2019-09-10 06:26:14 +00:00
Edgar Chen
ab78b9be04 Bug 1579088 - Correct the expecting result for img in test_strict_dynamic_default_src.html; r=ckerschb 
The description and expected result of some tests aren't matched.

Differential Revision: https://phabricator.services.mozilla.com/D44843

--HG--
extra : moz-landing-system : lando
 2019-09-09 17:44:37 +00:00
Edgar Chen
1c24dc8c08 Bug 1579088 - Do not use img.complete check whether the img is loaded; r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D44842

--HG--
extra : moz-landing-system : lando
 2019-09-09 17:44:36 +00:00
Thomas Nguyen
7a34c52f34 Bug 1579373 - Disabled geolocation permission for crossorigin iframe by default and add tests r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D45174

--HG--
extra : moz-landing-system : lando
 2019-09-09 20:00:56 +00:00
Christoph Kerschbaumer
b5a051c48e Bug 1497584: Apply Meta CSP to about:preferences. r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D44474

--HG--
extra : moz-landing-system : lando
 2019-09-06 11:59:19 +00:00
Christoph Kerschbaumer
4144eb70e4 Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D44617

--HG--
extra : moz-landing-system : lando
 2019-09-05 14:22:09 +00:00
Dorel Luca
3f262058ba Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js 2019-09-05 14:47:53 +03:00
Christoph Kerschbaumer
4e4f4a0bf6 Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D44617

--HG--
extra : moz-landing-system : lando
 2019-09-05 09:44:13 +00:00
Dorel Luca
ec62854d68 Backed out changeset 890bcaee9b7d (bug 1529068) for causing massive tier2 failures on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE 2019-09-05 09:47:35 +03:00
Gijs Kruitbosch
9f3a3e9669 Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal 
Differential Revision: https://phabricator.services.mozilla.com/D44648

--HG--
extra : moz-landing-system : lando
 2019-09-04 22:12:39 +00:00
Benjamin
2202fa3333 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-04 20:29:37 +00:00
Gurzau Raul
f96e9cd73f Backed out changeset 887d125d7f59 (bug 1578709) for failing at test_bug427744.html on a CLOSED TREE. 2019-09-04 21:34:11 +03:00
Csoregi Natalia
2dd3b18187 Backed out changeset 99b313550fb8 (bug 1529068) for eslint failure on test_navigate_to.html. CLOSED TREE 2019-09-04 21:15:18 +03:00
Benjamin
33379674f8 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-04 17:44:14 +00:00
Gijs Kruitbosch
bb899238e7 Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal 
Differential Revision: https://phabricator.services.mozilla.com/D44648

--HG--
extra : moz-landing-system : lando
 2019-09-04 17:28:02 +00:00
Tom Ritter
4f940eeb9a Bug 1578529 - Remove an Eval-Assert exception we don't need and accidently included r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D44527

--HG--
extra : moz-landing-system : lando
 2019-09-04 11:51:59 +00:00
Matt Woodrow
e579f452c1 Bug 1556489 - P8. Add CSPService::ConsultCSPForRedirect. r=mayhemer,ckerschb 
We extract the code from CSPService::AsyncOnChannelRedirect so that we can use it in a follow-up change.

Differential Revision: https://phabricator.services.mozilla.com/D40965
 2019-09-03 10:19:12 +10:00
Sebastian Streich
6a4c76882f Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
***
- Another test setup

Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-09-02 14:49:27 +00:00
Mark Banner
709c7ccf0c Bug 1577746 - Automatically enable more ESLint rules for dom/. r=baku 
This enables:
- mozilla/no-useless-parameters
- mozilla/no-useless-run-test
- no-extra-boolean-cast
- no-unneeded-ternary

Depends on D44150

Differential Revision: https://phabricator.services.mozilla.com/D44151

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:23:26 +00:00
Mark Banner
acd70816c6 Bug 1577746 - Enable ESLint rule dot-notation for dom/. r=baku 
Depends on D44149

Differential Revision: https://phabricator.services.mozilla.com/D44150

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:23:05 +00:00
Mark Banner
351d147e2f Bug 1577746 - Enable ESLint rule object-shorthand for dom/. r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D44149

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:22:27 +00:00
Ehsan Akhgari
625509f19c Bug 1399803 - Consider all IPv4 loopback addresses as secure context; r=bzbarsky,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D43633

--HG--
extra : moz-landing-system : lando
 2019-08-30 07:57:34 +00:00
Sebastian Hengst
6c326548a4 Bug 1577363 - Set dom/security/test/general/mochitest.ini as passing with fission. r=Ehsan 
It got set as failing in bug 1576814 but passes after bug 1576316 added back fission-incompatible code.

Differential Revision: https://phabricator.services.mozilla.com/D44113

--HG--
extra : moz-landing-system : lando
 2019-08-30 13:52:04 +00:00
Noemi Erli
178d154900 Backed out changeset 92848bd0c1e0 (bug 1561964) for dom/security android mochitest failures 2019-08-30 04:05:45 +03:00
Agi Sferro
426bf8391a Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37488

--HG--
extra : moz-landing-system : lando
 2019-08-29 16:04:14 +00:00
Paul Bone
36bed861bf Bug 1576814 - These tests are currently failing for fission r=kmag 
Depends on D43571

Differential Revision: https://phabricator.services.mozilla.com/D43572

--HG--
extra : moz-landing-system : lando
 2019-08-27 23:42:25 +00:00
Sebastian Streich
0fac17f172 Bug 1576039 - Adding more Time to Prevent Timeouts r=pbz 
Differential Revision: https://phabricator.services.mozilla.com/D43454

--HG--
extra : moz-landing-system : lando
 2019-08-26 16:41:16 +00:00
Noemi Erli
2d0fff3267 Backed out changeset 4bedbc45e231 (bug 1505412) for failures in test_bug1505412.html CLOSED TREE 2019-08-22 19:52:49 +03:00
Sebastian Streich
140ba11647 Bug 1536058 - Add a Test for cache isolation r=ckerschb,Ehsan 
***
Adding Ehsans nits
***

Differential Revision: https://phabricator.services.mozilla.com/D40613

--HG--
extra : moz-landing-system : lando
 2019-08-22 15:21:09 +00:00
Sebastian Streich
5c3cba344d Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-08-22 15:23:17 +00:00
Andrew McCreight
ee73cb534e Bug 1575343, part 2 - Avoid string copies when getting calling location in nsCSPContext. r=smaug 
This code grabs the URI, then tries to overwrite it with information
from GetCallingLocation, then possibly overwrites it again with the
original information, then converts the string.

My patch reorders things so that we try GetCallingLocation() first, so
we only set the values once. In the case where GetCallingLocation()
succeeds it avoids a string copy from 8 to 16 bit.

Differential Revision: https://phabricator.services.mozilla.com/D42728

--HG--
extra : moz-landing-system : lando
 2019-08-20 22:53:53 +00:00
Andrew McCreight
62bd52a17f Bug 1575343, part 1 - Avoid a gratuitous string copy by calling the nsAString overload of GetCallingLocation. r=smaug 
The nsAString overload of GetCallingLocation directly converts the
original source file name string into an nsAString. A number of
callers that want the source file name in an nsAString are calling the
nsACString overload of GetCallingLocation, then calling
NS_ConvertUTF8toUTF16. This results in an extra intermediate copy of
the original string data.

Differential Revision: https://phabricator.services.mozilla.com/D42727

--HG--
extra : moz-landing-system : lando
 2019-08-20 22:53:49 +00:00
Thomas Nguyen
cf20303f06 Bug 1528697 - Remove ReferrerPolicy.h and add utils to ReferrerInfo r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D41956

--HG--
extra : moz-landing-system : lando
 2019-08-21 12:09:06 +00:00
Thomas Nguyen
bbd6f51a56 Bug 1528697 - Add cenum referrerpolicy in ReferrerInfo.idl r=ckerschb,Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D41955

--HG--
extra : moz-landing-system : lando
 2019-08-21 13:28:23 +00:00
Thomas Nguyen
32ab8293ff Bug 1528697 - Expose ReferrerPolicy.webidl and use referrerpolicy enum r=smaug 
ReferrerPolicy gets tossed back and forth as a uint32_t and
ReferrerPolicy enum in header file. Expose ReferrerPolicyValues from
webidl file and use consistently in native code.

Differential Revision: https://phabricator.services.mozilla.com/D41954

--HG--
extra : moz-landing-system : lando
 2019-08-21 13:24:45 +00:00
Thomas Nguyen
fe6a6a4285 Bug 1567940 Apply ReferrerInfo to Download and fix Go to Download Page button r=Gijs,dimi 
In the old way, if referrer is ommited we will not be able to go to
download page. In that case, we should use originalReferrer in
ReferrerInfo object

Differential Revision: https://phabricator.services.mozilla.com/D39875

--HG--
extra : moz-landing-system : lando
 2019-08-20 16:22:44 +00:00
Daniel Varga
952e8654d9 Backed out changeset 983ff93a11ad (bug 1505412) for debug-test-verify-e10s failure at dom/security/test/csp/test_bug1505412.html. On a CLOSED TREE 2019-08-16 13:19:32 +03:00
Sebastian Streich
645ecf6d90 Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-08-15 15:51:33 +00:00
Bogdan Tara
745a1d73ea Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE 2019-08-15 01:06:23 +03:00
Tom Ritter
097aa52411 Bug 1573622 - Do not enforce eval() assertions if userchrome.css is enabled r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D41814

--HG--
extra : moz-landing-system : lando
 2019-08-14 14:29:57 +00:00
Sebastian Streich
d9aecc626c Bug 1570658 - Add a Flag for Navigation-Nosniff r=ckerschb 
***
Revert Changes to Test

Differential Revision: https://phabricator.services.mozilla.com/D40618

--HG--
extra : moz-landing-system : lando
 2019-08-14 07:07:33 +00:00
Christoph Kerschbaumer
f5df74c740 Bug 1573145: Create ContentSecurityUtils.h/cpp and move AssertAboutPageHasCSP into it. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D41537

--HG--
extra : moz-landing-system : lando
 2019-08-14 10:15:09 +00:00
Jan Andre Ikenmeyer
e92e3d02f6 Bug 1560699 - Download FTP resources instead of rendering them. r=michal 
Differential Revision: https://phabricator.services.mozilla.com/D39702

--HG--
extra : moz-landing-system : lando
 2019-08-11 20:46:06 +00:00
Andrew McCreight
c706a636a8 Bug 1559489, part 4 - Remote-to-local window transplanting. r=tcampbell,bzbarsky 
This patch cleans up remote outer window proxies when we navigate back
into the process.

It adds a flag to mDanglingRemoteOuterProxies that is set in between
BrowsingContext::SetDocShell(), where we can tell that the browsing
context is going from being remote to being local, to
nsGlobalWindowOuter::SetNewDocument(), where the local outer window
proxy is actually created. Once the outer window is created, the
remote window proxies can be cleaned up in
CleanUpDanglingRemoteOuterWindowProxies().

The clean up is done by a process that is similar to object
transplanting, except that instead of looking in the cross-compartment
wrapper table for each compartment to find objects to be turned into
CCWs to the new object, it looks in the remote proxy map for each
compartment. SpiderMonkey doesn't know about the proxy maps, so this
has to be done by a new callback object CompartmentTransplantCallback.

Now that this cleanup is being done, it shouldn't be possible to wrap
a remote outer window proxy when the browsing context is local, so
MaybeWrapWindowProxy() can be simplified. I had to drop the assert
here that the browsing context has a window proxy because during clean
up we call wrap on a local outer window proxy before the BC gets the
window proxy set on it. I had the assert because my original plan was
to implicitly fix remote proxies during wrapping, but that is no
longer necessary.

Differential Revision: https://phabricator.services.mozilla.com/D38343

--HG--
extra : moz-landing-system : lando
 2019-08-13 19:09:59 +00:00
Sebastian Streich
abdca609f0 Bug 1567059 - Add test for CSP and Bookmarklet interaction r=ckerschb,bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D40652

--HG--
extra : moz-landing-system : lando
 2019-08-06 19:44:05 +00:00
Christoph Kerschbaumer
c515db9854 Bug 1573134: Inline evalAllowList within AssertEvalNotRestricted. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D41529

--HG--
extra : moz-landing-system : lando
 2019-08-13 11:59:11 +00:00
Cosmin Sabou
f134fff740 Bug 1571698 - Annotate tests that also crash on opt builds. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D41459

--HG--
extra : moz-landing-system : lando
 2019-08-10 00:45:51 +00:00
Kannan Vijayan
e53a880b1c Bug 1569262 - Rename nsIDocShellTreeItem::GetRootTreeItem to GetInProcessRootTreeItem for Fission marking. r=nika 
Differential Revision: https://phabricator.services.mozilla.com/D41064

--HG--
extra : moz-landing-system : lando
 2019-08-07 19:24:00 +00:00
Tom Ritter
95fbdde774 Bug 1572153 - Fix recording of Telemetry Events for Eval Usage r=chutten 
Differential Revision: https://phabricator.services.mozilla.com/D41045

--HG--
extra : moz-landing-system : lando
 2019-08-07 16:55:22 +00:00
Birunthan Mohanathas
c561f0a0ae Bug 1376309 - Allow localhost ws:// connections from secure origins. r=jkt 
We already allow HTTPS origins to use to plain HTTP active content when using
loopback URLs such as http://127.0.0.1. Lets extend this to WebSocket
connections as well to match Chrome.

Differential Revision: https://phabricator.services.mozilla.com/D38290

--HG--
extra : moz-landing-system : lando
 2019-08-07 00:19:59 +00:00
Andreea Pavel
8f56db01f7 Backed out changeset d0aae34d9b95 (bug 1529068) for failing form-redirected-blocked.sub.html on a CLOSED TREE 
--HG--
extra : rebase_source : 4d7a73e1f40de001031c61fba240c57961a902d8
 2019-08-07 01:39:29 +03:00
Benjamin
455d7a7789 Bug 1529068 - navigate-to r=ckerschb,mccr8 
Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-08-06 18:27:45 +00:00
Tom Ritter
20c32a0175 Bug 1570738 - Record Telemetry if eval() is used in the Parent Process r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D40332

--HG--
extra : moz-landing-system : lando
 2019-08-06 19:56:23 +00:00
Mihai Alexandru Michis
4bcc3ac00a Backed out changeset 8de4baa1dee3 (bug 1570658) for causing mochitest failures. CLOSED TREE 2019-08-06 14:19:31 +03:00
Sebastian Streich
6f2b641d45 Bug 1570658 - Add a Flag for Navigation-Nosniff r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D40618

--HG--
extra : moz-landing-system : lando
 2019-08-05 14:58:13 +00:00
Emilio Cobos Álvarez
6da1e7506f Bug 1499000 - Make CORS use the right security flags to check whether an URL can be loaded. r=ckerschb 
This fixes at least part of the problem. Without this patch, some of the flags
may get lost, like the ALLOW_CHROME flag which controls whether stuff like
resource:// URLs can be loaded or not.

Differential Revision: https://phabricator.services.mozilla.com/D40633

--HG--
extra : moz-landing-system : lando
 2019-08-05 19:28:00 +00:00
Nicholas Nethercote
dd63fcde4e Bug 1570212 - Convert dom.securecontext.whitelist_onions to a static pref. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D40160

--HG--
extra : moz-landing-system : lando
 2019-08-02 11:59:06 +00:00
Tom Ritter
0b9efb84de Bug 1567623 - Add Event Telemetry for cases where eval is triggered as System Principal r=chutten,bzbarsky,tcampbell 
Differential Revision: https://phabricator.services.mozilla.com/D39559

--HG--
extra : moz-landing-system : lando
 2019-08-01 20:45:31 +00:00