Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 17:25:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
689,112 Commits 615 Branches 98 Tags 5.9 GiB
3bdc45bf22
Commit Graph

1445 Commits

Author SHA1 Message Date
Christoph Kerschbaumer
89195abaf2 Bug 1583044: Make nsMozIconURI serializeable. r=valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49442

--HG--
extra : moz-landing-system : lando
 2019-10-18 10:49:55 +00:00
Christoph Kerschbaumer
ecf163cc61 Bug 1587417: Add about:logo to allowlist of CSP assertion. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D48703

--HG--
extra : moz-landing-system : lando
 2019-10-09 13:33:15 +00:00
Tom Ritter
23ba7b6fe3 Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku 
This patch does several things.  Because Workers aren't on the main thread,
many of the things done are in the name of off main thread access.

1) Changes a parameter in IsEvalAllowed from a nsIPrincipal to a bool.
   We only used the principal to determined if it was the System Principal.
   Principals aren't thread safe and can only be accessed on Main Thread, so
   if we passed a Principal in, we would be in error. Instead only pass in
   the bool which - for workers - comes from a thread-safe location.

2) Separates out the Telemetry Event Recording and sending a message to the
   console into a new function nsContentSecurityUtils::NotifyEvalUsage. (And
   creates a runnable that calls it.)

   We do this because we will need to only call this method on the main thread.

   Telemetry Event Recording has only ever been called on the Main Thread.
   While I possibly-successfully cut it over to happen Off Main Thread (OMT)
   by porting preferences to StaticPrefs, I don't know if there were other
   threading assumptions in the Telemetry Code. So it would be much safer to
   just continue recording Event Telemetry on the main thread.

   Sending a message to the console requires calling GetStringBundleService()
   which requires main thread. I didn't investigate if this could be made
   thread-safe, I just threw it onto the main thread too.

   If, in IsEvalAllowed, we are on the main thread - we call NotifyEvalUsage
   directly. If we are not, we create a runnable which will then call
   NotifyEvalUsage for us on the main thread.

3) Ports allow_eval_with_system_principal and allow_eval_in_parent_process
   from bools to RelaxedAtomicBool - because we now check these prefs OMT.

4) In RuntimeService.cpp, adds the call to IsEvalAllowed.

5) Add resource://gre/modules/workers/require.js to the allowlist of eval
   usage. This was the script that identified this gap in the first place.
   It uses eval (twice) for structural reasons (scope and line number
   massaging.)  The contents of the eval are the result of a request to a
   uri (which may be internal, like resource://). The whole point of this
   is to implement a CommonJS require() api.

   This usage of eval is safe because the only way an attacker can inject
   into it is by either controlling the response of the uri request or
   controlling (or appending to) the argument. If they can do that, they
   are able to inject script into Firefox even if we cut this usage of eval
   over to some other type of safe(r) script loader.

   Bug 1584564 tracks making sure calls to require.js are safe.

6) Adds cld-worker.js to the allowlist. Bug 1584605 is for refactoring that
   eval usage, which is decidedly non-trivial.

7) Does _not_ enforce the eval restrictions for workers. While I've gotten
   try to be green and not throw up any instances of eval-usage by workers,
   it is much safer to deploy this is Telemetry-only mode for Workers for
   a little bit to see if anything pops up from the Nightly population.

   Bug 1584602 is for enforcing the checks.

Differential Revision: https://phabricator.services.mozilla.com/D47480

--HG--
extra : moz-landing-system : lando
 2019-10-08 17:31:35 +00:00
Sebastian Streich
ceace3f3aa Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
***

Use Window.opener in test

Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-07 12:05:36 +00:00
Sylvestre Ledru
f12b9fa5c3 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D47737

--HG--
extra : moz-landing-system : lando
 2019-10-06 18:29:55 +00:00
Jonathan Kingston
e7760ef29c Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47888

--HG--
extra : moz-landing-system : lando
 2019-10-02 11:17:28 +00:00
Oana Pop Rus
ee3312ea5b Backed out changeset 7978f68a5355 (bug 1585055) for multiple mochitest-plain-chunked failures. on a CLOSED TREE 2019-10-02 02:26:13 +03:00
Sebastian Streich
cb72b07f82 Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-01 09:43:36 +00:00
Geoff Brown
a93eb8d621 Bug 1580643 - Skip test_navigate_to.html on fission; r=mccr8 
Avoid frequent intermittent test failures on fission.

Differential Revision: https://phabricator.services.mozilla.com/D47695

--HG--
extra : moz-landing-system : lando
 2019-10-01 17:21:41 +00:00
Christoph Kerschbaumer
28f91efa92 Bug 1584992: Make upgrade-insecure-requests work with fission enabled. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47650

--HG--
extra : moz-landing-system : lando
 2019-09-30 21:33:28 +00:00
Sebastian Streich
c494962b4b Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-30 10:38:32 +00:00
Christoph Kerschbaumer
877c77623f Bug 1583489: TIghten CSP assertion for about: pages. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47423

--HG--
extra : moz-landing-system : lando
 2019-09-27 12:33:27 +00:00
Anny Gakhokidze
f1c694e18f Bug 1582531 - Update fission annotations for skipped tests that are now passing succesfully, r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D47347

--HG--
extra : moz-landing-system : lando
 2019-09-27 14:25:10 +00:00
Christoph Kerschbaumer
30285b4a58 Bug 1499354: Add object-src 'none' to the CSP of all about: pages. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D46950

--HG--
extra : moz-landing-system : lando
 2019-09-26 16:22:41 +00:00
Noemi Erli
68edbc8842 Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE 
--HG--
extra : rebase_source : 5c71e17d6c48d398a11aa919208963aa47209064
extra : amend_source : 8802cdb433e0f770c0648a91bb876dae7dd51100
 2019-09-26 17:00:16 +03:00
Sebastian Streich
245b87853c Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 12:34:17 +00:00
Noemi Erli
ba7231bd82 Backed out changeset af8ca81b90e4 (bug 1583932) for causing build bustages in nsCSPService.cpp CLOSED TREE 2019-09-26 14:31:33 +03:00
Sebastian Streich
84f7f4dcb4 Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:16:36 +00:00
Sebastian Streich
154d7196d0 Bug 1581512 - Use plain or octetStream as default mime for XTCO -r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46004

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:06:05 +00:00
Alex Catarineu
8d86dd4c94 Bug 1573276 - Always allow localization in error pages r=johannh,peterv 
Differential Revision: https://phabricator.services.mozilla.com/D43216

--HG--
extra : moz-landing-system : lando
 2019-09-25 10:39:45 +00:00
Christoph Kerschbaumer
53d5895e71 Bug 1497200: Apply Meta CSP to about:downloads. r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D45330

--HG--
extra : moz-landing-system : lando
 2019-09-25 13:50:28 +00:00
Jonas Allmann
ce89ff6a7a Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46452

--HG--
extra : moz-landing-system : lando
 2019-09-25 12:30:23 +00:00
Matt Woodrow
1a317c31b2 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:42 +00:00
Matt Woodrow
edbd9409af Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:22 +00:00
Cosmin Sabou
ff85d01d81 Bug 1580565 - Disable tests that crash on fission. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D46872

--HG--
extra : moz-landing-system : lando
 2019-09-24 17:03:40 +00:00
Cosmin Sabou
89350c28cd Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE 
Backed out changeset e3e31e1dfc13 (bug 1583076)
Backed out changeset 97e4bfbc5578 (bug 1583076)
Backed out changeset 6ccf5880c324 (bug 1583076)
Backed out changeset b4140efc183d (bug 1583076)
 2019-09-25 08:22:10 +03:00
Matt Woodrow
f6c8016c29 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:51:13 +00:00
Matt Woodrow
6aa089f744 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:50:44 +00:00
Bogdan Tara
f1b65b22c7 Backed out 5 changesets (bug 1583076) for href-location-redirected-blocked.sub.html failures CLOSED TREE 
Backed out changeset dd4117098844 (bug 1583076)
Backed out changeset 97bc75b1cfe1 (bug 1583076)
Backed out changeset 084b244a33c0 (bug 1583076)
Backed out changeset 1baaf14e2451 (bug 1583076)
Backed out changeset 56c3918b5c21 (bug 1583076)
 2019-09-25 00:53:46 +03:00
Mihai Alexandru Michis
ca805e6ecb Bug 1583076 - Fix bustages in nsCSPService.cpp:317:12 a=bustage-fix CLOSED TREE 2019-09-24 23:15:00 +03:00
Matt Woodrow
ce6f028211 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Depends on D46741

Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:13:51 +00:00
Matt Woodrow
29c34b4b28 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Depends on D46739

Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:12:18 +00:00
Andreea Pavel
e7cf747b38 Bug 1580771 - Set test_main.html to always fail on fission r=neha 
Differential Revision: https://phabricator.services.mozilla.com/D46278

--HG--
extra : moz-landing-system : lando
 2019-09-19 13:26:22 +00:00
Tom Ritter
c2e992ed6e Bug 1570681 - Enforce eval restrictions in system contexts and the parent process r=ckerschb 
We log to MOZ_LOG, report an error to the console, send telemetry, and in debug builds - crash

Differential Revision: https://phabricator.services.mozilla.com/D45055

--HG--
extra : moz-landing-system : lando
 2019-09-19 02:32:41 +00:00
Tom Ritter
9621f537b0 Bug 1570681 - Move Eval testing logic from nsContentSecurityManager to nsContentSecurityUtils r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D45484

--HG--
extra : moz-landing-system : lando
 2019-09-18 19:36:31 +00:00
Valentin Gosu
9be69aefcb Bug 1580750 - Enable more fission tests r=JuniorHsu 
Differential Revision: https://phabricator.services.mozilla.com/D46175

--HG--
extra : moz-landing-system : lando
 2019-09-17 19:35:00 +00:00
Christoph Kerschbaumer
ecfde38ed8 Bug 1580710: Expose functionality on the CSP Object to allow skipping the inline style checks. r=bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D45631

--HG--
extra : moz-landing-system : lando
 2019-09-16 23:47:19 +00:00
Agi Sferro
0d2253119a Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37488

--HG--
extra : moz-landing-system : lando
 2019-09-13 03:31:57 +00:00
Kris Maglione
f261e424d2 Bug 1580377: Re-disable test_reloadInFreshProcess under Fission. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D45670

--HG--
extra : moz-landing-system : lando
 2019-09-12 14:17:49 +00:00
Andreas Farre
7af5f952e6 Bug 1560110 - Remove skip-ifs for tests. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D45379

--HG--
extra : moz-landing-system : lando
 2019-09-11 08:51:09 +00:00
Benjamin
934da4e096 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-10 22:33:51 +00:00
Kris Maglione
165096efe5 Bug 1579820 - Handle window.open() from remote subframes. r=nika 
The CommonCreateWindow code requires having a BrowserHost for the tab that's
creating the window, which it tries to get from the requestor's BrowserParent.
For remote BrowserParents, though, there is no BrowserHost, so we need to get
it from the top-level embedder instead.

Differential Revision: https://phabricator.services.mozilla.com/D45172

--HG--
extra : moz-landing-system : lando
 2019-09-10 09:04:17 +00:00
Christoph Kerschbaumer
507cd448aa Bug 1566386: Assert that every about: page on Android ships with a CSP. r=snorp 
Differential Revision: https://phabricator.services.mozilla.com/D45193

--HG--
extra : moz-landing-system : lando
 2019-09-10 06:26:14 +00:00
Edgar Chen
ab78b9be04 Bug 1579088 - Correct the expecting result for img in test_strict_dynamic_default_src.html; r=ckerschb 
The description and expected result of some tests aren't matched.

Differential Revision: https://phabricator.services.mozilla.com/D44843

--HG--
extra : moz-landing-system : lando
 2019-09-09 17:44:37 +00:00
Edgar Chen
1c24dc8c08 Bug 1579088 - Do not use img.complete check whether the img is loaded; r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D44842

--HG--
extra : moz-landing-system : lando
 2019-09-09 17:44:36 +00:00
Thomas Nguyen
7a34c52f34 Bug 1579373 - Disabled geolocation permission for crossorigin iframe by default and add tests r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D45174

--HG--
extra : moz-landing-system : lando
 2019-09-09 20:00:56 +00:00
Christoph Kerschbaumer
b5a051c48e Bug 1497584: Apply Meta CSP to about:preferences. r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D44474

--HG--
extra : moz-landing-system : lando
 2019-09-06 11:59:19 +00:00
Christoph Kerschbaumer
4144eb70e4 Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D44617

--HG--
extra : moz-landing-system : lando
 2019-09-05 14:22:09 +00:00
Dorel Luca
3f262058ba Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js 2019-09-05 14:47:53 +03:00
Christoph Kerschbaumer
4e4f4a0bf6 Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D44617

--HG--
extra : moz-landing-system : lando
 2019-09-05 09:44:13 +00:00
Dorel Luca
ec62854d68 Backed out changeset 890bcaee9b7d (bug 1529068) for causing massive tier2 failures on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE 2019-09-05 09:47:35 +03:00
Gijs Kruitbosch
9f3a3e9669 Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal 
Differential Revision: https://phabricator.services.mozilla.com/D44648

--HG--
extra : moz-landing-system : lando
 2019-09-04 22:12:39 +00:00
Benjamin
2202fa3333 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-04 20:29:37 +00:00
Gurzau Raul
f96e9cd73f Backed out changeset 887d125d7f59 (bug 1578709) for failing at test_bug427744.html on a CLOSED TREE. 2019-09-04 21:34:11 +03:00
Csoregi Natalia
2dd3b18187 Backed out changeset 99b313550fb8 (bug 1529068) for eslint failure on test_navigate_to.html. CLOSED TREE 2019-09-04 21:15:18 +03:00
Benjamin
33379674f8 Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 
https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-09-04 17:44:14 +00:00
Gijs Kruitbosch
bb899238e7 Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal 
Differential Revision: https://phabricator.services.mozilla.com/D44648

--HG--
extra : moz-landing-system : lando
 2019-09-04 17:28:02 +00:00
Tom Ritter
4f940eeb9a Bug 1578529 - Remove an Eval-Assert exception we don't need and accidently included r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D44527

--HG--
extra : moz-landing-system : lando
 2019-09-04 11:51:59 +00:00
Matt Woodrow
e579f452c1 Bug 1556489 - P8. Add CSPService::ConsultCSPForRedirect. r=mayhemer,ckerschb 
We extract the code from CSPService::AsyncOnChannelRedirect so that we can use it in a follow-up change.

Differential Revision: https://phabricator.services.mozilla.com/D40965
 2019-09-03 10:19:12 +10:00
Sebastian Streich
6a4c76882f Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
***
- Another test setup

Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-09-02 14:49:27 +00:00
Mark Banner
709c7ccf0c Bug 1577746 - Automatically enable more ESLint rules for dom/. r=baku 
This enables:
- mozilla/no-useless-parameters
- mozilla/no-useless-run-test
- no-extra-boolean-cast
- no-unneeded-ternary

Depends on D44150

Differential Revision: https://phabricator.services.mozilla.com/D44151

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:23:26 +00:00
Mark Banner
acd70816c6 Bug 1577746 - Enable ESLint rule dot-notation for dom/. r=baku 
Depends on D44149

Differential Revision: https://phabricator.services.mozilla.com/D44150

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:23:05 +00:00
Mark Banner
351d147e2f Bug 1577746 - Enable ESLint rule object-shorthand for dom/. r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D44149

--HG--
extra : moz-landing-system : lando
 2019-09-02 11:22:27 +00:00
Ehsan Akhgari
625509f19c Bug 1399803 - Consider all IPv4 loopback addresses as secure context; r=bzbarsky,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D43633

--HG--
extra : moz-landing-system : lando
 2019-08-30 07:57:34 +00:00
Sebastian Hengst
6c326548a4 Bug 1577363 - Set dom/security/test/general/mochitest.ini as passing with fission. r=Ehsan 
It got set as failing in bug 1576814 but passes after bug 1576316 added back fission-incompatible code.

Differential Revision: https://phabricator.services.mozilla.com/D44113

--HG--
extra : moz-landing-system : lando
 2019-08-30 13:52:04 +00:00
Noemi Erli
178d154900 Backed out changeset 92848bd0c1e0 (bug 1561964) for dom/security android mochitest failures 2019-08-30 04:05:45 +03:00
Agi Sferro
426bf8391a Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37488

--HG--
extra : moz-landing-system : lando
 2019-08-29 16:04:14 +00:00
Paul Bone
36bed861bf Bug 1576814 - These tests are currently failing for fission r=kmag 
Depends on D43571

Differential Revision: https://phabricator.services.mozilla.com/D43572

--HG--
extra : moz-landing-system : lando
 2019-08-27 23:42:25 +00:00
Sebastian Streich
0fac17f172 Bug 1576039 - Adding more Time to Prevent Timeouts r=pbz 
Differential Revision: https://phabricator.services.mozilla.com/D43454

--HG--
extra : moz-landing-system : lando
 2019-08-26 16:41:16 +00:00
Noemi Erli
2d0fff3267 Backed out changeset 4bedbc45e231 (bug 1505412) for failures in test_bug1505412.html CLOSED TREE 2019-08-22 19:52:49 +03:00
Sebastian Streich
140ba11647 Bug 1536058 - Add a Test for cache isolation r=ckerschb,Ehsan 
***
Adding Ehsans nits
***

Differential Revision: https://phabricator.services.mozilla.com/D40613

--HG--
extra : moz-landing-system : lando
 2019-08-22 15:21:09 +00:00
Sebastian Streich
5c3cba344d Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-08-22 15:23:17 +00:00
Andrew McCreight
ee73cb534e Bug 1575343, part 2 - Avoid string copies when getting calling location in nsCSPContext. r=smaug 
This code grabs the URI, then tries to overwrite it with information
from GetCallingLocation, then possibly overwrites it again with the
original information, then converts the string.

My patch reorders things so that we try GetCallingLocation() first, so
we only set the values once. In the case where GetCallingLocation()
succeeds it avoids a string copy from 8 to 16 bit.

Differential Revision: https://phabricator.services.mozilla.com/D42728

--HG--
extra : moz-landing-system : lando
 2019-08-20 22:53:53 +00:00
Andrew McCreight
62bd52a17f Bug 1575343, part 1 - Avoid a gratuitous string copy by calling the nsAString overload of GetCallingLocation. r=smaug 
The nsAString overload of GetCallingLocation directly converts the
original source file name string into an nsAString. A number of
callers that want the source file name in an nsAString are calling the
nsACString overload of GetCallingLocation, then calling
NS_ConvertUTF8toUTF16. This results in an extra intermediate copy of
the original string data.

Differential Revision: https://phabricator.services.mozilla.com/D42727

--HG--
extra : moz-landing-system : lando
 2019-08-20 22:53:49 +00:00
Thomas Nguyen
cf20303f06 Bug 1528697 - Remove ReferrerPolicy.h and add utils to ReferrerInfo r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D41956

--HG--
extra : moz-landing-system : lando
 2019-08-21 12:09:06 +00:00
Thomas Nguyen
bbd6f51a56 Bug 1528697 - Add cenum referrerpolicy in ReferrerInfo.idl r=ckerschb,Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D41955

--HG--
extra : moz-landing-system : lando
 2019-08-21 13:28:23 +00:00
Thomas Nguyen
32ab8293ff Bug 1528697 - Expose ReferrerPolicy.webidl and use referrerpolicy enum r=smaug 
ReferrerPolicy gets tossed back and forth as a uint32_t and
ReferrerPolicy enum in header file. Expose ReferrerPolicyValues from
webidl file and use consistently in native code.

Differential Revision: https://phabricator.services.mozilla.com/D41954

--HG--
extra : moz-landing-system : lando
 2019-08-21 13:24:45 +00:00
Thomas Nguyen
fe6a6a4285 Bug 1567940 Apply ReferrerInfo to Download and fix Go to Download Page button r=Gijs,dimi 
In the old way, if referrer is ommited we will not be able to go to
download page. In that case, we should use originalReferrer in
ReferrerInfo object

Differential Revision: https://phabricator.services.mozilla.com/D39875

--HG--
extra : moz-landing-system : lando
 2019-08-20 16:22:44 +00:00
Daniel Varga
952e8654d9 Backed out changeset 983ff93a11ad (bug 1505412) for debug-test-verify-e10s failure at dom/security/test/csp/test_bug1505412.html. On a CLOSED TREE 2019-08-16 13:19:32 +03:00
Sebastian Streich
645ecf6d90 Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36916

--HG--
extra : moz-landing-system : lando
 2019-08-15 15:51:33 +00:00
Bogdan Tara
745a1d73ea Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE 2019-08-15 01:06:23 +03:00
Tom Ritter
097aa52411 Bug 1573622 - Do not enforce eval() assertions if userchrome.css is enabled r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D41814

--HG--
extra : moz-landing-system : lando
 2019-08-14 14:29:57 +00:00
Sebastian Streich
d9aecc626c Bug 1570658 - Add a Flag for Navigation-Nosniff r=ckerschb 
***
Revert Changes to Test

Differential Revision: https://phabricator.services.mozilla.com/D40618

--HG--
extra : moz-landing-system : lando
 2019-08-14 07:07:33 +00:00
Christoph Kerschbaumer
f5df74c740 Bug 1573145: Create ContentSecurityUtils.h/cpp and move AssertAboutPageHasCSP into it. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D41537

--HG--
extra : moz-landing-system : lando
 2019-08-14 10:15:09 +00:00
Jan Andre Ikenmeyer
e92e3d02f6 Bug 1560699 - Download FTP resources instead of rendering them. r=michal 
Differential Revision: https://phabricator.services.mozilla.com/D39702

--HG--
extra : moz-landing-system : lando
 2019-08-11 20:46:06 +00:00
Andrew McCreight
c706a636a8 Bug 1559489, part 4 - Remote-to-local window transplanting. r=tcampbell,bzbarsky 
This patch cleans up remote outer window proxies when we navigate back
into the process.

It adds a flag to mDanglingRemoteOuterProxies that is set in between
BrowsingContext::SetDocShell(), where we can tell that the browsing
context is going from being remote to being local, to
nsGlobalWindowOuter::SetNewDocument(), where the local outer window
proxy is actually created. Once the outer window is created, the
remote window proxies can be cleaned up in
CleanUpDanglingRemoteOuterWindowProxies().

The clean up is done by a process that is similar to object
transplanting, except that instead of looking in the cross-compartment
wrapper table for each compartment to find objects to be turned into
CCWs to the new object, it looks in the remote proxy map for each
compartment. SpiderMonkey doesn't know about the proxy maps, so this
has to be done by a new callback object CompartmentTransplantCallback.

Now that this cleanup is being done, it shouldn't be possible to wrap
a remote outer window proxy when the browsing context is local, so
MaybeWrapWindowProxy() can be simplified. I had to drop the assert
here that the browsing context has a window proxy because during clean
up we call wrap on a local outer window proxy before the BC gets the
window proxy set on it. I had the assert because my original plan was
to implicitly fix remote proxies during wrapping, but that is no
longer necessary.

Differential Revision: https://phabricator.services.mozilla.com/D38343

--HG--
extra : moz-landing-system : lando
 2019-08-13 19:09:59 +00:00
Sebastian Streich
abdca609f0 Bug 1567059 - Add test for CSP and Bookmarklet interaction r=ckerschb,bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D40652

--HG--
extra : moz-landing-system : lando
 2019-08-06 19:44:05 +00:00
Christoph Kerschbaumer
c515db9854 Bug 1573134: Inline evalAllowList within AssertEvalNotRestricted. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D41529

--HG--
extra : moz-landing-system : lando
 2019-08-13 11:59:11 +00:00
Cosmin Sabou
f134fff740 Bug 1571698 - Annotate tests that also crash on opt builds. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D41459

--HG--
extra : moz-landing-system : lando
 2019-08-10 00:45:51 +00:00
Kannan Vijayan
e53a880b1c Bug 1569262 - Rename nsIDocShellTreeItem::GetRootTreeItem to GetInProcessRootTreeItem for Fission marking. r=nika 
Differential Revision: https://phabricator.services.mozilla.com/D41064

--HG--
extra : moz-landing-system : lando
 2019-08-07 19:24:00 +00:00
Tom Ritter
95fbdde774 Bug 1572153 - Fix recording of Telemetry Events for Eval Usage r=chutten 
Differential Revision: https://phabricator.services.mozilla.com/D41045

--HG--
extra : moz-landing-system : lando
 2019-08-07 16:55:22 +00:00
Birunthan Mohanathas
c561f0a0ae Bug 1376309 - Allow localhost ws:// connections from secure origins. r=jkt 
We already allow HTTPS origins to use to plain HTTP active content when using
loopback URLs such as http://127.0.0.1. Lets extend this to WebSocket
connections as well to match Chrome.

Differential Revision: https://phabricator.services.mozilla.com/D38290

--HG--
extra : moz-landing-system : lando
 2019-08-07 00:19:59 +00:00
Andreea Pavel
8f56db01f7 Backed out changeset d0aae34d9b95 (bug 1529068) for failing form-redirected-blocked.sub.html on a CLOSED TREE 
--HG--
extra : rebase_source : 4d7a73e1f40de001031c61fba240c57961a902d8
 2019-08-07 01:39:29 +03:00
Benjamin
455d7a7789 Bug 1529068 - navigate-to r=ckerschb,mccr8 
Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-08-06 18:27:45 +00:00
Tom Ritter
20c32a0175 Bug 1570738 - Record Telemetry if eval() is used in the Parent Process r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D40332

--HG--
extra : moz-landing-system : lando
 2019-08-06 19:56:23 +00:00
Mihai Alexandru Michis
4bcc3ac00a Backed out changeset 8de4baa1dee3 (bug 1570658) for causing mochitest failures. CLOSED TREE 2019-08-06 14:19:31 +03:00
Sebastian Streich
6f2b641d45 Bug 1570658 - Add a Flag for Navigation-Nosniff r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D40618

--HG--
extra : moz-landing-system : lando
 2019-08-05 14:58:13 +00:00
Emilio Cobos Álvarez
6da1e7506f Bug 1499000 - Make CORS use the right security flags to check whether an URL can be loaded. r=ckerschb 
This fixes at least part of the problem. Without this patch, some of the flags
may get lost, like the ALLOW_CHROME flag which controls whether stuff like
resource:// URLs can be loaded or not.

Differential Revision: https://phabricator.services.mozilla.com/D40633

--HG--
extra : moz-landing-system : lando
 2019-08-05 19:28:00 +00:00
Nicholas Nethercote
dd63fcde4e Bug 1570212 - Convert dom.securecontext.whitelist_onions to a static pref. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D40160

--HG--
extra : moz-landing-system : lando
 2019-08-02 11:59:06 +00:00
Tom Ritter
0b9efb84de Bug 1567623 - Add Event Telemetry for cases where eval is triggered as System Principal r=chutten,bzbarsky,tcampbell 
Differential Revision: https://phabricator.services.mozilla.com/D39559

--HG--
extra : moz-landing-system : lando
 2019-08-01 20:45:31 +00:00
Tom Ritter
ef67c0b08b Bug 1567623 - Update AssertEvalNotUsingSystemPrincipal and re-enable it r=ckerschb 
We now correctly handle the following cases:
 - Thunderbird
 - the Browser Toolbox/Console
 - Two safe and common idioms
 - when general.config.filename is set and userChromeJS does shenanigans

We also change the function to only crash in Debug mode, and for Release channels
we report diagnostic information in a way that does not reveal user data.

Differential Revision: https://phabricator.services.mozilla.com/D39557

--HG--
extra : moz-landing-system : lando
 2019-08-01 20:45:01 +00:00
Tom Ritter
88465c445c Bug 1567623 - Rename whitelist to allowlist r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D39556

--HG--
extra : moz-landing-system : lando
 2019-08-01 20:44:42 +00:00
Tom Ritter
255fd27415 Bug 1567623 - Change doContentSecurityCheck logging from Debug to Verbose r=ckerschb 
They are too frequent and too verbose to see any other logging statements.

Differential Revision: https://phabricator.services.mozilla.com/D39555

--HG--
extra : moz-landing-system : lando
 2019-08-01 20:44:38 +00:00
Kris Maglione
d7c7e749a4 Bug 1569832: Part 0 - Update crash annotations one last time. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D40096

--HG--
extra : moz-landing-system : lando
 2019-08-01 00:53:25 +00:00
Sebastian Streich
6917b697b8 Bug 1428473 Support X-Content-Type-Options: nosniff when navigating r=ckerschb,dragana,alchen 
***
Apply Requested Revision

Differential Revision: https://phabricator.services.mozilla.com/D33959

--HG--
extra : moz-landing-system : lando
 2019-07-31 16:59:53 +00:00
Tom Schuster
af8f619ad2 Bug 1558915 - Use infallible nsIURI::SchemeIs in dom/security. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D39779

--HG--
extra : moz-landing-system : lando
 2019-07-30 07:23:18 +00:00
Christoph Kerschbaumer
ad40847192 Bug 1567877: Apply Meta CSP to about:devtools-toolbox. r=jdescottes,Ehsan 
Differential Revision: https://phabricator.services.mozilla.com/D39328

--HG--
extra : moz-landing-system : lando
 2019-07-30 07:14:09 +00:00
Thomas Nguyen
2bfaa83f89 Bug 1567573 - Apply Referrer-Policy header from redirect response r=michal 
Differential Revision: https://phabricator.services.mozilla.com/D38879

--HG--
extra : moz-landing-system : lando
 2019-07-29 13:51:17 +00:00
Thomas Nguyen
e0791bcabb Bug 1566833 - Add a test of loading a page in different process r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D39657

--HG--
extra : moz-landing-system : lando
 2019-07-29 10:41:30 +00:00
Bogdan Tara
3736b292dc Merge inbound to mozilla-central. a=merge 2019-07-27 00:38:36 +03:00
Kannan Vijayan
3fb6190ec6 Bug 1559414 - Rename unaudited pre-fission methods with SameProcess for future audit burndown. r=nika 
Differential Revision: https://phabricator.services.mozilla.com/D39378

--HG--
extra : moz-landing-system : lando
 2019-07-26 16:48:31 +00:00
Kris Maglione
87884612c0 Bug 1568035: Part 4 - Update test expections for Fission. r=mccr8 
Some failures crept in and out after my last sets of annotations landed. This
patch updates most of the annotations to deal with them.

MANUAL PUSH: Lando won't let me land.

Differential Revision: https://phabricator.services.mozilla.com/D39462

--HG--
extra : rebase_source : 4cfccf95c5bb2521533a9f5c4c25d67f414fb6f5
extra : histedit_source : c19187a3b3002e0eebdd809738b57641e1e432cd
 2019-07-24 13:06:57 -07:00
Nicholas Nethercote
18fae65f38 Bug 1563139 - Remove StaticPrefs.h. r=glandium 
This requires replacing inclusions of it with inclusions of more specific prefs
files.

The exception is that StaticPrefsAll.h, which is equivalent to StaticPrefs.h,
and is used in `Codegen.py` because doing something smarter is tricky and
suitable for a follow-up. As a result, any change to StaticPrefList.yaml will
still trigger recompilation of all the generated DOM bindings files, but that's
still a big improvement over trigger recompilation of every file that uses
static prefs.

Most of the changes in this commit are very boring. The only changes that are
not boring are modules/libpref/*, Codegen.py, and ServoBindings.toml.

Differential Revision: https://phabricator.services.mozilla.com/D39138

--HG--
extra : moz-landing-system : lando
 2019-07-26 01:10:23 +00:00
Jonas Allmann
d329aefed1 Bug 1498560 - Remove new Function from autocomplete.xml, r=mak 
Differential Revision: https://phabricator.services.mozilla.com/D38041

--HG--
extra : moz-landing-system : lando
 2019-07-25 13:56:57 +00:00
Andreea Pavel
e4263c00eb Merge mozilla-inbound to mozilla-central. a=merge 2019-07-25 08:59:39 +03:00
Julian Descottes
dc88f9a8eb Bug 1550476 - Remove jsol.js from nsContentSecurityManager whitelist r=ckerschb 
Depends on D38515

Differential Revision: https://phabricator.services.mozilla.com/D38621

--HG--
extra : moz-landing-system : lando
 2019-07-19 07:26:32 +00:00
Julian Descottes
62f7f4274d Bug 1550471 - Remove jszip.js from nsContentSecurityManager whitelist r=ckerschb 
Depends on D38517

Differential Revision: https://phabricator.services.mozilla.com/D38620

--HG--
extra : moz-landing-system : lando
 2019-07-19 07:26:54 +00:00
Julian Descottes
fd9d673a34 Bug 1550463 - Remove lodash.js from nsContentSecurityManager whitelist r=ckerschb 
Depends on D38516

Differential Revision: https://phabricator.services.mozilla.com/D38619

--HG--
extra : moz-landing-system : lando
 2019-07-19 07:27:11 +00:00
Julian Descottes
f25a6fd1fb Bug 1550489 - Remove react-redux.js from nsContentSecurityManager whitelist r=ckerschb 
Depends on D38513

Differential Revision: https://phabricator.services.mozilla.com/D38618

--HG--
extra : moz-landing-system : lando
 2019-07-19 07:27:44 +00:00
Julian Descottes
39e4e14e35 Bug 1550485 - Remove redux.js from nsContentSecurityManager whitlelist r=ckerschb 
Depends on D38514

Differential Revision: https://phabricator.services.mozilla.com/D38617

--HG--
extra : moz-landing-system : lando
 2019-07-19 07:27:51 +00:00
Jonathan Kingston
9cd90ac210 Bug 1301529 - Remove X-Frame-Options allow-from. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D38672

--HG--
extra : moz-landing-system : lando
 2019-07-24 12:23:32 +00:00
Sebastian Streich
d19c155e9e Bug 1100630 - Print Related JS-Line on CSP Violation (if any) r=ckerschb,dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D31420

--HG--
extra : moz-landing-system : lando
 2019-07-22 09:31:57 +00:00
Kris Maglione
e40b418215 Bug 1566952: Part 2 - Update Fission failure annotations after skipping crashes. r=mccr8 
When a test crashes, the harness skips all of the remaining tests in the
directory. That means that with crashes skipped, we now try to run a whole lot
more tests than we did before, and a lot of them fail under Fission.

This patch adds annotations to the new failures that show up after part 1.

Differential Revision: https://phabricator.services.mozilla.com/D38726

--HG--
extra : rebase_source : 292157039c88fc615f5de41679e96e72766ac4db
 2019-07-19 12:30:10 -07:00
Kris Maglione
4bd4d680d4 Bug 1566952: Part 1 - Annotate mochitests that crash with Fission enabled. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D38725

--HG--
extra : rebase_source : 3e8b32b86b12b22d038baa770070a5c8095043c9
 2019-07-17 13:37:48 -07:00
Thomas Nguyen
20e4651f5b Bug 1566417 - Update to use ReferrerInfo in prefetch and preload URI r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D38323

--HG--
extra : moz-landing-system : lando
 2019-07-19 11:42:09 +00:00
Tom Ritter
87cbad22ea Bug 1564527 - Enable AssertEvalNotUsingSystemPrincipal on Nightly builds r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37460

--HG--
extra : moz-landing-system : lando
 2019-07-18 18:22:06 +00:00
Christoph Kerschbaumer
1abe58c63c Bug 1550414: Add CSP test for setting parent location to javascript:. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D31233

--HG--
extra : moz-landing-system : lando
 2019-07-18 16:57:54 +00:00
Noemi Erli
0497bd7b16 Backed out changeset a98b795c2b3c (bug 1100630) for Linting failure CLOSED TREE 2019-07-18 19:19:48 +03:00
Sebastian Streich
fa947e166a Bug 1100630 - Print Related JS-Line on CSP Violation (if any) r=ckerschb,dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D31420

--HG--
extra : moz-landing-system : lando
 2019-07-18 15:14:41 +00:00
Ciure Andrei
d835b44a76 Merge inbound to mozilla-central. a=merge 2019-07-18 06:46:41 +03:00
Kris Maglione
0962c2b731 Bug 1566182: Annotate mochitests that fail with Fission enabled. r=mccr8 
My preference was to annotate most of the failing tests with `fail-if` so that
if they start passing, the `fail-if` needs to be removed and they need to keep
passing. That doesn't work for tests that timeout, or which trigger failures
from their cleanup functions, however, so those tests need skip-if. And tests
with fail in their cleanup functions likely leave the browser in an
inconsistent state for subsequent tests, anyway, so really should be skipped
regardless.

There are some remaining tests which still fail because of crashes. I chose
not to skip them here, but to fix the crashes in separate bugs instead.

Differential Revision: https://phabricator.services.mozilla.com/D38247

--HG--
extra : rebase_source : 39ba8fec2e882cfe577c5f2b58ab7e4b461f1178
 2019-07-15 16:19:32 -07:00
Jonas Allmann
99aa2c2af6 Bug 1560915 - Hardcode minimal eval()-whitelist for test files into eval()-assertion, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37695

--HG--
extra : moz-landing-system : lando
 2019-07-17 12:21:29 +00:00
Coroiu Cristina
a456952e71 Backed out changeset 8b0c5e44d937 (bug 1100630) for wpt failures at securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html on a CLOSED TREE 2019-07-17 17:10:03 +03:00
Sebastian Streich
975121a09a Bug 1100630 - Print Related JS-Line on CSP Violation (if any) r=ckerschb,dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D31420

--HG--
extra : moz-landing-system : lando
 2019-07-17 10:54:07 +00:00
Thomas Nguyen
fc05893051 Bug 1546334 - Use referrerInfo in style system. r=heycam 
Differential Revision: https://phabricator.services.mozilla.com/D36478

--HG--
extra : moz-landing-system : lando
 2019-07-16 11:43:56 +00:00
Thomas Nguyen
268b26c194 Bug 1546334 - Add hash and equals to make ReferrerInfo becomes key of hashtable. r=heycam 
Differential Revision: https://phabricator.services.mozilla.com/D37577

--HG--
extra : moz-landing-system : lando
 2019-07-16 15:03:56 +00:00
Thomas Nguyen
a4dabe848c Bug 1546334 - Add function to create referrerInfo object to use for style system r=heycam 
Differential Revision: https://phabricator.services.mozilla.com/D36474

--HG--
extra : moz-landing-system : lando
 2019-07-16 15:03:56 +00:00
Sebastian Streich
0204171ff0 Bug 1452037 - Fix Whitelisting of javascript-uris with csp hash r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35412

--HG--
extra : moz-landing-system : lando
 2019-07-16 13:25:05 +00:00
Mihai Alexandru Michis
71a457f2bf Backed out changeset c06eb27d0c64 (bug 1561964) for mochitest failures CLOSED TREE 2019-07-15 23:55:52 +03:00
Agi Sferro
4ea8939322 Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37488

--HG--
extra : moz-landing-system : lando
 2019-07-15 19:42:38 +00:00
Frederik Braun
0d65cdff13 Bug 1565988 - fix typo in comment referencing follow-up work r=Pike 
Differential Revision: https://phabricator.services.mozilla.com/D38050

--HG--
extra : moz-landing-system : lando
 2019-07-15 10:16:28 +00:00
Razvan Maries
affddc7861 Backed out changeset 6e4d13741a0f (bug 1564527) for perma AddressSanitizer failures. CLOSED TREE 2019-07-13 02:05:25 +03:00
Tom Ritter
0ca0f2dea1 Bug 1564527 - Enable AssertEvalNotUsingSystemPrincipal on Nightly builds r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37460

--HG--
extra : moz-landing-system : lando
 2019-07-11 08:46:18 +00:00
Gijs Kruitbosch
b5b5d6a0ab Bug 1560178 - fix miscellaneous tests to allow them to keep working when disallowing remote content in the parent process, r=aswan,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36310

--HG--
extra : moz-landing-system : lando
 2019-07-12 16:27:58 +00:00
Dorel Luca
77d61d6a6f Backed out 5 changesets (bug 1560178) for Browser-chrome failures in builds/worker/workspace/build/src/dom/base/Document.cpp. CLOSED TREE 
Backed out changeset 1ff8a41dd3c1 (bug 1560178)
Backed out changeset 4aaeda889656 (bug 1560178)
Backed out changeset b1dfc0b5a14c (bug 1560178)
Backed out changeset 45fca0f1b675 (bug 1560178)
Backed out changeset fc2be64e4ece (bug 1560178)
 2019-07-12 18:38:34 +03:00
Gijs Kruitbosch
8b9bc73770 Bug 1560178 - fix miscellaneous tests to allow them to keep working when disallowing remote content in the parent process, r=aswan,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D36310

--HG--
extra : moz-landing-system : lando
 2019-07-12 12:35:59 +00:00
Tom Schuster
cb66417b55 Bug 1523706 - Use JavaScript mime type for two worker tests. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D37713

--HG--
extra : moz-landing-system : lando
 2019-07-11 13:26:39 +00:00
Sebastian Streich
c60f801089 Bug 1388015 - Add checks to respect CSP-wildcard + Ports r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35432

--HG--
extra : moz-landing-system : lando
 2019-07-04 11:30:17 +00:00
Thomas Nguyen
2beb089527 Bug 1557346 - Limit referer header length r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35990

--HG--
extra : moz-landing-system : lando
 2019-07-09 17:47:22 +00:00
Gurzau Raul
5c79b4341a Backed out changeset 9ba600ae3c02 (bug 1557346) for eslint failure at netwerk/test/unit/test_referrer.js on a CLOSED TREE. 2019-07-09 18:17:15 +03:00
Thomas Nguyen
64a9d9fea9 Bug 1557346 - Limit referer header length r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35990

--HG--
extra : moz-landing-system : lando
 2019-07-09 14:44:27 +00:00
Jonathan Kingston
31441f82ea Bug 1560455 - rename CodebasePrincipal to ContentPrincipal. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35504

--HG--
extra : moz-landing-system : lando
 2019-07-08 16:37:45 +00:00
Alex Catarineu
a8b667f825 Bug 467035 - Avoid leaking browser language via DTD r=Gijs,bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D34187

--HG--
extra : moz-landing-system : lando
 2019-07-08 10:47:05 +00:00
Alex Catarineu
dbce01f2ff Bug 467035 - Add new internal DTD content types r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35232

--HG--
extra : moz-landing-system : lando
 2019-07-03 17:28:25 +00:00
Andrea Marchesini
f9e570ba21 Bug 1514474 - Implement FeaturePolicy.features(), r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35802

--HG--
extra : moz-landing-system : lando
 2019-07-08 02:03:18 +00:00
Andrea Marchesini
e87202df68 Bug 1514296 - Rename Document.policy to Document.featurePolicy, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35801

--HG--
extra : moz-landing-system : lando
 2019-07-08 00:10:56 +00:00
Ciure Andrei
35fa9e2361 Backed out changeset fe8c2426d9d3 (bug 1514474) for causing beta simulation failures CLOSED TREE 2019-07-08 04:58:50 +03:00
Ciure Andrei
d94259f899 Backed out 2 changesets (bug 1514296) for causing beta simulation failures CLOSED TREE 
Backed out changeset 88f4a687f039 (bug 1514296)
Backed out changeset fe343795c247 (bug 1514296)
 2019-07-08 03:03:22 +03:00
Andrea Marchesini
5a8e4fdbe9 Bug 1514474 - Implement FeaturePolicy.features(), r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35802

--HG--
extra : moz-landing-system : lando
 2019-07-06 15:11:23 +00:00
Andrea Marchesini
e01cab332f Bug 1514296 - Rename Document.policy to Document.featurePolicy, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35801

--HG--
extra : moz-landing-system : lando
 2019-07-06 15:10:59 +00:00
Victor Porof
dcd795c16b Bug 1561435 - Avoid formatting sensitive fixtures for dom/, r=standard8 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D35954

--HG--
extra : source : 38fbb8d45dab9bb49aee901ed4f3e77843b531c3
extra : intermediate-source : d90b525c37ebb5d220a7fc5bac4c93d0736c3139
 2019-07-04 19:39:31 +02:00
Victor Porof
0a8ff0ad85 Bug 1561435 - Format dom/, a=automatic-formatting 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D35951

--HG--
extra : source : 62f3501af4bc1c0bd1ee1977a28aee04706a6663
 2019-07-05 10:44:55 +02:00
Razvan Maries
960e4c47d4 Merge mozilla-central to autoland. a=merge on a CLOSED TREE 2019-07-05 00:43:53 +03:00
Thomas Nguyen
2cf9034d70 Bug 1556827 - Dont send referrer in case of meta refresh redirect r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D35810

--HG--
extra : moz-landing-system : lando
 2019-07-04 19:58:35 +00:00
Oana Pop Rus
2ad74ef9f7 Merge mozilla-central to inbound. a=merge CLOSED TREE 2019-07-04 06:38:21 +03:00
Frederik Braun
56eaf048f5 Bug 1558745 - allow fxa to be loaded from systemprincipal (and then downgrade to content) r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35770

--HG--
extra : moz-landing-system : lando
 2019-07-03 13:59:28 +00:00
Cosmin Sabou
56754efbdb Backed out 3 changesets (bug 1514474, bug 1514296) for mochitest failures on test_featureList.html. CLOSED TREE 
Backed out changeset 52ae606e4cfa (bug 1514296)
Backed out changeset e74168e44dd7 (bug 1514474)
Backed out changeset a43f3aa0ea77 (bug 1514296)
 2019-07-03 17:29:15 +03:00
Andrea Marchesini
34e8781b21 Bug 1514474 - Implement FeaturePolicy.features(), r=ckerschb 
Depends on D35801

Differential Revision: https://phabricator.services.mozilla.com/D35802

--HG--
extra : moz-landing-system : lando
 2019-07-03 13:16:36 +00:00
Andrea Marchesini
0bcffcfa72 Bug 1514296 - Rename Document.policy to Document.featurePolicy, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35801

--HG--
extra : moz-landing-system : lando
 2019-07-03 13:02:05 +00:00
arthur.iakab
7bc47eec9b Backed out 2 changesets (bug 1552168) for causing mochitest crashes on test_menubar.xul CLOSED TREE 
Backed out changeset 83590619ce06 (bug 1552168)
Backed out changeset 7ff83cc5d33a (bug 1552168)
 2019-07-03 16:08:23 +03:00
Sebastian Streich
ce99ef5438 Bug 1552168 - Fix Tests that rely on data_uri.unique_opaque_origin r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D35006

--HG--
extra : moz-landing-system : lando
 2019-07-03 10:23:46 +00:00
Kris Maglione
f70e67ad2d Bug 1541557: Part 4 - Stop relying on synchronous preference getters/setters. r=nika 
The SpecialPowers set*Pref/get*Pref APIs currently use synchronous messaging
to set and get preference values from the parent process. Aside from directly
affecting callers of those APIs, it also affects callers of `pushPrefEnv`,
which is meant to be asynchronous, but is in practice usually synchronous due
to the synchronous messaging it uses.

This patch updates the getPref APIs to use the in-process preference service
(which most callers are expecting anyway), and also updates the callers of
the setPref and pushPrefEnv APIs to await the result if they're relying on it
taking effect immediately.

Unfortunately, there are some corner cases in tests that appear to only work
because of the quirks of the current sync messaging approach. The synchronous
setPref APIs, for instance, trigger preference changes in the parent
instantly, but don't update the values in the child until we've returned to
the event loop and had a chance to process the notifications from the parent.
The differnce in timing leads some tests to fail in strange ways, which this
patch works around by just adding timeouts.

There should be follow-ups for test owners to fix the flakiness.

Differential Revision: https://phabricator.services.mozilla.com/D35054

--HG--
extra : rebase_source : 941298157e7c82f420cf50ce057154ce9b85301c
extra : source : 189dc8a359815e059a4a217f788d183260bb2bfe
 2019-06-13 09:34:39 -07:00
Junior Hsu
cc64995f75 Bug 1504085 - P2 Let Origin: honor ReferrerPolicy for non-CORS r=tnguyen,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D34454

--HG--
extra : moz-landing-system : lando
 2019-06-14 22:24:33 +00:00
Junior Hsu
e8ba0890cc Bug 1504085 - P1 refactor ReferrerInfo for reuse referrer-policy algorithm r=tnguyen 
Differential Revision: https://phabricator.services.mozilla.com/D34453

--HG--
extra : moz-landing-system : lando
 2019-06-14 21:10:41 +00:00
Dorel Luca
93196dddee Backed out changeset 94e779e03d4f (bug 1504085) Requested by the dev. CLOSED TREE 2019-06-15 00:31:57 +03:00
Junior Hsu
40846dd97d Bug 1504085 - P2 Let Origin: honor ReferrerPolicy for non-CORS r=tnguyen,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D34454

--HG--
extra : moz-landing-system : lando
 2019-06-14 20:15:27 +00:00
Dorel Luca
7e70d4b667 Backed out changeset b1068cbce572 (bug 1504085) requested by the dev. CLOSED TREE 2019-06-15 00:07:02 +03:00
Junior Hsu
18c1b2bdf4 Bug 1504085 - P1 refactor ReferrerInfo for reuse referrer-policy algorithm r=tnguyen 
Differential Revision: https://phabricator.services.mozilla.com/D34453

--HG--
extra : moz-landing-system : lando
 2019-06-14 20:15:09 +00:00
Mark Banner
201255ab84 Bug 1558485 - Turn on ESLint for all of dom/ disabling most of the failing rules. r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D34761

--HG--
extra : moz-landing-system : lando
 2019-06-13 20:21:46 +00:00
Thomas Nguyen
1d636c1d2d Bug 1557636 Use Referrer info in worker and fix sharedworker's wrong referrer r=baku 
SharedWorker should use worker's referrer info instead of default value

Differential Revision: https://phabricator.services.mozilla.com/D34861

--HG--
extra : moz-landing-system : lando
 2019-06-13 20:37:34 +00:00
Boris Zbarsky
d5a8a4a595 Bug 1557793 part 3. Change the signatures of various nsContentUtils localization methods to play nicer with the new stringbundle API. r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D34201

--HG--
extra : moz-landing-system : lando
 2019-06-08 21:26:12 +00:00
Boris Zbarsky
9de72a3ac6 Bug 1557793 part 2. Stop using [array] in nsIStringBundle. r=Pike 
Differential Revision: https://phabricator.services.mozilla.com/D34196

--HG--
extra : moz-landing-system : lando
 2019-06-11 15:51:51 +00:00
Christoph Kerschbaumer
60c8666a31 Bug 1555050: Write test for large-allocation. r=bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D33611

--HG--
extra : moz-landing-system : lando
 2019-06-07 11:07:28 +00:00
Bogdan Tara
bde97b25f5 Backed out 2 changesets (bug 1555050) for test_reloadInFreshProcess.html failures CLOSED TREE 
Backed out changeset f5e954d593f8 (bug 1555050)
Backed out changeset b5b99e78b753 (bug 1555050)
 2019-06-06 23:13:52 +03:00
Christoph Kerschbaumer
d8e1a292ea Bug 1555050: Write test for large-allocation. r=bzbarsky 
Differential Revision: https://phabricator.services.mozilla.com/D33611

--HG--
extra : moz-landing-system : lando
 2019-06-06 18:09:03 +00:00
Thomas Nguyen
01ff0bf93f Bug 1534681 Use ReferrerInfo class in document r=ckerschb,baku,Gijs 
Also, in many place, we use document uri as referrer. It is not right
for the case srdoc iframe. We should use the last non-srdoc parent
document's uri

Differential Revision: https://phabricator.services.mozilla.com/D30191

--HG--
rename : testing/web-platform/tests/referrer-policy/generic/iframe-inheritance.html => testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-data.html
rename : testing/web-platform/tests/referrer-policy/generic/iframe-inheritance.html => testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-srcdoc.html
extra : moz-landing-system : lando
 2019-06-06 07:23:37 +00:00
Andrea Marchesini
0f177b50b5 Bug 1551798 - SameSite=lax by default and SameSite=none only if secure - tests, r=Ehsan 
Differential Revision: https://phabricator.services.mozilla.com/D31216

--HG--
extra : moz-landing-system : lando
 2019-06-05 12:19:52 +00:00
Jonathan Kingston
a9be4620ee Bug 1508939 - cpp serialization r=ckerschb,mccr8,mikedeboer 
Migrating to pure Cpp

Differential Revision: https://phabricator.services.mozilla.com/D29221

--HG--
extra : moz-landing-system : lando
 2019-06-03 12:37:12 +00:00
Christoph Kerschbaumer
7cdbee6cd7 Bug 1496418: Update Content Policy checks and allow CSP checks for system principal triggered loads. r=mccr8,baku 
Differential Revision: https://phabricator.services.mozilla.com/D32217

--HG--
extra : moz-landing-system : lando
 2019-06-03 06:04:25 +00:00
Csoregi Natalia
a51ae3670f Backed out 5 changesets (bug 1551798) for failures on test_rawSameSite.js. CLOSED TREE 
Backed out changeset 11ddc433b632 (bug 1551798)
Backed out changeset f2ac8efb023d (bug 1551798)
Backed out changeset 0f6e797b434f (bug 1551798)
Backed out changeset eae7f88660c8 (bug 1551798)
Backed out changeset 2ba747afb3d0 (bug 1551798)
 2019-05-30 10:17:01 +03:00
Andrea Marchesini
25006292a6 Bug 1551798 - SameSite=lax by default and SameSite=none only if secure - tests, r=Ehsan 
Differential Revision: https://phabricator.services.mozilla.com/D31216

--HG--
extra : moz-landing-system : lando
 2019-05-29 15:55:39 +00:00
arthur.iakab
944263f18a Backed out 5 changesets (bug 1551798) for multiple build bustages on StaticPrefList.h CLOSED TREE 
Backed out changeset c89daff34d97 (bug 1551798)
Backed out changeset bbc3f88b8c03 (bug 1551798)
Backed out changeset b87996b8a411 (bug 1551798)
Backed out changeset d88b0002d736 (bug 1551798)
Backed out changeset 0fe740c90e2b (bug 1551798)
 2019-05-29 18:07:26 +03:00
Andrea Marchesini
310e7f246c Bug 1551798 - SameSite=lax by default and SameSite=none only if secure - tests, r=Ehsan 
Differential Revision: https://phabricator.services.mozilla.com/D31216

--HG--
extra : moz-landing-system : lando
 2019-05-24 15:19:34 +00:00
Cosmin Sabou
d2dc3fe4d7 Bug 1552477 - Add "=" to the skip-if syntax. r=bustage CLOSED TREE 
--HG--
extra : amend_source : 4a979521cb075b7a265883d23c5a6c65149937ee
 2019-05-29 14:04:23 +03:00
Frederik Braun
2ff0dff5c2 Bug 1552477 - Disallow System Principal to load remote documents in nightly/early beta r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D31763

--HG--
extra : moz-landing-system : lando
 2019-05-29 10:06:15 +00:00
Ehsan Akhgari
70dba3be94 Bug 1547813 - Part 8: Introduce a CookieSettings API to query whether cookies from third-party trackers must be rejected and use it in Gecko; r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D30117

--HG--
extra : moz-landing-system : lando
 2019-05-25 01:25:43 +00:00
Christoph Kerschbaumer
796a800303 Bug 965637: Move CSP from Principal into Client, part 4: test updates. r=mccr8,jkt 
Differential Revision: https://phabricator.services.mozilla.com/D27657

--HG--
extra : moz-landing-system : lando
 2019-05-21 23:15:08 +00:00
Christoph Kerschbaumer
b633427366 Bug 965637: Move CSP from Principal into Client, part 1: backend changes. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D27654

--HG--
extra : moz-landing-system : lando
 2019-05-21 23:14:27 +00:00
Andrea Marchesini
289365e128 Bug 1551821 - Get rid of pref network.cookie.same-site.enabled, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D31217

--HG--
extra : moz-landing-system : lando
 2019-05-15 13:33:45 +00:00
Christoph Kerschbaumer
e454783943 Bug 1548385: Test CSP blocks scripts correctly within template. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D30480

--HG--
extra : moz-landing-system : lando
 2019-05-13 20:20:58 +00:00