gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-04 07:40:42 +00:00

Author	SHA1	Message	Date
Ehsan Akhgari	a4ac3ec0b4	Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell --HG-- rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h	2015-09-12 19:20:52 -04:00
Michael Layzell	092e4a4b9e	Bug 1188932 - Allow the User-Agent header to be explicitly set by requests, r=bkelly, r=jgraham	2015-09-12 12:46:09 -04:00
Christoph Kerschbaumer	60c4905182	Bug 1069762 - CSP: blocked-uri in violation reports should not contain sensitive data - tests (r=sstamm)	2014-10-17 14:22:27 -07:00
Richard Barnes	cba82e6dbd	Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi	2015-09-09 15:14:27 -04:00
Francois Marier	14eac63103	Bug 1202027 - Make SRI require CORS loads for cross-origin resources. r=ckerschb	2015-09-09 00:11:38 -07:00
Francois Marier	e510ad6b31	Bug 1202015 - Better document the SRI strings for translators. r=ckerschb	2015-09-09 00:10:25 -07:00
Ehsan Akhgari	6ac40622c3	Bug 1201229 - Return an empty string for a header when an error occurs; r=dragana This fixes nsIHttpChannel::GetRequestHeader() and nsIHttpChannel::GetResponseHeader() to always empty out their string argument even when they fail. This prevents programming mistakes of passing the same string object to multiple of these calls and using the string value without checking the nsresult error code, since otherwise the string value may be unchanged from a previous call. Note that this doesn't affect JS consumers of these APIs since we only empty out the string argument in case the method fails, which will be translated to a JS exception, and the JS code will never get to see the emptied string.	2015-09-08 20:08:35 -04:00
Ehsan Akhgari	978f461b95	Bug 1200869 - Empty the header value for code hygiene; r=sicking	2015-09-02 19:53:35 -04:00
Ehsan Akhgari	a01e0f79fc	Bug 1200856 - Avoid the extra variable to make the string manipulation faster; r=sicking	2015-09-02 19:52:46 -04:00
Nicholas Nethercote	f44287005f	Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in code we control and which should be removable with a little effort. --HG-- extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973	2015-08-27 20:44:53 -07:00
Kyle Huey	b930db3a55	Bug 1196592: Make retargeting Fetch to another thread actually work. r=nsm --HG-- extra : rebase_source : 24801ef2546f6aa3d74b9193a104bb35e8103699	2015-08-28 13:49:07 -07:00
Christoph Kerschbaumer	a2daed5950	Bug 1198422 - CSP: Test fallback for nonce-src and hash-src (r=devitz)	2015-08-27 09:02:32 -07:00
Christoph Kerschbaumer	0500c010b8	Bug 1198422 - CSP: Allow nonce to load if default-src is not specified in second policy (r=dveditz)	2015-08-25 16:11:04 -07:00
Ehsan Akhgari	1dda7b7d34	Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm	2015-08-25 21:43:40 -04:00
Francois Marier	f04275bd0b	Bug 1196740 - Consider redirects when looking for SRI-eligibility. r=ckerschb --HG-- rename : dom/security/test/sri/iframe_style_sameorigin.html => dom/security/test/sri/iframe_style_crossdomain.html rename : dom/security/test/sri/script_crossdomain4.js => dom/security/test/sri/script_crossdomain5.js rename : dom/security/test/sri/style1.css => dom/security/test/sri/style_301.css rename : dom/security/test/sri/test_style_sameorigin.html => dom/security/test/sri/test_style_crossdomain.html	2015-08-25 13:38:39 -07:00
Christoph Kerschbaumer	be38f76461	Bug 1096724 - Update csp/test_base-uri to rely on postmessage instead of observers. r=dveditz	2015-08-18 11:42:43 -07:00
Ryan VanderMeulen	ec860a87f6	No bug - Use the correct requestLongerTimeout syntax. a=bustage	2015-08-18 12:53:55 -04:00
Ryan VanderMeulen	210ad6260a	No bug - Request a longer timeout for test_CrossSiteXHR_origin.html due to teetering on the edge of timing out on B2G debug.	2015-08-18 10:39:17 -04:00
Francois Marier	a196b8ef35	Bug 1195572 - Enable -Wformat-security in DOM::Security. r=ckerschb	2015-08-17 21:48:07 -07:00
Tanvi Vyas	550a74f51e	Bug 1182551 - HTTP top level page with HTTPS mixed passive frame should have STATE_IS_INSECURE. r=ttaubert	2015-08-13 17:13:51 -07:00
Tanvi Vyas	aa87627fac	Bug 1182551 - Don't set STATE_IS_BROKEN on HTTP pages when mixed content is allowed by default. r=smaug	2015-08-13 17:13:43 -07:00
Christoph Kerschbaumer	dad90516d6	Bug 1192955 - Use channel->ascynOpen2 for PING in docshell/base/nsDocShell.cpp (r=sicking)	2015-08-13 08:53:28 -07:00
Francois Marier	2a4ad76933	Bug 992096 - Implement Sub Resource Integrity [2/2]. r=ckerschb Mochitests	2015-08-12 20:19:16 -07:00
Francois Marier	34de332db0	Bug 992096 - Implement Sub Resource Integrity [1/2]. r=baku,r=ckerschb Code changes	2015-08-12 20:19:11 -07:00
Christoph Kerschbaumer	4b7d4aaed5	Bug 1187165 - Use channel->ascynOpen2 in dom/base/ImportManager (r=sicking)	2015-08-10 10:25:20 -07:00
Christoph Kerschbaumer	b7e53859ad	Bug 1182544 - Use channel->ascynOpen2 in dom/xml/XMLDocument.cpp (r=sicking)	2015-08-10 10:19:08 -07:00
Blake Kaplan	9b31f6bcfe	Bug 661604 - Re-enable this test because it works now. rs=wchen and try	2015-08-06 10:35:49 -07:00
Christoph Kerschbaumer	5dfe6ac07d	Bug 1188637 - Use channel->ascynOpen2 in dom/base/EventSource.cpp (r=sicking)	2015-08-04 20:06:19 -07:00
Christoph Kerschbaumer	221df08158	Bug 1182543 - Use channel->ascynOpen2 in dom/plugins/base/nsPluginHost.cpp (r=sicking)	2015-08-04 20:05:37 -07:00
Carsten "Tomcat" Book	57a966656a	merge mozilla-inbound to mozilla-central a=merge	2015-08-04 13:01:07 +02:00
Tanvi Vyas	87164ced3c	Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug	2015-08-03 15:25:21 -07:00
Christoph Kerschbaumer	f7e2152921	Bug 1096724 - Fix intermittent test_base-uri.html failures. r=ryanvm	2015-07-29 14:16:37 -07:00
Christoph Kerschbaumer	5d6e8c751f	Bug 1152574 - Do not report aborted XHR requests in web console (r=sicking)	2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer	f75b477899	Bug 1182539 - Use channel->ascynOpen2 in dom/base/nsDocument.cpp (r=sicking)	2015-07-31 08:58:14 -07:00
Christoph Kerschbaumer	90fee9adce	Bug 1182537 - Use channel->ascynOpen2 in dom/security/nsCORSListenerProxy (r=sicking)	2015-07-30 08:59:20 -07:00
Christoph Kerschbaumer	8f5542d747	Bug 1182537 - Use channel->ascynOpen2 in dom/base/Navigator.cpp (r=sicking,bz)	2015-07-27 20:39:17 -07:00
Marcos Caceres	2465cf3a99	Bug 1171200 - Add means of checking if a document links to a manifest. r=billm --HG-- rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm	2015-07-30 11:56:12 -04:00
Carsten "Tomcat" Book	401a15426c	Backed out changeset 4b328a6f7448 (bug 1171200) for frequent asan m1 test failures on a CLOSED TREE --HG-- rename : dom/manifest/ImageObjectProcessor.jsm => dom/manifest/ImageObjectProcessor.js rename : dom/manifest/ManifestProcessor.jsm => dom/manifest/ManifestProcessor.js rename : dom/manifest/ValueExtractor.jsm => dom/manifest/ValueExtractor.js extra : amend_source : 0a9fc98e1c76d4ede43714bac63bba8b43efe5d7	2015-07-30 15:11:48 +02:00
Marcos Caceres	79d86a6353	Bug 1171200 - Add means of checking if a document links to a manifest. r=billm --HG-- rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm	2015-07-29 16:58:00 +02:00
Francois Marier	7080a1190a	Bug 1187711 - Restrict -Wshadow to gcc and clang. r=KWierso CLOSED TREE	2015-07-27 17:12:58 -07:00
Francois Marier	5556697f0b	Bug 1187711 - Enable -Wshadow in DOM::Security. r=ckerschb	2015-07-27 16:14:56 -07:00
Christoph Kerschbaumer	9d66aa4b3b	Bug 1182540 - Use channel->ascynOpen2 in dom/html/HTMLTrackElement.cpp (r=sicking)	2015-07-25 10:29:22 -07:00
Josh Matthews	4130ff6d80	Bug 1186589 - Ensure CORS preflight requests are never intercepted. r=sicking	2015-07-23 10:25:12 -04:00
Christoph Kerschbaumer	25bee46b21	Bug 1173708 - Fix intermittent test_inlinescript error. r=dveditz --HG-- rename : dom/security/test/csp/file_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript.html	2015-07-20 11:25:24 -07:00
Carsten "Tomcat" Book	f821af7776	Backed out changeset cc377dd50503 (bug 1152574) for causing memory leaks on a CLOSED TREE --HG-- extra : rebase_source : 819a2a12c3fd9adb5a756292a287288efbdc01a3	2015-07-21 11:50:45 +02:00
Christoph Kerschbaumer	6b484e43cd	Bug 1152574 - Do not report aborted XHR requests in web console. r=sicking	2015-07-20 13:59:19 -07:00
Christoph Kerschbaumer	bab1940d4a	Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi)	2015-07-19 19:12:11 -07:00
mcaceres@mozilla.com	fa8ccba8c3	Backed out changeset 01d03b6be047 (bug 1171200) --HG-- rename : dom/manifest/ImageObjectProcessor.jsm => dom/manifest/ImageObjectProcessor.js rename : dom/manifest/ManifestProcessor.jsm => dom/manifest/ManifestProcessor.js rename : dom/manifest/ValueExtractor.jsm => dom/manifest/ValueExtractor.js	2015-07-17 11:45:59 +10:00
Birunthan Mohanathas	a8939590de	Bug 1182996 - Fix and add missing namespace comments. rs=ehsan The bulk of this commit was generated by running: run-clang-tidy.py \ -checks='-,llvm-namespace-comment' \ -header-filter=^/.../mozilla-central/. \ -fix	2015-07-13 08:25:42 -07:00
Christoph Kerschbaumer	69eba2fa6a	Bug 1139297 - Implement CSP upgrade-insecure-requests directive - cors tests (r=smaug) --HG-- extra : rebase_source : 59ab74d90890d6756de82b64808ff35a947f0c2c	2015-07-10 09:17:17 -07:00

1 2 3

137 Commits