Jonas Sicking
28de02f687
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-06 18:33:14 -05:00
Jonas Sicking
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d
Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout
2015-12-05 16:34:47 +01:00
Jonas Sicking
993136c2c9
Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb
2015-12-05 01:46:21 -08:00
Jonas Sicking
7fae3fd853
Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly
2015-12-05 01:46:20 -08:00
Jonas Sicking
ff12f48c5a
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-05 01:46:20 -08:00
Jonas Sicking
df33e62850
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-05 01:46:20 -08:00
Yury Delendik
5576308d8c
Bug 1218029 - Implements progressive Unicode chars decoding in nsScriptLoader. r=djvj
...
--HG--
extra : commitid : 4fqBUFXilM5
2015-11-30 08:54:52 -06:00
Yury Delendik
aeaf497a64
Bug 1218029 - Adds SRICheckDataVerifier for progressing data handling. r=francois
...
--HG--
extra : commitid : DLkHFWfJFxT
2015-11-30 08:54:40 -06:00
Yury Delendik
66199890c4
Bug 1218029 - Adds IncrementalStreamLoader interface stubs. r=djvj
...
--HG--
extra : commitid : J0UubFG9gvz
2015-11-30 08:54:11 -06:00
Christoph Kerschbaumer
20d9928a1b
Bug 1228116 - Relax Security checks for DTD loads. r=sicking
...
--HG--
extra : rebase_source : 53f2deeb44dd29dbb4d6f50a8435763cb07df8a1
2015-11-25 13:38:05 -08:00
sajitk
5fb2c53074
Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini
2015-11-23 11:09:25 -08:00
Ehsan Akhgari
76fa5db947
Bug 1210302 - Part 4: Add automated tests; r=sicking
2015-11-20 16:32:53 -05:00
Christoph Kerschbaumer
143b334dd4
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-20 10:55:54 -08:00
Christoph Kerschbaumer
d4843470df
Bug 1226324 - Do not use NS_ENSURCE_SUCCESS(rv, NS_OK) within nsContentSecurityManager. r=tanvi
2015-11-19 14:22:57 -08:00
Nigel Babu
ba8444d785
Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE
2015-11-19 14:26:33 +05:30
Christoph Kerschbaumer
ab10273998
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-18 19:23:28 -08:00
Andrea Marchesini
36e922b9b7
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 22:41:54 +00:00
Wes Kocher
9d1f194cbb
Backed out 2 changesets (bug 1218433) for wpt failures CLOSED TREE
...
Backed out changeset 1cc8cc0444c0 (bug 1218433)
Backed out changeset 5418ca0e0378 (bug 1218433)
--HG--
extra : commitid : H1h8VHrzxx8
2015-11-16 11:13:43 -08:00
Andrea Marchesini
76aba80dc5
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 16:57:29 +00:00
Sebastian Hengst
a0cf7d50ad
Backed out 2 changesets (22360424ed15, 325a67608df0) (bug 1218433) for W(1,2) failures. r=backout on a CLOSED TREE
...
Backed out changeset 22360424ed15 (bug 1218433)
Backed out changeset 325a67608df0 (bug 1218433)
2015-11-15 15:56:45 +01:00
Andrea Marchesini
3285721a07
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking
2015-11-15 11:57:22 +00:00
Christoph Kerschbaumer
c941fd4008
Bug 663570 - Test 5: doc.write(meta csp) (r=sicking)
2015-11-14 19:30:24 -08:00
Christoph Kerschbaumer
749afb19d4
Bug 663570 - Test 4: update referrer tests (r=sicking)
2015-11-14 19:30:16 -08:00
Christoph Kerschbaumer
74f7445a35
Bug 663570 - Test 3: update upgrade-insecure-requests tests (r=sicking)
2015-11-14 19:30:08 -08:00
Christoph Kerschbaumer
55d2e60a7e
Bug 663570 - Test 2: meta and header dual test (r=sicking)
2015-11-14 19:29:58 -08:00
Christoph Kerschbaumer
82df3d1b9b
Bug 663570 - Test 1: baseline tests (r=sicking)
2015-11-14 19:29:45 -08:00
Christoph Kerschbaumer
3bac30dca9
Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking)
2015-11-14 19:29:18 -08:00
Christoph Kerschbaumer
96f42dd458
Bug 663570 - MetaCSP Part 1: CSP parser changes (r=sicking)
2015-11-14 19:27:59 -08:00
Jonas Sicking
27c89ea082
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
...
--HG--
rename : dom/workers/test/serviceworkers/test_eval_not_allowed.html^headers^ => dom/workers/test/serviceworkers/test_eval_allowed.html^headers^
2015-11-10 21:16:12 -08:00
Wes Kocher
2e6d1e7dfb
Backed out changeset d12f758f5f36 (bug 1223647) for android csp test failures
...
--HG--
extra : commitid : GRTvvKDy9Ki
2015-11-11 14:27:52 -08:00
Jonas Sicking
ea6cf63b0f
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
Kit Cambridge
8431cd65cd
Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana
...
--HG--
extra : commitid : 6RrHT77kcOj
extra : rebase_source : b5b498cc266e2c1c97459ace3da3febbb6a34e65
2015-11-10 10:50:46 -08:00
Christoph Kerschbaumer
1873ead519
Bug 1219931 - CSP: Don't allow removing a policy (r=sicking)
2015-11-02 08:04:15 -08:00
Christoph Kerschbaumer
50588ca7c1
Bug 1188028 - Queue up CSP console messages till windowID is available (r=sicking)
2015-11-11 06:23:57 -08:00
Christoph Kerschbaumer
a876eba5c9
Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking)
2015-07-27 11:57:56 -07:00
Phil Ringnalda
b98d58e46d
Back out changeset 4d6d9c1e52e4 (bug 1223647) for failures in test_csp.html, csp/test_redirects.html and csp/test_worker_redirect.html
...
--HG--
extra : rebase_source : a4a53053968cfa19e6544dd3e59e36ef23fcf353
2015-11-10 23:10:04 -08:00
Jonas Sicking
426e42e7f9
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
Kate McKinley
00b9a85bd6
Bug 1045891
- Tests for child-src r=ckerschb
2015-11-09 16:42:26 +09:00
Kate McKinley
67f4155fe6
Bug 1045891
- CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
Carsten "Tomcat" Book
4d6f05d2f8
merge mozilla-inbound to mozilla-central a=merge
2015-11-09 14:55:30 +01:00
Gregor Wagner
96837db759
Bug 1222478 - Enable more mulet tests. r=gerard-majax
2015-11-06 20:01:45 +01:00
Andrea Marchesini
9d98f9a481
Bug 1215235 - Drop support for jar: URIs by default, r=bz
2015-11-04 11:19:02 +00:00
Jonas Sicking
c9e5049446
Bug 1213646: Allow URI_IS_UI_RESOURCE and safe about: URIs when SEC_ALLOW_CHROME is set. r=bz
2015-11-04 00:05:16 -08:00
Andrew McCreight
0d2779ef10
Bug 1222105 - Make test_report.html and test_blocked_uri_in_reports.html work with e10s. r=ckerschb
2015-11-06 16:03:03 -08:00
Paolo Amadini
0238bd1276
Bug 1221365 - Tests for "Is origin potentially trustworthy?" logic. r=ckerschb,bkelly
2015-11-06 11:10:08 -08:00
Matthew Noorenberghe
a0a2b249c4
Bug 1221365 - Move "Is origin potentially trustworthy?" logic outside ServiceWorkerManager.cpp. r=ckerschb,bkelly
2015-11-06 11:10:17 -08:00
Wes Kocher
f8ad8afb5a
Backed out 4 changesets (bug 1045891
) for b2g mochitest 7 failures
...
Backed out changeset c590b18c5885 (bug 1045891
)
Backed out changeset 14818a2329a4 (bug 1045891
)
Backed out changeset e44d41985fed (bug 1045891
)
Backed out changeset 781a76befe01 (bug 1045891
)
--HG--
extra : commitid : 77UlfZzjWcg
2015-11-06 09:36:49 -08:00
Kate McKinley
3b59b81c93
Bug 1045891
- CSP 2 child-src implementation. r=ckerschb
2015-10-28 16:32:27 -07:00
Kate McKinley
ad73bf4611
Bug 1045891
- Tests for child-src. r=ckerschb
2015-09-30 15:26:25 -07:00
Carsten "Tomcat" Book
30ff2fd956
Backed out changeset 26e162e72ae1 (bug 1045891
)
2015-11-02 10:37:52 +01:00
Carsten "Tomcat" Book
deb9310786
Backed out changeset 895c42544609 (bug 1045891
)
2015-11-02 10:37:51 +01:00
Kate McKinley
d4da8266d4
Bug 1045891
- CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
Kate McKinley
38bf8db214
Bug 1045891
- Tests for child-src r=ckerschb
2015-09-30 15:26:25 -07:00
Andrew McCreight
5981b92f78
Bug 1219842 - Enable a bunch of mochitest-plain tests under e10s. r=mrbkap
2015-10-31 06:26:44 -07:00
Makoto Kato
1929f6c7c4
Bug 1218315 - Replace NS_LITERAL_STRING(...).get() with MOZ_UTF16(...) on dom. r=nfroyd
2015-10-28 14:29:57 +09:00
Christoph Kerschbaumer
d4eaf0fdf6
Bug 1191645 - Use channel->asycnOpen2 in dom/base/nsSyncLoadService.cpp. r=sicking
2015-10-26 14:22:59 -07:00
Christoph Kerschbaumer
ddb2d645e5
Bug 1194526 - Use channel->asycnOpen2 in dom/base/nsScriptLoader.cpp (r=sicking)
2015-10-19 18:33:37 -07:00
Jonas Sicking
d3a92a7fa1
Bug 1195167 part 5: Make FetchDriver use AsyncOpen2. r=bkelly
2015-10-19 18:24:36 -07:00
Jonas Sicking
be2deca017
Bug 1195167 part 1: Let necko handle all protocols. r=bkelly
2015-10-19 18:24:36 -07:00
Jonas Sicking
cc10dd7ad3
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-19 11:14:54 -07:00
Jonas Sicking
4316c13003
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-19 11:14:54 -07:00
Christoph Kerschbaumer
643f27c257
Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz)
2015-10-18 19:59:18 -07:00
Christoph Kerschbaumer
733163ef2b
Bug 1208559 - Tests. r=bholley
2015-10-18 19:37:40 -07:00
Nathan Froyd
01583602a9
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
...
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout. The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.
CLOSED TREE makes big refactorings like this a piece of cake.
# The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
xargs perl -p -i -e '
s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
s/nsRefPtr ?</RefPtr</g; # handle declarations and variables
'
# Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h
# Handle nsRefPtr.h itself, a couple places that define constructors
# from nsRefPtr, and code generators specially. We do this here, rather
# than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
# things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
mfbt/nsRefPtr.h \
xpcom/glue/nsCOMPtr.h \
xpcom/base/OwningNonNull.h \
ipc/ipdl/ipdl/lower.py \
ipc/ipdl/ipdl/builtin.py \
dom/bindings/Codegen.py \
python/lldbutils/lldbutils/utils.py
# In our indiscriminate substitution above, we renamed
# nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'
if [ -d .git ]; then
git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
Wes Kocher
c2b3d9275b
Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors
...
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
2015-10-15 14:07:06 -07:00
Jonas Sicking
2578b19458
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-15 12:18:21 -07:00
Jonas Sicking
81a15a3362
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-15 12:18:20 -07:00
Ben Kelly
d803731730
Bug 1210413 P2 Test CORS credentials on cross-origin redirects. r=sicking a=dveditz
2015-10-07 14:33:31 -07:00
Francois Marier
5adc75d084
Bug 1208629 - Properly support data: and blob: URIs with an integrity atribute. r=ckerschb
2015-10-07 11:27:19 -07:00
Carsten "Tomcat" Book
08997000eb
Backed out 2 changesets (bug 1202902
) to recking bug 1202902
to be able to reopen inbound on a CLOSED TREE
...
Backed out changeset 647025383676 (bug 1202902
)
Backed out changeset d70c7fe532c6 (bug 1202902
)
2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d
Backed out 1 changesets (bug 1202902
) for causing merge conflicts to mozilla-central
...
Backed out changeset cfc1820361f5 (bug 1202902
)
--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6
Bug 1202902
- Scripted fix the world.
2015-10-06 14:00:31 -07:00
Ehsan Akhgari
48e01cb303
Tests for bug 1200869; r=sicking
2015-09-29 23:12:52 -04:00
Ehsan Akhgari
1b07208138
Tests for bug 1200856; r=sicking
2015-09-29 23:12:51 -04:00
Christoph Kerschbaumer
fda3fd3cbf
Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStylesheetCompiler.cpp (r=sicking)
2015-09-28 16:34:47 -07:00
Christoph Kerschbaumer
a28aacf667
Bug 1048048 - add preload content policy types - tests (r=dveditz)
...
CLOSED TREE
--HG--
extra : source : 02c6d6aef163530bafee0d39761f18ca3aa1f40c
extra : amend_source : bff4f1c8ed0fe42addb24774b8c6dd89fe2c7905
2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
f3e1d73e58
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
...
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
2015-09-20 14:56:34 -07:00
Wes Kocher
cd079d2bf9
Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE
...
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
2015-09-21 09:08:34 -07:00
Christoph Kerschbaumer
b2de9adb18
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
2015-09-20 14:56:34 -07:00
Christoph Kerschbaumer
47de316d52
Bug 1048048 - add preload content policy types - tests (r=dveditz)
2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
6d3847c487
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
...
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
Wes Kocher
8414be2356
Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
...
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer
b01fc3ad90
Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking)
2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer
796647f603
Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz)
2015-09-17 22:34:49 -07:00
Christoph Kerschbaumer
8001d76219
Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz)
2015-09-17 22:34:16 -07:00
Ehsan Akhgari
59c135c176
Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi
2015-09-16 19:15:30 -04:00
Chris Peterson
bfd0628cd5
Bug 1203234 - Re-enable -Wshadow warnings in /dom/security. r=ckerschb
2015-09-14 22:54:22 -07:00
Christoph Kerschbaumer
1e5ee64415
Bug 1195162
- Use channel->ascynOpen2 dom/xbl/nsXBLService.cpp (r=sicking)
2015-09-14 18:59:35 -07:00
Ehsan Akhgari
a4ac3ec0b4
Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell
...
--HG--
rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp
rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h
2015-09-12 19:20:52 -04:00
Michael Layzell
092e4a4b9e
Bug 1188932 - Allow the User-Agent header to be explicitly set by requests, r=bkelly, r=jgraham
2015-09-12 12:46:09 -04:00
Christoph Kerschbaumer
60c4905182
Bug 1069762 - CSP: blocked-uri in violation reports should not contain sensitive data - tests (r=sstamm)
2014-10-17 14:22:27 -07:00
Richard Barnes
cba82e6dbd
Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi
2015-09-09 15:14:27 -04:00
Francois Marier
14eac63103
Bug 1202027 - Make SRI require CORS loads for cross-origin resources. r=ckerschb
2015-09-09 00:11:38 -07:00
Francois Marier
e510ad6b31
Bug 1202015 - Better document the SRI strings for translators. r=ckerschb
2015-09-09 00:10:25 -07:00
Ehsan Akhgari
6ac40622c3
Bug 1201229 - Return an empty string for a header when an error occurs; r=dragana
...
This fixes nsIHttpChannel::GetRequestHeader() and
nsIHttpChannel::GetResponseHeader() to always empty out their string
argument even when they fail. This prevents programming mistakes of
passing the same string object to multiple of these calls and using the
string value without checking the nsresult error code, since otherwise
the string value may be unchanged from a previous call.
Note that this doesn't affect JS consumers of these APIs since we only
empty out the string argument in case the method fails, which will be
translated to a JS exception, and the JS code will never get to see the
emptied string.
2015-09-08 20:08:35 -04:00
Ehsan Akhgari
978f461b95
Bug 1200869 - Empty the header value for code hygiene; r=sicking
2015-09-02 19:53:35 -04:00
Ehsan Akhgari
a01e0f79fc
Bug 1200856 - Avoid the extra variable to make the string manipulation faster; r=sicking
2015-09-02 19:52:46 -04:00
Nicholas Nethercote
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
Kyle Huey
b930db3a55
Bug 1196592: Make retargeting Fetch to another thread actually work. r=nsm
...
--HG--
extra : rebase_source : 24801ef2546f6aa3d74b9193a104bb35e8103699
2015-08-28 13:49:07 -07:00