Commit Graph

1585 Commits

Author SHA1 Message Date
Ehsan Akhgari
9de6bbbaec Bug 1261019 - Part 3: Remove Navigator.mozApps and code depending on it; r=myk,jryans,fabrice,mcmanus,peterv 2016-10-13 13:18:41 -04:00
Christoph Kerschbaumer
fb07f658e3 Bug 1305012 - Downgrade a new channel's principal to NullPrincipal. r=smaug 2016-10-05 21:19:51 +02:00
Cameron McCormack
418bfe72a3 Bug 1300720 - Part 2: Lazily initialize nsScriptSecurityManager::mFileURIWhitelist. r=bholley
MozReview-Commit-ID: 8cqHUlOnsEH
2016-10-03 12:43:17 +08:00
Olli Pettay
9f0454f829 Bug 1306300, null check nsILoadContext in GetLoadContextCodebasePrincipal, r=baku 2016-09-29 20:31:50 +03:00
Gijs Kruitbosch
7de765df42 Bug 1290668 - unbreak view-source links between http and https pages, r=smaug
MozReview-Commit-ID: B4nXTkMC5LE

--HG--
extra : rebase_source : ad7086b7ff58f44b12c3eaaf9b7be8c8955762a5
2016-09-27 13:31:53 +01:00
Tooru Fujisawa
10dd75211d Bug 1289050 - Part 2: Use ASCII or Latin1 variants of JS_ReportError in not-simple cases. r=jwalden 2016-08-15 19:20:01 +09:00
Jonathan Hao
8a70bfa5fc Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions. r=baku
--HG--
extra : rebase_source : da81c21da92810d808ebe865a456cc9d04058ce3
2016-09-20 16:35:21 +08:00
Tracy Walker
ab9e34053d Bug 1279087 - In caps/tests/mochitests/bug995943.xul, widen range of assertion check for OSX 10.10 to 5-9 to reduce intermittent test timeouts. r=emk 2016-09-26 08:13:38 -05:00
Ehsan Akhgari
9d56bec7a1 Bug 1297687 - Part 5: Require passing an OriginAttribute when constructing an nsExpandedPrincipal; r=bholley 2016-09-22 13:28:04 -04:00
Ehsan Akhgari
e45aad00ec Bug 1297687 - Part 3: Ensure that the expanded principal of a sandbox has a sensible OriginAttributes; r=bholley
This patch allows specifying an OriginAttributes when creating a sandbox
using Components.utils.Sandbox() by specifying an originAttributes
member on the options dictionary.

If an OA is specified in this way, it is used for creating codebase
principals from the string arguments passed to the function.  Otherwise,
if one or more principals are passed in the array argument to Sandbox(),
the OA of the principal(s) is used to construct codebase principals from
the strings inside the array.  In this case, we check to make sure that
all of the passed principals have the same OA, otherwise we'll throw an
exception.

In case no explicit OA is specified and no principals are passed in the
array argument, we create the codebase principals using a default OA.
2016-09-22 13:27:51 -04:00
Ehsan Akhgari
5404c2dc93 Bug 1297687 - Part 2: Allow specifying an OriginAttribute when creating an expanded principal; r=bholley 2016-09-22 13:27:40 -04:00
Ehsan Akhgari
6b65aceec2 Bug 1297687 - Part 1: Remove nsIScriptSecurityManager.createExpandedPrincipal(); r=bholley 2016-09-22 13:27:33 -04:00
Christoph Kerschbaumer
bc9a70d964 Bug 1297338 - Introduce concept of principalToInherit to docshell and scriptSecurityManager. r=bz 2016-09-20 08:36:25 +02:00
Nicholas Nethercote
8c9e80a613 Bug 1297300 - Add missing checks to GetSpec() calls in caps/ and js/. r=mrbkap.
This required making GetScriptLocation() fallible.

--HG--
extra : rebase_source : a678e86c443988897d88550bec1cd1d21c3e919e
2016-08-30 14:22:04 +10:00
Michael Layzell
36e08437d0 Bug 1018486 - Part 8: Various other changes, r=smaug
MozReview-Commit-ID: B0dsomkWgEk
2016-09-07 10:50:45 -04:00
Yoshi Huang
10b437080c Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug 2016-09-06 10:25:58 +08:00
Yoshi Huang
85a594681d Bug 1260931 - Part 1: add firstPartyDomain. r=smaug
Add an origin attribute called 'firstPartyDomain'.
This value will be extracted from the URL bar.

And the purpose of this attribute is used to isolate the data-jars.
Please see the tor documentation.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

The idea is like a superset of 'reject third party cookies', but not
only apply for cookies, it also applies to all data-jars like localStorage,
indexedDB and so on.

So basically an iframe will have its own data-jar, and this data-jar is
isolated by the URL from URL bar, for instance, an iframe
https://facebook.com inside https://cnn.com won't share data-jar with
the iframe (https://facebook.com) in https://bbc.com
2016-09-06 10:25:48 +08:00
Sebastian Hengst
60d03b201e Backed out changeset 935ffd53f193 (bug 1260931) for failing xpcshell test test_packaged_app_service.js. r=backout 2016-09-05 21:16:10 +02:00
Sebastian Hengst
c9519f7c29 Backed out changeset b9afda2804fd (bug 1260931) 2016-09-05 21:15:29 +02:00
Yoshi Huang
6cca1d0c54 Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug 2016-09-06 01:50:30 +08:00
Yoshi Huang
6c3b62e2fb Bug 1260931 - Part 1: add firstPartyDomain. r=smaug
Add an origin attribute called 'firstPartyDomain'.
This value will be extracted from the URL bar.

And the purpose of this attribute is used to isolate the data-jars.
Please see the tor documentation.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

The idea is like a superset of 'reject third party cookies', but not
only apply for cookies, it also applies to all data-jars like localStorage,
indexedDB and so on.

So basically an iframe will have its own data-jar, and this data-jar is
isolated by the URL from URL bar, for instance, an iframe
https://facebook.com inside https://cnn.com won't share data-jar with
the iframe (https://facebook.com) in https://bbc.com
2016-09-06 01:50:15 +08:00
Wes Kocher
a2ca4e17ce Backed out changeset 1e7eb0625d3e (bug 1297687) a=merge 2016-09-02 13:18:37 -07:00
Sebastian Hengst
7080f0c942 Backed out changeset dd200883aa79 (bug 1260931) for permafailing test_child_docshell.html on Android debug. r=backout 2016-09-02 15:33:51 +02:00
Sebastian Hengst
df3ad10e28 Backed out changeset 10da0eca7bbb (bug 1260931) 2016-09-02 15:33:51 +02:00
Sebastian Hengst
31c5f85098 Backed out 5 changesets (bug 1260931)
Backed out changeset 86e1a437021b (bug 1260931)
Backed out changeset be65e87da9e3 (bug 1260931)
Backed out changeset 39cff1d988fd (bug 1260931)
Backed out changeset 2fa7c4d8a5bc (bug 1260931)
Backed out changeset 075d612841fb (bug 1260931)
2016-09-02 14:55:59 +02:00
Sebastian Hengst
7db44d87f4 Backed out changeset dd200883aa79 (bug 1260931) for permafailing test_child_docshell.html on Android debug. r=backout 2016-09-02 14:39:43 +02:00
Sebastian Hengst
5bbaac898b Backed out changeset 10da0eca7bbb (bug 1260931) 2016-09-02 14:38:42 +02:00
Yoshi Huang
88b9430165 Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug 2016-09-02 15:04:40 +08:00
Yoshi Huang
e48e6c5e6c Bug 1260931 - Part 1: add firstPartyDomain. r=smaug
Add an origin attribute called 'firstPartyDomain'.
This value will be extracted from the URL bar.

And the purpose of this attribute is used to isolate the data-jars.
Please see the tor documentation.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

The idea is like a superset of 'reject third party cookies', but not
only apply for cookies, it also applies to all data-jars like localStorage,
indexedDB and so on.

So basically an iframe will have its own data-jar, and this data-jar is
isolated by the URL from URL bar, for instance, an iframe
https://facebook.com inside https://cnn.com won't share data-jar with
the iframe (https://facebook.com) in https://bbc.com
2016-09-02 15:04:40 +08:00
Nicholas Nethercote
b71747b2ac Bug 1299727 - Rename NS_WARN_IF_FALSE as NS_WARNING_ASSERTION. r=erahm.
The new name makes the sense of the condition much clearer. E.g. compare:

  NS_WARN_IF_FALSE(!rv.Failed());

with:

  NS_WARNING_ASSERTION(!rv.Failed());

The new name also makes it clearer that it only has effect in debug builds,
because that's standard for assertions.

--HG--
extra : rebase_source : 886e57a9e433e0cb6ed635cc075b34b7ebf81853
2016-09-01 15:01:16 +10:00
Ehsan Akhgari
7d8261a6b9 Bug 1297687 - Use the OriginAttributes associated with a window principal when creating a Sandbox with an expanded principal; r=baku 2016-09-01 14:34:23 -04:00
Andrea Marchesini
d4c8ccb2d4 Bug 1298664 - Indentation fix in nsPrincipal::SubsumesInternal, r=smaug 2016-08-29 05:26:41 +02:00
Yoshi Huang
69ed1a79e4 Bug 1244340 - Part 2: add setOriginAttributes in nsIXMLHttpRequest. r=sicking
Add a ChromeOnly method called 'setOriginAttributes' on the XMLHttpRequest,
so that we can override the origin attributes for those XHRs running by XUL
(which will use System Principal).
2016-08-26 18:59:00 +08:00
Kan-Ru Chen
b6d880aca1 Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj
The patch is generated from following command:

  rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,

MozReview-Commit-ID: AtLcWApZfES


--HG--
rename : mfbt/unused.h => mfbt/Unused.h
2016-08-24 14:47:04 +08:00
Kan-Ru Chen
29b9a17a92 Bug 1295103 - Use MOZ_MUST_USE in OriginAttributes. r=allstars
MozReview-Commit-ID: PWUb81L8ya

--HG--
extra : rebase_source : 2bdc7adc7a6b5fd121a4621086fab6f87834dd20
2016-08-15 18:22:44 +08:00
Dragana Damjanovic
67635a6600 Bug 1295636 - SetHostPort should reset the port if the host parameter does not have a port number. r=valentin, r=smaug
--HG--
extra : rebase_source : 2e63afd5708c55810206f9bc47b6f078a0824400
2016-08-17 23:25:00 -04:00
Wes Kocher
e9097643d5 Merge inbound to central, a=merge 2016-08-12 13:44:29 -07:00
Jan de Mooij
0ad12515f4 Bug 1292892 part 1 - Stop using JSRuntime outside SpiderMonkey. r=bz,terrence,fitzgen,kanru 2016-08-11 14:39:22 +02:00
Nicholas Nethercote
bab6d17ebf Bug 1293117 (part 4) - Change many NS_IMETHODIMP occurrences to NS_IMETHOD. r=froydnj.
This patch makes the following changes on many in-class methods.

- NS_IMETHODIMP F() override;      --> NS_IMETHOD F() override;
- NS_IMETHODIMP F() override {...} --> NS_IMETHOD F() override {...}
- NS_IMETHODIMP F() final;         --> NS_IMETHOD F() final;
- NS_IMETHODIMP F() final {...}    --> NS_IMETHOD F() final {...}

Using NS_IMETHOD is the preferred way of marking in-class virtual methods.
Although these transformations add an explicit |virtual|, they are safe --
there's an implicit |virtual| anyway because |override| and |final| only work
with virtual methods.

--HG--
extra : rebase_source : 386ee4e4ea2ecd8d5001efabc3ac87b4d6c0659f
2016-08-08 10:54:47 +10:00
Rob Wu
9069fff35f Bug 1197451 - Add clipboardWrite permission r=billm
MozReview-Commit-ID: 6d1mQSVWRPe

--HG--
extra : rebase_source : 2f19bab5c9d6db25c60b2b19c06c7027384a04ca
2016-07-08 17:19:17 -07:00
James Andreou
3585e16752 Bug 1283281 - Remove PB Flag from DOMStorage. r=jdm 2016-06-29 14:01:00 +02:00
Andrew McCreight
20456a6f50 Bug 1292289, part 2 - Remove includes of xpcprivate.h in caps/. r=mrbkap
Also remove some unused nsIXPConnect headers.

With the prior patch and this patch, touching xpcprivate.h does not
require rebuilding the caps directory.

MozReview-Commit-ID: HAL0FscGqjM

--HG--
extra : rebase_source : 6d0fcb66d5b6e2654919eb0d035c4365fb30273f
2016-08-04 11:19:24 -07:00
Thomas Wisniewski
6a1fb99d2b Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz 2016-07-30 00:24:56 -04:00
Yoshi Huang
84039380cc Bug 1287073 - remove SEC_FORCE_INHERIT_PRINCIPAL_WAS_DROPPED from nsILoadInfo r=sicking 2016-07-28 15:56:32 +08:00
Gijs Kruitbosch
61094e5a36 Bug 1280584 - implement cloneWithNewRef and thereby make hash/ref links use a simple unified codepath in the IO service, r=valentin
MozReview-Commit-ID: 8FIyclkJPDp

--HG--
extra : rebase_source : 49fb2b12488bd57a5417c7c3bff2211d651c5de7
extra : amend_source : d9940a1d9009930dc2f499417a7e1446d4601c20
2016-07-26 23:38:46 +01:00
Fabrice Desré
7846da76d6 Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
MozReview-Commit-ID: 9uVUrmuVFXQ

--HG--
extra : rebase_source : 20f6f0235667530c21aca4889b5d33e39c2d1a48
2016-03-03 09:58:47 -08:00
Carsten "Tomcat" Book
c7846e126c Backed out changeset 16aa7041c009 (bug 1287107) for causing xpcshell and mac tests 2016-07-22 11:30:23 +02:00
Fabrice Desré
f5b619fb28 Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
MozReview-Commit-ID: 9uVUrmuVFXQ

--HG--
extra : rebase_source : d0c19fcda5c72ecdce3b0d0bbbafa5a7954d7a4c
2016-03-03 09:58:47 -08:00
Tom Tromey
5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Carsten "Tomcat" Book
4a64baa9d4 merge mozilla-inbound to mozilla-central a=merge 2016-07-21 16:24:36 +02:00