Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-27 20:25:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
521,147 Commits 615 Branches 98 Tags 5.9 GiB
8c4ce17711
Commit Graph

43 Commits

Author SHA1 Message Date
Tim Huang
756cf900c9 Bug 1336802 - Part 2: Updating the whole code base to make sure nsILoadInfo get null check. r=smaug 
--HG--
extra : rebase_source : 22149fd540fd02119afe9fe5c9a815d01cf959c1
 2017-02-07 11:49:34 +08:00
Kate McKinley
0baeefeea1 Bug 1328460 - Don't send priming to IP or non-standard ports r=ckerschb 
MozReview-Commit-ID: GLyLfp8gqYt

--HG--
extra : rebase_source : f722504803ed63c5d3be9b84d5053cb1abea984e
 2017-01-23 14:01:43 -08:00
Kate McKinley
5ef79ef9a4 Bug 1313596 - Increase HSTS Priming default cache timeout. r=mayhemer 
MozReview-Commit-ID: 6sHuB4wIEu4

--HG--
extra : rebase_source : 9672c18384efe24f6cb5e1aa455217e37a97db90
 2016-11-10 00:30:00 -05:00
Andrea Marchesini
793b227795 Bug 1309818 - Fixing some warning when compiling dom/*, r=smaug 2016-10-13 14:33:07 +02:00
Kate McKinley
c57d400961 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally 
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

MozReview-Commit-ID: ES1JruCtDdX

--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
 2016-09-27 11:27:00 -04:00
Nicholas Nethercote
742fc7eb48 Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley. 
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:

  nsAutoCString spec;
  uri->GetSpec(spec);
  printf("uri: %s", spec.get());

to be changed to this:

  printf("uri: %s", uri->GetSpecOrDefault().get());

This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.

I will fold this into part 1 before landing.

--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
 2016-08-26 16:02:31 +10:00
Nicholas Nethercote
e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm. 
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
 2016-08-08 12:18:10 +10:00
Chris Peterson
b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Johann Hofmann
22b8fe594a Bug 1253771 - Add previous state info to mixed content callback. r=tanvi r=florian 
MozReview-Commit-ID: 5msNz97psok

--HG--
extra : rebase_source : 640f86c3cc0b9b5a842a0c104cb269915b727b4b
extra : histedit_source : 6ca75dac152d5135089f9053eb91440058b124e4
 2016-04-27 10:38:26 +02:00
Dimi Lee
83ab2f2e39 Bug 1148732 - (CVE-2015-4483) feed: protocol + POST method => mixed scripting. r=tanvi 2016-05-23 12:11:02 +08:00
Christoph Kerschbaumer
3713fd6352 Bug 1273418 - CSP: Evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi) 2016-05-21 19:35:45 +02:00
Trevor Saunders
1e81548029 bug 1271436 - use nsIDocShellTreeItem::GetDocument() more r=smaug 2016-05-17 18:16:07 -04:00
Kyle Huey
c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
Tanvi Vyas
74153c556f Bug 1260153 - remove unreachable code in nsMixedContentBlocker. if/else blocks above all return. r=ckerschb 2016-03-28 12:48:00 +02:00
Christoph Kerschbaumer
254dd8f12a Bug 1216365 - nsMixedContentBlocker should use innerMostURI for aContentLocation. r=tanvi 2016-03-28 22:03:26 -07:00
Benjamin Peterson
752343237e No bug - fix typo r=me 
DONTBUILD CLOSED TREE

--HG--
extra : rebase_source : 25f0600425dec249f838ed221dde71d401571eb9
extra : amend_source : 49f7ccab9e47083df9e8b7776acc6de73a880473
 2016-03-19 21:28:19 -07:00
Christoph Kerschbaumer
39f2d53360 Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap) 2016-01-13 20:58:16 -08:00
Franziskus Kiefer
56bdfe820a Bug 1244116 - Telemetry for mixed content requests by plugins. r=smaug, p=ally 
MozReview-Commit-ID: F9rOb1SdPnL

--HG--
extra : rebase_source : 0b2aa83761880fb6e5a18c3a80ac86fe5ca16923
 2016-02-16 15:46:36 +01:00
Christoph Kerschbaumer
18e28eaf42 Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking) 2016-01-19 09:10:50 -08:00
Christoph Kerschbaumer
071f422450 Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-14 12:38:15 -08:00
Nigel Babu
7089beabc7 Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage 
--HG--
extra : commitid : ytS8fc4lFu
 2016-01-14 08:04:37 +05:30
Christoph Kerschbaumer
c42851930c Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-13 15:51:43 -08:00
Ehsan Akhgari
59c135c176 Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi 2015-09-16 19:15:30 -04:00
Richard Barnes
cba82e6dbd Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi 2015-09-09 15:14:27 -04:00
Tanvi Vyas
aa87627fac Bug 1182551 - Don't set STATE_IS_BROKEN on HTTP pages when mixed content is allowed by default. r=smaug 2015-08-13 17:13:43 -07:00
Tanvi Vyas
87164ced3c Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug 2015-08-03 15:25:21 -07:00
Christoph Kerschbaumer
9ea890b6d7 Bug 1139297 - Implement CSP upgrade-insecure-requests directive - mcb changes (r=tanvi) 
--HG--
extra : rebase_source : 055dda3713d13e0fa8f4e4d97a5371900df0ff4e
 2015-07-10 09:14:42 -07:00
Dragana Damjanovic
7987d2203e Bug 905127 - Part 2 - remove unnecessary nsNetUtil.h includes r=jduell 2015-07-06 07:55:00 +02:00
Ehsan Akhgari
3b2798f9f5 Bug 1175299 - Translate the content policy type obtained in nsMixedContentBlocker::AsyncOnChannelRedirect to an external one before invoking the content policy implementation; r=smaug 2015-06-16 21:17:01 -04:00
Ehsan Akhgari
72aef1875b Bug 1175122 - Add more assertions to the in-tree content policy implementations to ensure that they receive external content policy types; r=baku 2015-06-16 11:38:53 -04:00
Ehsan Akhgari
8f750a75b2 Bug 1174307 - Add some internal content policy types for the purpose of reflecting them on RequestContext; r=sicking 
These new content policy types will be internal ones that we will map
to external nsContentPolicyTypes before passing them to content policy
implementations.
 2015-06-15 15:40:26 -04:00
Marcos Caceres
8fc79cb285 Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb 
---
 dom/base/nsContentPolicyUtils.h                    |   1 +
 dom/base/nsDataDocumentContentPolicy.cpp           |   3 +-
 dom/base/nsIContentPolicy.idl                      |   2 +-
 dom/base/nsIContentPolicyBase.idl                  |   7 +-
 dom/base/nsISimpleContentPolicy.idl                |   2 +-
 dom/base/test/csp/browser.ini                      |   4 +
 dom/base/test/csp/browser_test_web_manifest.js     | 265 +++++++++++++++++++++
 .../csp/browser_test_web_manifest_mixed_content.js |  55 +++++
 dom/base/test/csp/file_CSP_web_manifest.html       |   6 +
 dom/base/test/csp/file_CSP_web_manifest.json       |   1 +
 .../test/csp/file_CSP_web_manifest.json^headers^   |   1 +
 dom/base/test/csp/file_CSP_web_manifest_https.html |   4 +
 dom/base/test/csp/file_CSP_web_manifest_https.json |   1 +
 .../csp/file_CSP_web_manifest_mixed_content.html   |   9 +
 .../test/csp/file_CSP_web_manifest_remote.html     |   8 +
 dom/base/test/csp/file_csp_testserver.sjs          |  14 +-
 dom/base/test/csp/mochitest.ini                    |   7 +
 dom/base/test/moz.build                            |   5 +-
 dom/fetch/InternalRequest.cpp                      |   3 +
 dom/fetch/InternalRequest.h                        |   2 +-
 .../security/nsIContentSecurityPolicy.idl          |   3 +-
 dom/ipc/manifestMessages.js                        |  25 +-
 dom/security/nsCSPUtils.cpp                        |   7 +
 dom/security/nsCSPUtils.h                          |  10 +-
 dom/security/nsMixedContentBlocker.cpp             |   1 +
 dom/webidl/CSPDictionaries.webidl                  |   1 +
 extensions/permissions/nsContentBlocker.cpp        |   6 +-
 netwerk/mime/nsMimeTypes.h                         |   1 +
 28 files changed, 439 insertions(+), 15 deletions(-)
 create mode 100644 dom/base/test/csp/browser.ini
 create mode 100644 dom/base/test/csp/browser_test_web_manifest.js
 create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html
 2015-06-02 15:42:19 -04:00
Eric Rahm
4879ae86f4 Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj 2015-05-19 11:15:34 -07:00
Andrew McCreight
9e8f4b219e Bug 1152551, part 2 - Fix mode lines in dom/. r=jst 2015-05-03 15:32:37 -04:00
Tanvi Vyas
ac8b060203 Bug 1148732 - When checking a document's scheme, check the innermost uri. r=dveditz, smaug 2015-04-15 10:18:27 -07:00
Tanvi Vyas
9bd1ff3802 Bug 1082947 - Make sure the security state is set properly in nsMixedContentBlocker. r=smaug 2015-03-25 11:23:42 -07:00
Tanvi Vyas
d10e6067e4 Bug 1082837 - Use nsresult for static ShouldLoad and use NS_IMETHODIMP for nsIContentPolicy::ShouldLoad(). CLOSED TREE 2015-03-24 10:51:15 -07:00
Tanvi Vyas
3faad06490 Bug 1082837 - Call content policies on cached image redirects in imgLoader::ValidateSecurityInfo. Content policies check the last hop (final uri) of the cached image. For Mixed Content Blocker, we do an additional check to see if any of the intermediary hops went through an insecure redirect. r=smaug, feedback=seth 2015-03-24 09:18:48 -07:00
Tanvi Vyas
8761a49c15 Bug 1084504 - fix Mixed Content Blocking for redirects in e10s. r=mrbkap 2015-02-19 17:01:04 -08:00
Masatoshi Kimura
28adad3ff7 Bug 1115668 - Fix inappropriate mixed content warning messages. r=tanvi 2014-12-30 23:09:33 +09:00
Carsten "Tomcat" Book
fb9f41c121 Backed out changeset 470c550c782b (bug 1115668) for breaking dt tests on a CLOSED TREE 2014-12-30 08:09:15 +01:00
Masatoshi Kimura
a1bc5e76d9 Bug 1115668 - Fix inappropriate mixed content warning messages. r=tanvi 2014-12-30 14:37:15 +09:00
Christoph Kerschbaumer
ea908adf75 Bug 1089912: Part 2, move mixedcontentblocker into dom/security (r=tanvi,jst) 
--HG--
rename : dom/base/nsMixedContentBlocker.cpp => dom/security/nsMixedContentBlocker.cpp
rename : dom/base/nsMixedContentBlocker.h => dom/security/nsMixedContentBlocker.h
 2014-10-28 09:44:11 -07:00