HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
This means if Widevine is preffed visible on Linux it will show up in the
plugin list.
We only support Mac OSX 10.9 and later, so we don't need the >= 10.7 check any
more.
MozReview-Commit-ID: BjgMKeIIrrI
--HG--
extra : rebase_source : 46740a9d40f8ae700b6a47eb488a2435e48c1e99
We're not going to get a supported Adobe GMP on WinXP, so we shouldn't download
it or show it in our add-on manager.
MozReview-Commit-ID: I3cNsStmzsV
--HG--
extra : rebase_source : b67c7cbec013f83bcf7d24cac99755faf1b5e07e
The WebRTC implementation inherits cipher suite preferences from PSM and then
enables a few mandatory ones and disables a number of undesirable ones. If PSM
makes a change to a cipher suite preference that isn't in WebRTC's whitelist or
blacklist, compatibility issues can arise. See bug 1288246 for an example.
--HG--
rename : security/manager/ssl/tests/unit/test_fallback_cipher.js => security/manager/ssl/tests/unit/test_weak_crypto.js
Gpsd is the GPS daemon on Linux. It implements support for a wide range
of GPS receivers. This patch adds support for gpsd to the Geolocation
module.
The build system can now test for libgps, which provides the public
interface to gpsd's functionality. If found, |GpsdLocationProvider|
is added to the build.
MozReview-Commit-ID: 1kBgFdEZePI
This ended up being a bigger change than I had hoped for but
it updates the WebAPITask helper in amWebAPI.js so that errors
returned from the parent process are immediately wrapped into
Error objects from the content page. In this way, programming
errors or other internal errors don't leak out to mozAddonManager
users.
The way the previous code managed window references using "this"
was already a bit fussy, this patch only makes it worse. But I
think this basic logical structure here is right and since this
bug is responsible for widespread breakage, I'd like to get this
checked in and then clean it up in a follow-up.
MozReview-Commit-ID: 98PgbWKsHIN
--HG--
extra : source : f2cd195ea3898c9c46e7f58bbcaa3292a2793554