This patch removes the static pointer to nsIIOService in nsContentUtils,
replacing it to calls to mozilla::components::IO::Service.
It also makes nsScriptSecurityManager::sIOService a StaticRefPtr.
Differential Revision: https://phabricator.services.mozilla.com/D188714
This patch removes the static pointer to nsIIOService in nsContentUtils,
replacing it to calls to mozilla::components::IO::Service.
It also makes nsScriptSecurityManager::sIOService a StaticRefPtr.
Differential Revision: https://phabricator.services.mozilla.com/D188714
This is required because the script security manager which currently owns the
singleton is main-thread only. This change still ties the lifecycle of the
static to that service, but also makes it generally available from any thread.
Differential Revision: https://phabricator.services.mozilla.com/D163035
This is used in various places in principals, as well as in the implementation
of nsScriptSecurityManager::SecurityCompareURIs which is also now threadsafe
after this change.
Differential Revision: https://phabricator.services.mozilla.com/D163033
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.
This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.
Differential Revision: https://phabricator.services.mozilla.com/D147335
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.
Differential Revision: https://phabricator.services.mozilla.com/D147105
This change stores a generated nsID directly on the LoadInfo, rather
than the full SandboxedLoadingPrincipal. This allows for the sandboxed
principal to be constructed from GetChannelResultPrincipal using the
unsandboxed result principal as a precursor, rather than the loading
principal.
The nsID is reset by HttpChannelBase whenever a non-internal redirect
occurs to reduce the chance of multiple null result principals during a
redirect with the same nsID, but different precursors.
Depends on D119692
Differential Revision: https://phabricator.services.mozilla.com/D119693
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given
a content principal by CreateContentPrincipal. This patch changes the
algorithm for creating result principals for network requests such that
the null principal created in this situation has a precursor principal
tracked on it.
Depends on D119689
Differential Revision: https://phabricator.services.mozilla.com/D119690
This is a step towards separating the mutable state on principals from const
state which can be made threadsafe. The remaining mutable fields will either
need to be moved off of nsIPrincipal or made threadsafe to destroy (e.g. using
nsMainThreadPtrHandle) and stored behind a mutex.
Serialization is handled for most types using a separate Deserializer class,
like how it was handled with `nsIURI` mutators. SystemPrincipal wasn't changed
as the `Read` method is a no-op for that class.
Differential Revision: https://phabricator.services.mozilla.com/D115092
This patch implements support for the manifest V3 matches property
which limits what hosts may load an extensions web_accessible_resources.
Differential Revision: https://phabricator.services.mozilla.com/D107746
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
CLOSED TREE
Backed out changeset 51d7c644a1e6 (bug 1650163)
Backed out changeset 3d2b6908447a (bug 1650163)
Backed out changeset 79141707d47b (bug 1650163)
