Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-23 18:26:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
545,537 Commits 615 Branches 98 Tags 5.9 GiB
bb641e51e7
Commit Graph

586 Commits

Author SHA1 Message Date
Iris Hsiao
a7c8429fc4 Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures 2016-07-27 11:15:52 +08:00
Kate McKinley
567ebcf321 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally 
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
 2016-07-26 13:03:00 -04:00
Carsten "Tomcat" Book
dcae5b0335 Merge mozilla-central to fx-team 2016-07-26 11:58:36 +02:00
Carsten "Tomcat" Book
a3904e8a8a Merge mozilla-central to mozilla-inbound 2016-07-25 15:59:01 +02:00
Carsten "Tomcat" Book
b9a6c687fa merge mozilla-inbound to mozilla-central a=merge 2016-07-25 15:50:41 +02:00
Franziskus Kiefer
249fa77287 Bug 1263793 - update SAN, r=mgoodwin,ulfr 
MozReview-Commit-ID: HtMKl2gP1xi

--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
 2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book
0a5622c093 Backed out changeset 640247e978ba (bug 1246540) for bustage 2016-07-24 15:59:31 +02:00
Kate McKinley
547500d5a7 Bug 1246540 - HSTS Priming Proof of Concept. r=honzab 
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
 2016-07-22 18:35:00 +02:00
Johann Hofmann
0e04940e1a Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi 
MozReview-Commit-ID: BvR7Xb0AE9N

--HG--
extra : rebase_source : dfe2d600b15a6cffd49be454b3394106c3ff9bb3
extra : histedit_source : 8b03564ebced1305ce79652d904e7bb95a92a2e8
 2016-06-02 17:14:27 +02:00
Christoph Kerschbaumer
022d9af2b3 Bug 1285003 - Test insecure http port :80 allows secure https port :443. r=dveditz 2016-07-22 11:32:21 +02:00
Christoph Kerschbaumer
3a9a5e2c83 Bug 1285003 - CSP: Insecure http port :80 should also allow secure https port :443. r=dveditz 2016-07-22 11:32:41 +02:00
Carsten "Tomcat" Book
c7846e126c Backed out changeset 16aa7041c009 (bug 1287107) for causing xpcshell and mac tests 2016-07-22 11:30:23 +02:00
Fabrice Desré
f5b619fb28 Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice 
MozReview-Commit-ID: 9uVUrmuVFXQ

--HG--
extra : rebase_source : d0c19fcda5c72ecdce3b0d0bbbafa5a7954d7a4c
 2016-03-03 09:58:47 -08:00
Tom Tromey
5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps 
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
 2016-07-14 10:16:42 -06:00
Franziskus Kiefer
dd5231632f Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer 
MozReview-Commit-ID: ABXYYseKImq

--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
 2016-05-19 10:59:48 +02:00
Chris Peterson
b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Wes Kocher
e2d9911273 Backed out changeset 21d8bb5af7b4 (bug 1263793) for leaks in various jobs CLOSED TREE 2016-07-20 11:16:37 -07:00
Franziskus Kiefer
9b9c643025 Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer 
MozReview-Commit-ID: CHUPgBr8WaC

--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
 2016-05-19 10:59:48 +02:00
Christoph Kerschbaumer
f2c908b15d Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz 2016-07-20 12:33:29 +02:00
Christoph Kerschbaumer
23f7b47719 Bug 1273430 - Test CSP upgrade-insecure-requests for doc.write(iframe). r=tanvi 2016-07-20 09:26:16 +02:00
Fabrice Desré
7846da76d6 Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice 
MozReview-Commit-ID: 9uVUrmuVFXQ

--HG--
extra : rebase_source : 20f6f0235667530c21aca4889b5d33e39c2d1a48
 2016-03-03 09:58:47 -08:00
Wes Kocher
c9783f64cb Backed out 4 changesets (bug 471020) for frequent Windows w(2) failures CLOSED TREE a=merge 
Backed out changeset d9675ab3d203 (bug 471020)
Backed out changeset 3ee328c56de0 (bug 471020)
Backed out changeset 000576e264bd (bug 471020)
Backed out changeset ffe60708c457 (bug 471020)
 2016-07-18 16:07:28 -07:00
Christoph Kerschbaumer
6166c48409 Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz 2016-07-18 14:47:35 +02:00
Christoph Kerschbaumer
97e696739a Bug 1286376 - Do not call finish multiple times within test_contentpolicytype_targeted_link_iframe.html. r=smaug 2016-07-13 09:04:30 +02:00
Thomas Nguyen
941244dcc8 Bug 1286024 - Replace no document in SetRequestContext warning with a log. r=ckerschb 
MozReview-Commit-ID: IitqAt0iLQF

--HG--
extra : rebase_source : 72c6bd3b894d8a36f65bfd43ddd8f294de1f2d22
 2016-07-12 17:46:23 +08:00
Carsten "Tomcat" Book
442eb5511e Merge mozilla-central to mozilla-inbound 2016-07-12 11:06:19 +02:00
Christoph Kerschbaumer
0cd1f7698a Bug 1234813 - Tests for: sendBeacon should not throw if blocked by Content Policy. r=barnes 2016-07-12 07:26:37 +02:00
Christoph Kerschbaumer
68b180b34f Bug 1255240 - Test content policy types within content policies for targeted links in iframes. r=smaug 2016-07-11 20:58:57 +02:00
Christoph Kerschbaumer
84f2bb5302 Bug 1277557 - Test require-sri-for in meta tag r=francois 2016-07-08 07:26:34 +02:00
Francois Marier
11de73857c Bug 1269241 - Add SRI tests for UTF-8 stylesheets. r=ckerschb,r=jkt 2016-07-07 14:44:51 -07:00
Johann Hofmann
22b8fe594a Bug 1253771 - Add previous state info to mixed content callback. r=tanvi r=florian 
MozReview-Commit-ID: 5msNz97psok

--HG--
extra : rebase_source : 640f86c3cc0b9b5a842a0c104cb269915b727b4b
extra : histedit_source : 6ca75dac152d5135089f9053eb91440058b124e4
 2016-04-27 10:38:26 +02:00
Thomas Nguyen
6516ad9dae Bug 959388 - Deliver CSP from HTTP header. r=ckerschb, r=khuey 
MozReview-Commit-ID: 13ndERn6rrL

--HG--
extra : rebase_source : e0ec31f9d322b1385994eb7d66bd885c91d75df3
 2016-06-30 12:31:59 +08:00
Thomas Nguyen
bd8bba9788 Bug 959388 - Add csp worker test cases. r=kmckinley 
MozReview-Commit-ID: IhEAA89VyTr

--HG--
extra : rebase_source : 63d522eab0477706636aa2e9086f1b0cdc30889d
 2016-06-30 12:32:03 +08:00
Paul Roberts
edd71bdffd Bug 671389 - Extend CSP tests for iframe sandbox with CSP sandbox directive tests r=grobinson 
--HG--
extra : rebase_source : 4a37c0828701909f32870c0079b75b5c55144381
 2016-06-28 14:06:06 -07:00
Paul Roberts
6e2b739762 Bug 671389 - Tests for CSP sandbox directive. r=grobinson, r=smaug 
--HG--
extra : rebase_source : 8906837f0a8f0afdb3ba3db5463265ef62220f92
 2016-06-28 14:03:45 -07:00
Paul Roberts
ec18fc5ff7 Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug 
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
 2016-06-29 07:48:44 -07:00
Christoph Kerschbaumer
9e62aecdfc Bug 1278272 - Convert test_csp_upgrade_insecure_request_header.js to channel.asyncOpen2() r=jkt 2016-06-29 13:08:47 +02:00
Christoph Kerschbaumer
1a5fda4297 Bug 1240193 - Skip TYPE_DOCUMENT assertions for loads initiated by JS tests (r=tanvi) 2016-06-29 12:59:45 +02:00
Jonathan Kingston
daa6f72c59 Bug 1279420 - Adding in security.csp.experimentalEnabled pref check to require-sri-for directive in CSP. r=ckerschb 
MozReview-Commit-ID: 799ZZoW0YiG

--HG--
extra : transplant_source : %CAC%12%16%C6a%10AP%BEc%85%BA%93Z%7Cq%D43%8D
 2016-06-20 19:49:38 +01:00
Christoph Kerschbaumer
24fbc29c99 Bug 1188642 - Use channel->ascynOpen2 in dom/base/nsObjectLoadingContent.cpp r=smaug 2016-06-28 09:37:55 +02:00
Christoph Kerschbaumer
25f6f710d7 Bug 1100181 - CSP: Enforce connect-src when submitting pings. r=arroway 2016-06-24 15:25:11 +02:00
Christoph Kerschbaumer
76f6cc7739 Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen 
--HG--
extra : rebase_source : 92bd320351de91b72304c2fc386f1ae295837a9e
 2016-06-22 14:13:03 +02:00
Christoph Kerschbaumer
1b81dcec35 Bug 1271198 - Convert Websockets to use AsyncOpen2(). r=jduell 2016-05-17 12:04:11 +02:00
Thomas Nguyen
4b7ad0e2c5 Bug 1223838 - Fix wrong policy associated with empty string. r=fkiefer,hsivonen 
MozReview-Commit-ID: 7kFH39cegmH
 2016-05-30 15:17:45 +08:00
Dimi Lee
83ab2f2e39 Bug 1148732 - (CVE-2015-4483) feed: protocol + POST method => mixed scripting. r=tanvi 2016-05-23 12:11:02 +08:00
Stephanie Ouillon
e4fbe1d9ac Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb 2016-05-17 15:34:53 +02:00
Frederik Braun
404a0bbb99 Bug 1265318: add require-sri-for CSP directive. r=ckerschb 
MozReview-Commit-ID: 200PAvKtBME
 2016-05-31 11:14:00 +02:00
Frederik Braun
e8df1f59be Bug 1265318: tests for require-sri-for CSP directive. r=ckerschb 
MozReview-Commit-ID: Ji14cwB8D3P
 2016-05-31 08:30:00 +02:00
Jonathan Hao
525c086187 Bug 1259871 - Replace getSimpleCodebasePrincipal with createCodebasePrincipal. r=sicking 
MozReview-Commit-ID: Frx0CjBzuve

--HG--
extra : histedit_source : 036eb321d9ccb20e0e071ba588b0a1249eb34bdd
 2016-05-24 18:01:34 +08:00
Sebastian Hengst
4a29890033 Backed out changeset c970fb57fedd (bug 1247459) for failing its own test on Windows. r=backout 2016-05-31 08:36:02 +02:00
Stephanie Ouillon
fc06857f8e Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb 2016-05-17 15:34:53 +02:00
Christoph Kerschbaumer
8a208322fb Bug 1269254 - Skip CheckLoadURIWithPrincipal checks within ContentSecurityManager on loadingPrincipal if security flag indicates allow cross origin loads (r=sicking) 2016-05-29 20:40:16 +02:00
Christoph Kerschbaumer
031a59734b Bug 1196013 - Use channel->ascynOpen2 in toolkit/components/places. r=billm r=sicking r=mak 2016-05-23 23:57:31 +02:00
Patrick McManus
2cd574f25f Bug 1274376 - more mozilla::net namespaces r=dragana 
--HG--
extra : rebase_source : 914d48f23a4a5db052a789b9e21c1ff922533d35
 2016-05-18 22:02:57 -04:00
Carsten "Tomcat" Book
927b1a0b3a Backed out changeset 7469725d7461 (bug 959388) 2016-05-23 11:36:12 +02:00
Carsten "Tomcat" Book
9214312096 Backed out changeset 9feb9c89d33a (bug 959388) 2016-05-23 11:36:10 +02:00
Thomas Nguyen
61fe1800b8 Bug 959388 - Add csp worker test cases. r=kmckinley 
MozReview-Commit-ID: Ahx419BHWrS

--HG--
extra : rebase_source : 2016c1e68f990a8ba9cd471e18778c87b08546e1
 2016-05-19 11:59:54 +08:00
Thomas Nguyen
32e38271c9 Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey 
MozReview-Commit-ID: LUl5LyO94m3

--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
 2016-05-19 11:57:32 +08:00
Christoph Kerschbaumer
52a84afc5c Bug 1273418 - CSP: Test evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi) 2016-05-21 19:36:02 +02:00
Christoph Kerschbaumer
3713fd6352 Bug 1273418 - CSP: Evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi) 2016-05-21 19:35:45 +02:00
Sebastian Hengst
468fcc6924 Backed out changeset 2292661153e3 (bug 1271198) for web-platform failures. r=backout on a CLOSED TREE 2016-05-19 17:06:04 +02:00
Christoph Kerschbaumer
bbc661631e Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell) 2016-05-19 15:42:01 +02:00
Sebastian Hengst
d6e3286232 Backed out changeset 854a8df494d3 (bug 1271198) for many assertions at nsHttpChannel.cpp:5204. r=backout on a CLOSED TREE 2016-05-19 14:23:51 +02:00
Christoph Kerschbaumer
0e2d46a840 Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell) 2016-05-19 11:54:02 +02:00
Trevor Saunders
1e81548029 bug 1271436 - use nsIDocShellTreeItem::GetDocument() more r=smaug 2016-05-17 18:16:07 -04:00
Chris Peterson
8a9e2d2bd4 Bug 1272513 - Part 2: Remove redundant -Wshadow CXXFLAGS from moz.build files. r=glandium 2016-05-14 00:54:55 -07:00
Henry Chang
dc7cba21ef Bug 1251152 - Part 3: Test case. r=franziskus 2016-05-05 11:11:34 +08:00
Andreas Farre
51e42c28d2 Bug 1268851 - Add SRILogHelper to hold GetSriLog r=baku 
MozReview-Commit-ID: BqW7LXOFirn

--HG--
extra : rebase_source : cf0d1c8f1f88e05912830cef673e866b7c2756c4
 2016-05-03 17:43:33 -07:00
Christoph Kerschbaumer
9944442791 Bug 1261634 - Tests for whitespace skipping within meta csp. r=dveditz 2016-04-21 21:19:50 +02:00
Christoph Kerschbaumer
a9a95d1918 Bug 1261634 - Update whitespace skipping for meta csp. r=dveditz 2016-04-21 21:15:06 +02:00
Aryeh Gregor
f14f1babe8 Bug 1193762 part 8 - Fix things that will break; r=froydnj 
It looks like VC++ doesn't like comparisons of nsCOMPtr to 0 after this
change, but those are bad style anyway, so I removed them from
TestCOMPtr.cpp instead of trying to make them work.
 2016-05-01 21:29:23 +03:00
Christoph Kerschbaumer
da0d241d98 Bug 1206961 - Use channel->AsyncOpen2() for imageLoader; Remove security checks from callsites (r=bz) 2016-04-27 19:41:13 +02:00
Jonathan Watt
2bb448cbb2 Bug 1267509 - Make nsContentSecurityManager::IsURIPotentiallyTrustworthy act on an nsIPrincipal. r=bz 
MozReview-Commit-ID: Zu1zU4Brkx

--HG--
rename : dom/security/test/unit/test_isURIPotentiallyTrustworthy.js => dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
 2016-04-26 11:30:43 +01:00
Christoph Kerschbaumer
c607e5cac1 Bug 1263286 - Update csp base-uri tests. r=bz 
--HG--
rename : dom/security/test/csp/file_base-uri.html => dom/security/test/csp/file_base_uri_server.sjs
 2016-04-26 12:38:06 +02:00
Kyle Huey
c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
Frederik Braun
582caa399f Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb 
MozReview-Commit-ID: I1w9QrWJeEo

--HG--
extra : histedit_source : 1258cfc50d32c10f0de90ba1e863e21ae3ebf0f8
 2016-04-24 14:56:22 -04:00
Kris Maglione
f3feb0cfd3 Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb 
MozReview-Commit-ID: G8b86UvSv0y

--HG--
extra : rebase_source : c7857e88af0d94dd1162dccfe12aae6567945f2c
 2016-04-23 20:42:43 -07:00
Christoph Kerschbaumer
d82c07bf27 Bug 1262635 - Don't strip URIs of ftp: when sending reports. r=dveditz 2016-04-17 20:09:18 +02:00
Matt Robenolt
1d82e1412f Bug 1192840 - Fix CSP report content-type. r=ckerschb 2016-04-14 12:51:31 +02:00
Frederik Braun
6c12520100 Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb 
MozReview-Commit-ID: TzpGH63EPF

--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
 2016-04-08 14:14:38 +02:00
Tanvi Vyas
9c0a7ac154 Bug 1105556 - Add a hidden preference that is checked in debug mode to determine whether the main LoadInfo() constructor should assert that the ContentPolicyType is not TYPE_DOCUMENT. 
Set the preference in xpcshell tests that create TYPE_DOCUMENT loads in javascript and hence end up using the main constructor. r=sicking, ckerschb
 2016-04-13 16:30:36 -07:00
Tanvi Vyas
b58752765c Bug 1105556 - Don't call CheckLoadURIWithPrincipal() in DoCheckLoadURIChecks() for TYPE_DOCUMENT loads where we don't have a loadingPrincipal. Ensure SEC_COOKIES_SAME_ORIGIN isn't set for TYPE_DOCUMENT loads in CheckChannel(). r=ckerschb, sicking 2016-04-13 16:30:28 -07:00
Sebastian Hengst
4ee65db5e7 Backed out changeset 0c21f872515b (bug 1192840) for failure in modified test_csp_reports.js. r=backout 2016-04-13 19:32:44 +02:00
Frederik Braun
ae7f565803 Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb 
MozReview-Commit-ID: TzpGH63EPF

--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
 2016-04-08 14:14:38 +02:00
Marcos Caceres
387bd9e686 Bug 1258005 - Remove setTimeout to avoid intermittent issue. r=bkelly 2016-04-12 00:39:00 +02:00
Jonathan Hao
e1331785d7 Bug 1241634 - Reflow before clicking in mixedcontentblocker test r=mckinley 
MozReview-Commit-ID: 5rbeuVjaw0B

--HG--
extra : rebase_source : f0f603c31e0e2ee43f8bbac575de3dab0660e333
 2016-03-25 16:52:49 +08:00
Marcos Caceres
f7ad23868a Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan 
MozReview-Commit-ID: Ceu3sYUcML4
 2016-04-07 14:13:09 -07:00
Chris Manchester
f7a1b3fb60 Bug 1242051 - Add inter-directory test support file dependencies to ini manifests. r=gps 
Previously, every test and support file would be synced to the objdir
when running any test. Now that only those support files and tests requested
are synced, we note support files required beyond those in a test's
directory in ini manifests.

MozReview-Commit-ID: EmlDz9d4lqt
 2016-04-04 14:56:52 -07:00
Tanvi Vyas
74153c556f Bug 1260153 - remove unreachable code in nsMixedContentBlocker. if/else blocks above all return. r=ckerschb 2016-03-28 12:48:00 +02:00
Christoph Kerschbaumer
adb02c6c4f Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes 2016-03-01 09:19:28 -08:00
Christoph Kerschbaumer
254dd8f12a Bug 1216365 - nsMixedContentBlocker should use innerMostURI for aContentLocation. r=tanvi 2016-03-28 22:03:26 -07:00
Tanvi Vyas
1de9e6ab9d Bug 1259678 - Refactor SubjectToCSP to avoid calling ShouldLoad if CSP doesn't apply to the content type. r=ckerschb 
--HG--
extra : rebase_source : 76f914a9dfab38bd5d21ddca519f47a2a5d68963
 2016-03-24 23:09:00 -04:00
Christoph Kerschbaumer
36d3e09fd4 Bug 1257650 - Skip Security checks if triggeringPrincipal is SystemPrincipal only for subresource loads. r=sicking 
--HG--
extra : rebase_source : fb8d0827788e70ca87e8cd680e2cdd56941e3c2a
 2016-03-18 16:14:03 -07:00
Christoph Kerschbaumer
20549b7fe0 Bug 1251043 - Test form submission blocked by CSP. r=francois 2016-03-23 13:38:05 -07:00
Wes Kocher
fe9aec58c3 Backed out changeset 1d5e6c22fd3a (bug 1250048) for CSP failures/assertions in various tests/chunks CLOSED TREE 
MozReview-Commit-ID: I21ELiYYqdD

--HG--
extra : amend_source : 83d8554e6046153a3cf16ffefed7d6602e822241
 2016-03-21 12:42:36 -07:00
Marcos Caceres
2e3ca60562 Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb 
--HG--
extra : rebase_source : 1f8a65dcb9ea909588991cd5e8970560c3651426
 2016-03-20 23:24:00 -04:00
Carsten "Tomcat" Book
0db9291841 merge mozilla-inbound to mozilla-central a=merge 2016-03-21 15:30:59 +01:00
Benjamin Peterson
752343237e No bug - fix typo r=me 
DONTBUILD CLOSED TREE

--HG--
extra : rebase_source : 25f0600425dec249f838ed221dde71d401571eb9
extra : amend_source : 49f7ccab9e47083df9e8b7776acc6de73a880473
 2016-03-19 21:28:19 -07:00
Franziskus Kiefer
1a47cfb77a Bug 1186072 - Add trailing slash to origin referer header when policy is set. r=sworkman 
MozReview-Commit-ID: 3PYuODmqpbL

--HG--
extra : source : ac4148f22b2d6f76762dac3fd94a6452da80bdde
 2016-02-24 10:51:54 +01:00
Jonathan Hao
f750d8988e Bug 1235572 - Tests of enforcing SRI on remote about:newtab. r=francois 
MozReview-Commit-ID: 6epw8D4M0FX

--HG--
extra : transplant_source : %87t%D0%60a%B4%14%24%E6%B9%97Q%CDXr%B69%12%E9%0D
 2016-03-16 11:19:20 +08:00
Marcos Caceres
84cb2023d7 Bug 1176824 - Intermittent browser_test_web_manifest.js. r=ckerschb 2016-03-16 16:07:00 +01:00
Franziskus Kiefer
bf87c6c564 Bug 1252829 - CSP Telemetry. r=ckerschb, p=bsmedberg 
MozReview-Commit-ID: CiNAxh2ZrHB

--HG--
extra : transplant_source : %B8%00%E0%83%1B%29%BDI%DE%09%CDPN%AE%7B9Tk%8B%99
 2016-03-02 13:00:09 +01:00
Christoph Kerschbaumer
a35cb7baf1 Bug 1122236 - CSP: block-all-mixed-content - test frame navigation (r=tanvi) 2016-03-15 16:08:07 -07:00
Christoph Kerschbaumer
18d0d6e8d6 Bug 1122236 - CSP: block-all-mixed-content tests (r=tanvi) 2016-03-15 16:07:49 -07:00
Christoph Kerschbaumer
39f2d53360 Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap) 2016-01-13 20:58:16 -08:00
Ryan VanderMeulen
5f15eed746 Bug 1241634 - Skip test_frameNavigation.html on Windows and OSX for frequent failures. a=test-only 
--HG--
extra : rebase_source : ba229e6a62c82ad8c59ae89943fd6181df4275a9
 2016-03-15 12:50:07 -04:00
Marco Castelluccio
2fb9c40ec1 Bug 1250453 - Remove DOMApplicationRegistry.allAppsLaunchable property and related testing API. r=myk 2016-03-14 16:29:11 +00:00
Franziskus Kiefer
2b22d469bb Bug 1226928 - content-signature verification tests for about:newtab, r=mconley 2016-03-14 11:57:16 +01:00
Franziskus Kiefer
bd54ab19d3 Bug 1226928 - signature verification for content-signing, r=keeler,mayhemer 2016-03-14 11:56:35 +01:00
Christoph Kerschbaumer
5e6ba24562 Bug 1227813 - CSP: Ignore unsafe-inline within style-src if hash or nonce specified. r=kmckinley 2016-03-11 15:35:39 -08:00
Blake Kaplan
40da91e7a5 Bug 1242775 - Run parent-process code in the parent. r=mccr8 2016-03-10 17:14:35 -08:00
Carsten "Tomcat" Book
25fbf67b66 Backed out changeset 878c54ec3954 (bug 1250453) 2016-03-10 14:45:59 +01:00
Marco Castelluccio
1902f1c620 Bug 1250453 - Remove DOMApplicationRegistry.allAppsLaunchable property and related testing API. r=myk 2016-03-10 11:12:38 +00:00
Carsten "Tomcat" Book
eb98199ac0 Backed out changeset ac4148f22b2d (bug 1186072) for referrer test failures 
--HG--
extra : rebase_source : 124130bb041418eb97862a131ae6365df5cfbdc6
 2016-03-03 09:23:59 +01:00
Franziskus Kiefer
55e0623947 Bug 1186072 - add trailing slash to origin referer header when policy is set, r=sworkman 
MozReview-Commit-ID: 3PYuODmqpbL

--HG--
extra : transplant_source : %E5P%B1%1F%82%08%07%2A%1C%26%AF%C5%C8%29%B1y%97O%877
 2016-02-24 10:51:54 +01:00
Christoph Kerschbaumer
8414718c57 Bug 1232903 - Skip Security checks if triggeringPrincipal is SystemPrincipal (r=sicking) 2016-03-01 16:11:37 -08:00
Christoph Kerschbaumer
41b26f4a9b Bug 1195172 - Test Fonts governed by CSP (r=bz) 2016-03-01 13:06:26 -08:00
Christoph Kerschbaumer
9ab1648f67 Bug 1195172 - Use channel->ascynOpen2 layout/style/FontFaceSet.cpp (r=bz,cam) 2016-03-01 13:06:13 -08:00
Boris Zbarsky
7aa5d59bc7 Bug 1251518. Fix js::ErrorReportToString to make a bit more sense, and change worker code to not use it anyway, so it matches the mainthread code. r=bholley,terrence 2016-03-01 13:49:21 -05:00
Ehsan Akhgari
8a0731fdde Bug 1251875 - Part 1: Remove the dom.serviceWorkers.interception.enabled pref; r=bkelly 2016-03-01 09:16:38 -05:00
Wes Kocher
4712647d7d Backed out 2 changesets (bug 1243586) for dt5 bustage in netmonitor tests 
Backed out changeset 06a4d2d48fb2 (bug 1243586)
Backed out changeset 846e31fe5eb2 (bug 1243586)

MozReview-Commit-ID: 69kiDIULtm2
 2016-02-29 10:39:04 -08:00
Christoph Kerschbaumer
f7017a06c3 Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field (r=rbarnes) 2016-02-29 08:46:48 -08:00
Franziskus Kiefer
56bdfe820a Bug 1244116 - Telemetry for mixed content requests by plugins. r=smaug, p=ally 
MozReview-Commit-ID: F9rOb1SdPnL

--HG--
extra : rebase_source : 0b2aa83761880fb6e5a18c3a80ac86fe5ca16923
 2016-02-16 15:46:36 +01:00
Boris Zbarsky
7413f2bf46 Bug 1251369. Use an AutoJSAPI that reports its own exceptions around the main runloop in workers. r=khuey 
The silly leading ": " on the error messages is due to bug 1251518.
 2016-02-26 15:23:13 -05:00
Ethan Tseng
eb71a675d8 Bug 908933 - Part2 - CSP tests: ShouldProcess should block TYPE_OBJECT. r=ckerschb 
--HG--
extra : rebase_source : 6dcf8d477656e4d5cdb9362b1f1ec561aba420a7
 2016-01-27 01:35:53 +08:00
Christoph Kerschbaumer
ec146d5159 Bug 908933 - Part1 - CSP: Call ShouldLoad inside ShouldProcess for TYPE_OBJECT. r=ckerschb 
--HG--
extra : rebase_source : ee8875120e45d84413ab8ed3c9553d3d42e88acd
 2014-08-05 11:47:08 -07:00
Christoph Kerschbaumer
1f7d8b69b3 Bug 1243178: CSP - Skip sending reports for non http schemes. r=dveditz 2016-01-27 15:56:39 -08:00
Kyle Huey
4be3856258 Bug 1241634: Use is instead of ok in tests. r=me 
--HG--
extra : rebase_source : 42e2a1dde47957d813f11379bba173f62e8f8d70
 2016-02-18 17:32:34 -08:00
Francois Marier
694b1fd843 Bug 1247464 - Run CSP report URIs through the URL classifier. r=ckerschb 
MozReview-Commit-ID: ERoZAbw1nbf

--HG--
extra : rebase_source : 431e443f563138055f9893d9ccf537040659f103
 2016-02-11 17:36:13 -08:00
Carsten "Tomcat" Book
10c0856d69 Backed out changeset b9aecc2e6334 (bug 1234813) for test failures in connect-src-beacon-blocked.sub.html 
--HG--
extra : rebase_source : 1b9441481b7da04393d5cf12617078376757d447
 2016-02-11 11:33:06 +01:00
Christoph Kerschbaumer
eac10123df Bug 1234813 - Tests for: sendBeacon should not throw if blocked by Content Policy. r=rbarnes 2015-12-23 11:45:26 -08:00
Ben Kelly
0bcca14aa1 Bug 1238954 P2 Fix csp service worker tests to register and unregister separate scopes. r=ehsan 2016-02-09 19:33:40 -08:00
Kate McKinley
0916871a27 Bug 1241634 - Increase timeout from 5 to 10 seconds. r=tanvi 2016-02-08 18:49:00 +01:00
Myk Melez
a6aff185d2 Bug 1238576 - disable mozApps API on desktop/Android; r=ehsan,ochameau,bz,mcmanus,jmaher,marco 2016-02-08 11:24:22 -08:00
Andrew McCreight
44c631e968 Bug 1237726, part 4 - Convert test_bug803225.html to use pushPrefEnv() to set preferences. r=tanvi 
This gets the test closer to working with e10s.
 2016-02-08 09:52:19 -08:00
Andrew McCreight
c6c65b3c73 Bug 1237726, part 3 - Don't load an iframe until we're actually ready to run the test in test_bug803225.html. r=tanvi 
This needs to wait for onload to do the reloadFrame(), or the
.getElementById() will return null.
 2016-02-08 09:52:19 -08:00
Andrew McCreight
4cf4ea2fd9 Bug 1237726, part 2 - Don't start running mixedcontentblocker/test_main.html until the page has finished loading. r=tanvi 
If the script runs before the page finishes loading, you get an error
about getElementById being null.  This doesn't seem to usually happen
with this particular test, but it looks like it can happen at least
sometimes.
 2016-02-08 09:52:19 -08:00
Andrew McCreight
164c42ece5 Bug 1237726, part 1 - Set prefs with pushPrefEnv in mixedcontentblocker/test_main.html. r=tanvi 2016-02-08 09:52:19 -08:00
Christoph Kerschbaumer
de9089189c Bug 1195173 - Use channel->ascynOpen2 layout/style/Loader.cpp (r=bz) 2016-02-02 20:35:02 -08:00
Myk Melez
dcd9fa1424 Bug 1242899 - consolidate mozApps tests into dom/apps/tests/ dir; r=marco 
--HG--
rename : dom/tests/mochitest/webapps/apps/bad_content_type.webapp => dom/apps/tests/apps/bad_content_type.webapp
rename : dom/tests/mochitest/webapps/apps/basic.webapp => dom/apps/tests/apps/basic.webapp
rename : dom/tests/mochitest/webapps/apps/basic.webapp^headers^ => dom/apps/tests/apps/basic.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_chrome_mochitests.webapp => dom/apps/tests/apps/installs_allowed_from_chrome_mochitests.webapp
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_chrome_mochitests.webapp^headers^ => dom/apps/tests/apps/installs_allowed_from_chrome_mochitests.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_example.com.webapp => dom/apps/tests/apps/installs_allowed_from_example.com.webapp
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_example.com.webapp^headers^ => dom/apps/tests/apps/installs_allowed_from_example.com.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href.webapp => dom/apps/tests/apps/invalid_activity_href.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href.webapp^headers^ => dom/apps/tests/apps/invalid_activity_href.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href2.webapp => dom/apps/tests/apps/invalid_activity_href2.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href2.webapp^headers^ => dom/apps/tests/apps/invalid_activity_href2.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_entry_point.webapp => dom/apps/tests/apps/invalid_entry_point.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_entry_point.webapp^headers^ => dom/apps/tests/apps/invalid_entry_point.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path.webapp => dom/apps/tests/apps/invalid_launch_path.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path.webapp^headers^ => dom/apps/tests/apps/invalid_launch_path.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path2.webapp => dom/apps/tests/apps/invalid_launch_path2.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path2.webapp^headers^ => dom/apps/tests/apps/invalid_launch_path2.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_locale_entry_point.webapp => dom/apps/tests/apps/invalid_locale_entry_point.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_locale_entry_point.webapp^headers^ => dom/apps/tests/apps/invalid_locale_entry_point.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_message.webapp => dom/apps/tests/apps/invalid_message.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_message.webapp^headers^ => dom/apps/tests/apps/invalid_message.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/json_syntax_error.webapp => dom/apps/tests/apps/json_syntax_error.webapp
rename : dom/tests/mochitest/webapps/apps/json_syntax_error.webapp^headers^ => dom/apps/tests/apps/json_syntax_error.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/launch_paths.webapp => dom/apps/tests/apps/launch_paths.webapp
rename : dom/tests/mochitest/webapps/apps/launch_paths.webapp^headers^ => dom/apps/tests/apps/launch_paths.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/missing_required_field.webapp => dom/apps/tests/apps/missing_required_field.webapp
rename : dom/tests/mochitest/webapps/apps/missing_required_field.webapp^headers^ => dom/apps/tests/apps/missing_required_field.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/no_delegated_install.webapp => dom/apps/tests/apps/no_delegated_install.webapp
rename : dom/tests/mochitest/webapps/apps/no_delegated_install.webapp^headers^ => dom/apps/tests/apps/no_delegated_install.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/utf8.webapp => dom/apps/tests/apps/utf8.webapp
rename : dom/tests/mochitest/webapps/apps/utf8.webapp^headers^ => dom/apps/tests/apps/utf8.webapp^headers^
rename : dom/tests/mochitest/webapps/cross_origin.html => dom/apps/tests/cross_origin.html
rename : dom/tests/mochitest/webapps/file_bug_779982.html => dom/apps/tests/file_bug_779982.html
rename : dom/tests/mochitest/webapps/head.js => dom/apps/tests/head.js
rename : dom/tests/mochitest/webapps/test_bug_779982.html => dom/apps/tests/test_bug_779982.html
rename : dom/tests/mochitest/webapps/test_list_api.xul => dom/apps/tests/test_list_api.xul
 2016-01-31 15:04:54 -08:00
Gijs Kruitbosch
318722bcf1 Bug 1242909, r=ckerschb 
--HG--
extra : commitid : 4MmsATsPR5X
 2016-01-26 11:52:31 +00:00
Kate McKinley
66aa150bc3 Bug 1007634 - Add a test to show that Worker construction is no longer allowed by CSP script-src directive. r=ckerschb 
--HG--
extra : amend_source : 0acea47a18c3a40be6e7fe50db1c71bc9dd91b3a
 2016-01-21 16:57:00 -05:00
Kate McKinley
b0483f9b8c Bug 1213633 - Test childDocument prior to use. r=tanvi 2016-01-04 16:37:14 -08:00
Carsten "Tomcat" Book
248f7a3dee merge mozilla-inbound to mozilla-central a=merge 2016-01-20 15:34:34 +01:00
Paolo Amadini
3ae375bf1c Bug 1217766 - All PDFs trigger the insecure password warning. r=MattN,bz 
--HG--
extra : commitid : 1aP0he1jDxh
extra : rebase_source : 49375a644ff345fe479b060945f6fe61efe52df7
 2016-01-18 14:54:18 +00:00
Christoph Kerschbaumer
fecee7be59 Bug 1224694 - Unify and clean up initialization of CSP (r=sicking) 2016-01-14 13:21:31 -08:00
Christoph Kerschbaumer
071f422450 Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-14 12:38:15 -08:00
Christoph Kerschbaumer
238b5ed942 Bug 1208946 - Update tests for URI stripping in CSP reports (r=dveditz) 2016-01-14 12:37:15 -08:00
Christoph Kerschbaumer
3d4a5ddffa Bug 1208946 - Strip URIs in CSP reports (r=dveditz) 2016-01-14 12:36:50 -08:00
Ben Kelly
0e30d8b611 Bug 1237455 P1 Make file_CrossSiteXHR_server.sjs check headers on redirects. r=ehsan 2016-01-19 13:54:14 -08:00
Christoph Kerschbaumer
18e28eaf42 Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking) 2016-01-19 09:10:50 -08:00
Nigel Babu
7089beabc7 Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage 
--HG--
extra : commitid : ytS8fc4lFu
 2016-01-14 08:04:37 +05:30
Christoph Kerschbaumer
c42851930c Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking) 2016-01-13 15:51:43 -08:00
Andrew McCreight
9c67777407 Bug 1237799, part 2 - Use setTestPluginEnabledState in various tests. r=gfritzsche 
This make these tests pass with e10s.

Also, add a missing open quote to test_bug827160.html.
 2016-01-12 16:50:34 -08:00
Shu-yu Guo
1768759efb Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm) 2016-01-06 16:02:16 -08:00
Ethan Tseng
caf218fa3e Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb 2015-12-17 12:07:37 +08:00
Christoph Kerschbaumer
93de65860e Bug 1223743 - Test CSP enforcement for multipart channels (r=sicking) 2015-12-14 10:06:47 -08:00
Bogdan Postelnicu
9811f5c2eb Bug 1228497 - initialize 3 members in class. r=christophkerschbaumer 2015-12-10 00:33:00 +01:00
Jonas Sicking
0bb4231605 Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb 2015-12-06 18:33:15 -05:00
Jonas Sicking
f7193fdf30 Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly 2015-12-06 18:33:15 -05:00
Jonas Sicking
28de02f687 Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb 2015-12-06 18:33:14 -05:00
Jonas Sicking
6cc5074df0 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout 2015-12-05 16:34:47 +01:00
Jonas Sicking
993136c2c9 Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb 2015-12-05 01:46:21 -08:00
Jonas Sicking
7fae3fd853 Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly 2015-12-05 01:46:20 -08:00
Jonas Sicking
ff12f48c5a Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb 2015-12-05 01:46:20 -08:00
Jonas Sicking
df33e62850 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-05 01:46:20 -08:00
Yury Delendik
5576308d8c Bug 1218029 - Implements progressive Unicode chars decoding in nsScriptLoader. r=djvj 
--HG--
extra : commitid : 4fqBUFXilM5
 2015-11-30 08:54:52 -06:00
Yury Delendik
aeaf497a64 Bug 1218029 - Adds SRICheckDataVerifier for progressing data handling. r=francois 
--HG--
extra : commitid : DLkHFWfJFxT
 2015-11-30 08:54:40 -06:00
Yury Delendik
66199890c4 Bug 1218029 - Adds IncrementalStreamLoader interface stubs. r=djvj 
--HG--
extra : commitid : J0UubFG9gvz
 2015-11-30 08:54:11 -06:00
Christoph Kerschbaumer
20d9928a1b Bug 1228116 - Relax Security checks for DTD loads. r=sicking 
--HG--
extra : rebase_source : 53f2deeb44dd29dbb4d6f50a8435763cb07df8a1
 2015-11-25 13:38:05 -08:00
sajitk
5fb2c53074 Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini 2015-11-23 11:09:25 -08:00
Ehsan Akhgari
76fa5db947 Bug 1210302 - Part 4: Add automated tests; r=sicking 2015-11-20 16:32:53 -05:00
Christoph Kerschbaumer
143b334dd4 Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz) 2015-11-20 10:55:54 -08:00
Christoph Kerschbaumer
d4843470df Bug 1226324 - Do not use NS_ENSURCE_SUCCESS(rv, NS_OK) within nsContentSecurityManager. r=tanvi 2015-11-19 14:22:57 -08:00
Nigel Babu
ba8444d785 Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE 2015-11-19 14:26:33 +05:30
Christoph Kerschbaumer
ab10273998 Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz) 2015-11-18 19:23:28 -08:00
Andrea Marchesini
36e922b9b7 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger 2015-11-16 22:41:54 +00:00
Wes Kocher
9d1f194cbb Backed out 2 changesets (bug 1218433) for wpt failures CLOSED TREE 
Backed out changeset 1cc8cc0444c0 (bug 1218433)
Backed out changeset 5418ca0e0378 (bug 1218433)

--HG--
extra : commitid : H1h8VHrzxx8
 2015-11-16 11:13:43 -08:00
Andrea Marchesini
76aba80dc5 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger 2015-11-16 16:57:29 +00:00
Sebastian Hengst
a0cf7d50ad Backed out 2 changesets (22360424ed15, 325a67608df0) (bug 1218433) for W(1,2) failures. r=backout on a CLOSED TREE 
Backed out changeset 22360424ed15 (bug 1218433)
Backed out changeset 325a67608df0 (bug 1218433)
 2015-11-15 15:56:45 +01:00
Andrea Marchesini
3285721a07 Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking 2015-11-15 11:57:22 +00:00
Christoph Kerschbaumer
c941fd4008 Bug 663570 - Test 5: doc.write(meta csp) (r=sicking) 2015-11-14 19:30:24 -08:00
Christoph Kerschbaumer
749afb19d4 Bug 663570 - Test 4: update referrer tests (r=sicking) 2015-11-14 19:30:16 -08:00
Christoph Kerschbaumer
74f7445a35 Bug 663570 - Test 3: update upgrade-insecure-requests tests (r=sicking) 2015-11-14 19:30:08 -08:00
Christoph Kerschbaumer
55d2e60a7e Bug 663570 - Test 2: meta and header dual test (r=sicking) 2015-11-14 19:29:58 -08:00
Christoph Kerschbaumer
82df3d1b9b Bug 663570 - Test 1: baseline tests (r=sicking) 2015-11-14 19:29:45 -08:00
Christoph Kerschbaumer
3bac30dca9 Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking) 2015-11-14 19:29:18 -08:00
Christoph Kerschbaumer
96f42dd458 Bug 663570 - MetaCSP Part 1: CSP parser changes (r=sicking) 2015-11-14 19:27:59 -08:00
Jonas Sicking
27c89ea082 Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb 
--HG--
rename : dom/workers/test/serviceworkers/test_eval_not_allowed.html^headers^ => dom/workers/test/serviceworkers/test_eval_allowed.html^headers^
 2015-11-10 21:16:12 -08:00
Wes Kocher
2e6d1e7dfb Backed out changeset d12f758f5f36 (bug 1223647) for android csp test failures 
--HG--
extra : commitid : GRTvvKDy9Ki
 2015-11-11 14:27:52 -08:00
Jonas Sicking
ea6cf63b0f Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb 2015-11-10 21:16:12 -08:00
Kit Cambridge
8431cd65cd Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana 
--HG--
extra : commitid : 6RrHT77kcOj
extra : rebase_source : b5b498cc266e2c1c97459ace3da3febbb6a34e65
 2015-11-10 10:50:46 -08:00
Christoph Kerschbaumer
1873ead519 Bug 1219931 - CSP: Don't allow removing a policy (r=sicking) 2015-11-02 08:04:15 -08:00
Christoph Kerschbaumer
50588ca7c1 Bug 1188028 - Queue up CSP console messages till windowID is available (r=sicking) 2015-11-11 06:23:57 -08:00
Christoph Kerschbaumer
a876eba5c9 Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking) 2015-07-27 11:57:56 -07:00
Phil Ringnalda
b98d58e46d Back out changeset 4d6d9c1e52e4 (bug 1223647) for failures in test_csp.html, csp/test_redirects.html and csp/test_worker_redirect.html 
--HG--
extra : rebase_source : a4a53053968cfa19e6544dd3e59e36ef23fcf353
 2015-11-10 23:10:04 -08:00
Jonas Sicking
426e42e7f9 Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb 2015-11-10 21:16:12 -08:00
Kate McKinley
00b9a85bd6 Bug 1045891 - Tests for child-src r=ckerschb 2015-11-09 16:42:26 +09:00
Kate McKinley
67f4155fe6 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Carsten "Tomcat" Book
4d6f05d2f8 merge mozilla-inbound to mozilla-central a=merge 2015-11-09 14:55:30 +01:00
Gregor Wagner
96837db759 Bug 1222478 - Enable more mulet tests. r=gerard-majax 2015-11-06 20:01:45 +01:00
Andrea Marchesini
9d98f9a481 Bug 1215235 - Drop support for jar: URIs by default, r=bz 2015-11-04 11:19:02 +00:00
Jonas Sicking
c9e5049446 Bug 1213646: Allow URI_IS_UI_RESOURCE and safe about: URIs when SEC_ALLOW_CHROME is set. r=bz 2015-11-04 00:05:16 -08:00
Andrew McCreight
0d2779ef10 Bug 1222105 - Make test_report.html and test_blocked_uri_in_reports.html work with e10s. r=ckerschb 2015-11-06 16:03:03 -08:00
Paolo Amadini
0238bd1276 Bug 1221365 - Tests for "Is origin potentially trustworthy?" logic. r=ckerschb,bkelly 2015-11-06 11:10:08 -08:00
Matthew Noorenberghe
a0a2b249c4 Bug 1221365 - Move "Is origin potentially trustworthy?" logic outside ServiceWorkerManager.cpp. r=ckerschb,bkelly 2015-11-06 11:10:17 -08:00
Wes Kocher
f8ad8afb5a Backed out 4 changesets (bug 1045891) for b2g mochitest 7 failures 
Backed out changeset c590b18c5885 (bug 1045891)
Backed out changeset 14818a2329a4 (bug 1045891)
Backed out changeset e44d41985fed (bug 1045891)
Backed out changeset 781a76befe01 (bug 1045891)

--HG--
extra : commitid : 77UlfZzjWcg
 2015-11-06 09:36:49 -08:00
Kate McKinley
3b59b81c93 Bug 1045891 - CSP 2 child-src implementation. r=ckerschb 2015-10-28 16:32:27 -07:00
Kate McKinley
ad73bf4611 Bug 1045891 - Tests for child-src. r=ckerschb 2015-09-30 15:26:25 -07:00
Carsten "Tomcat" Book
30ff2fd956 Backed out changeset 26e162e72ae1 (bug 1045891) 2015-11-02 10:37:52 +01:00
Carsten "Tomcat" Book
deb9310786 Backed out changeset 895c42544609 (bug 1045891) 2015-11-02 10:37:51 +01:00
Kate McKinley
d4da8266d4 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Kate McKinley
38bf8db214 Bug 1045891 - Tests for child-src r=ckerschb 2015-09-30 15:26:25 -07:00
Andrew McCreight
5981b92f78 Bug 1219842 - Enable a bunch of mochitest-plain tests under e10s. r=mrbkap 2015-10-31 06:26:44 -07:00
Makoto Kato
1929f6c7c4 Bug 1218315 - Replace NS_LITERAL_STRING(...).get() with MOZ_UTF16(...) on dom. r=nfroyd 2015-10-28 14:29:57 +09:00
Christoph Kerschbaumer
d4eaf0fdf6 Bug 1191645 - Use channel->asycnOpen2 in dom/base/nsSyncLoadService.cpp. r=sicking 2015-10-26 14:22:59 -07:00
Christoph Kerschbaumer
ddb2d645e5 Bug 1194526 - Use channel->asycnOpen2 in dom/base/nsScriptLoader.cpp (r=sicking) 2015-10-19 18:33:37 -07:00
Jonas Sicking
d3a92a7fa1 Bug 1195167 part 5: Make FetchDriver use AsyncOpen2. r=bkelly 2015-10-19 18:24:36 -07:00
Jonas Sicking
be2deca017 Bug 1195167 part 1: Let necko handle all protocols. r=bkelly 2015-10-19 18:24:36 -07:00
Jonas Sicking
cc10dd7ad3 Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan 2015-10-19 11:14:54 -07:00
Jonas Sicking
4316c13003 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-19 11:14:54 -07:00
Christoph Kerschbaumer
643f27c257 Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz) 2015-10-18 19:59:18 -07:00
Christoph Kerschbaumer
733163ef2b Bug 1208559 - Tests. r=bholley 2015-10-18 19:37:40 -07:00
Nathan Froyd
01583602a9 Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout.  The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.

CLOSED TREE makes big refactorings like this a piece of cake.

 # The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    xargs perl -p -i -e '
 s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
 s/nsRefPtr ?</RefPtr</g;   # handle declarations and variables
'

 # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h

 # Handle nsRefPtr.h itself, a couple places that define constructors
 # from nsRefPtr, and code generators specially.  We do this here, rather
 # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
 # things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
     mfbt/nsRefPtr.h \
     xpcom/glue/nsCOMPtr.h \
     xpcom/base/OwningNonNull.h \
     ipc/ipdl/ipdl/lower.py \
     ipc/ipdl/ipdl/builtin.py \
     dom/bindings/Codegen.py \
     python/lldbutils/lldbutils/utils.py

 # In our indiscriminate substitution above, we renamed
 # nsRefPtrGetterAddRefs, the class behind getter_AddRefs.  Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
    xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'

if [ -d .git ]; then
    git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
    hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi

--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
 2015-10-18 01:24:48 -04:00
Wes Kocher
c2b3d9275b Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors 
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
 2015-10-15 14:07:06 -07:00
Jonas Sicking
2578b19458 Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan 2015-10-15 12:18:21 -07:00
Jonas Sicking
81a15a3362 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-15 12:18:20 -07:00
Ben Kelly
d803731730 Bug 1210413 P2 Test CORS credentials on cross-origin redirects. r=sicking a=dveditz 2015-10-07 14:33:31 -07:00
Francois Marier
5adc75d084 Bug 1208629 - Properly support data: and blob: URIs with an integrity atribute. r=ckerschb 2015-10-07 11:27:19 -07:00
Carsten "Tomcat" Book
08997000eb Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE 
Backed out changeset 647025383676 (bug 1202902)
Backed out changeset d70c7fe532c6 (bug 1202902)
 2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central 
Backed out changeset cfc1820361f5 (bug 1202902)

--HG--
extra : rebase_source : 5d3db72337754bc7ab0ed0c30b2896100411ff92
 2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6 Bug 1202902 - Scripted fix the world. 2015-10-06 14:00:31 -07:00
Ehsan Akhgari
48e01cb303 Tests for bug 1200869; r=sicking 2015-09-29 23:12:52 -04:00
Ehsan Akhgari
1b07208138 Tests for bug 1200856; r=sicking 2015-09-29 23:12:51 -04:00
Christoph Kerschbaumer
fda3fd3cbf Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStylesheetCompiler.cpp (r=sicking) 2015-09-28 16:34:47 -07:00
Christoph Kerschbaumer
a28aacf667 Bug 1048048 - add preload content policy types - tests (r=dveditz) 
CLOSED TREE

--HG--
extra : source : 02c6d6aef163530bafee0d39761f18ca3aa1f40c
extra : amend_source : bff4f1c8ed0fe42addb24774b8c6dd89fe2c7905
 2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
f3e1d73e58 Bug 1048048 - add preload content policy types - csp changes (r=dveditz) 
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
 2015-09-20 14:56:34 -07:00
Wes Kocher
cd079d2bf9 Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE 
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
 2015-09-21 09:08:34 -07:00
Christoph Kerschbaumer
b2de9adb18 Bug 1048048 - add preload content policy types - csp changes (r=dveditz) 2015-09-20 14:56:34 -07:00
Christoph Kerschbaumer
47de316d52 Bug 1048048 - add preload content policy types - tests (r=dveditz) 2014-10-31 13:37:59 -07:00
Christoph Kerschbaumer
6d3847c487 Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) 
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
 2015-09-18 09:27:15 -07:00
Wes Kocher
8414be2356 Backed out 3 changesets (bug 1143922) for landing with the wrong bug number 
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
 2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer
b01fc3ad90 Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking) 2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer
796647f603 Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz) 2015-09-17 22:34:49 -07:00
Christoph Kerschbaumer
8001d76219 Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz) 2015-09-17 22:34:16 -07:00
Ehsan Akhgari
59c135c176 Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi 2015-09-16 19:15:30 -04:00
Chris Peterson
bfd0628cd5 Bug 1203234 - Re-enable -Wshadow warnings in /dom/security. r=ckerschb 2015-09-14 22:54:22 -07:00
Christoph Kerschbaumer
1e5ee64415 Bug 1195162 - Use channel->ascynOpen2 dom/xbl/nsXBLService.cpp (r=sicking) 2015-09-14 18:59:35 -07:00
Ehsan Akhgari
a4ac3ec0b4 Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell 
--HG--
rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp
rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h
 2015-09-12 19:20:52 -04:00