Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 01:35:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
669,222 Commits 615 Branches 98 Tags 5.9 GiB
bb899238e7
Commit Graph

56 Commits

Author SHA1 Message Date
Andreea Pavel
8f56db01f7 Backed out changeset d0aae34d9b95 (bug 1529068) for failing form-redirected-blocked.sub.html on a CLOSED TREE 
--HG--
extra : rebase_source : 4d7a73e1f40de001031c61fba240c57961a902d8
 2019-08-07 01:39:29 +03:00
Benjamin
455d7a7789 Bug 1529068 - navigate-to r=ckerschb,mccr8 
Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

--HG--
extra : moz-landing-system : lando
 2019-08-06 18:27:45 +00:00
Christoph Kerschbaumer
ad40847192 Bug 1567877: Apply Meta CSP to about:devtools-toolbox. r=jdescottes,Ehsan 
Differential Revision: https://phabricator.services.mozilla.com/D39328

--HG--
extra : moz-landing-system : lando
 2019-07-30 07:14:09 +00:00
Boris Zbarsky
9de72a3ac6 Bug 1557793 part 2. Stop using [array] in nsIStringBundle. r=Pike 
Differential Revision: https://phabricator.services.mozilla.com/D34196

--HG--
extra : moz-landing-system : lando
 2019-06-11 15:51:51 +00:00
Christoph Kerschbaumer
b633427366 Bug 965637: Move CSP from Principal into Client, part 1: backend changes. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D27654

--HG--
extra : moz-landing-system : lando
 2019-05-21 23:14:27 +00:00
Sebastian Streich
82fb5d3ddf Bug 1386214 - Remove require-sri from the CSP-Module r=ckerschb,qdot 
Differential Revision: https://phabricator.services.mozilla.com/D24880

--HG--
extra : moz-landing-system : lando
 2019-03-26 21:58:48 +00:00
Sylvestre Ledru
265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
 2018-11-30 11:46:48 +01:00
Andrea Marchesini
dbb1bf7e31 Bug 1438945 - Part 6: CSP via IPC. r=ckerschb 
--HG--
extra : rebase_source : 8ea27a931619ec0bf75035039c9b4d66d23d7e70
 2018-11-19 15:18:21 -08:00
Ted Campbell
f8cc48bd62 Bug 1508180 - Use uppercase names for high-order macros in dom/ r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D12232

--HG--
extra : moz-landing-system : lando
 2018-11-19 17:31:17 +00:00
Christoph Kerschbaumer
adac33969a Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku 2018-07-20 19:57:21 +02:00
Andreea Pavel
b5a482c899 Backed out 3 changesets (bug 1475073, bug 1304645, bug 1474537) for failing wpt and mochitest on a CLOSED TREE 
Backed out changeset 4fbeea69b10d (bug 1475073)
Backed out changeset d3ac68d9ead9 (bug 1304645)
Backed out changeset 113b601a3b59 (bug 1474537)
 2018-07-20 14:00:09 +03:00
Christoph Kerschbaumer
1de27c0297 Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku 2018-07-20 10:42:46 +02:00
Andrea Marchesini
9042bfbc94 Bug 1473218 - Implement report-sample support for CSP directives, r=ckerschb 2018-07-06 08:01:49 +02:00
Andrea Marchesini
b5118e1ddf Bug 1302449 - Remove the "referrer" directive in CSP, r=ckerschb 2018-05-09 13:15:08 +02:00
Jonathan Kingston
0d79353b7d Bug 1439425 - Ignore empty CSP directives. r=ckerschb 
MozReview-Commit-ID: 67Ach2vCs8A

--HG--
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_empty_directive.html
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_empty_directive.html^headers^
rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_empty_directive.html
extra : rebase_source : 1270d3d1aa8d53389e8708d29d2e363e52c02029
 2018-03-06 18:48:26 -08:00
Andrea Marchesini
5784769019 Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug 2018-03-13 06:40:38 +01:00
Chung-Sheng Fu
d1124b72c7 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL

--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
 2018-01-16 22:59:00 +02:00
Andreea Pavel
77efdcf21a Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge 
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
 2018-01-16 13:02:32 +02:00
Chung-Sheng Fu
eaddf31393 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL
 2018-01-15 23:30:00 +02:00
Chris Peterson
37efe4d0e6 Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj 
MozReview-Commit-ID: DCPTnyBooIe

--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
 2017-11-05 19:37:28 -08:00
Christoph Kerschbaumer
2fd8493f7f Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley 2017-10-30 18:45:36 +01:00
Coroiu Cristina
44d1b50592 Backed out changeset 70ccfda99dbc::ca6ae38c0432 (bug 1302667) for frequently failing mochitest in security/test/csp/test_worker_src.html r=backout a=backout on a CLOSED TREE 
Backed out changeset ca6ae38c0432 (bug 1302667)
Backed out changeset ff86e185e09d (bug 1302667)
Backed out changeset 8ec6b8bf8c6c (bug 1302667)
Backed out changeset 21c73f9d8fac (bug 1302667)
Backed out changeset e982481dbf2c (bug 1302667)
Backed out changeset 70ccfda99dbc (bug 1302667)
 2017-10-30 14:19:29 +02:00
Christoph Kerschbaumer
58b63c1576 Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley 2017-10-30 09:10:36 +01:00
Nicholas Nethercote
159f6b5627 Bug 1406794 - Provide the CSP keywords in both UTF8 and UTF16 forms. r=ckerschb 
This avoids the need for numerous 8-to-16-bit and 16-to-8-bit string
conversions.

The patch also introduces a higher-order macro, FOR_EACH_CSP_KEYWORD, which
defines all the stuff about the keywords in a single place and makes the code
nicer.

--HG--
extra : rebase_source : b0f655546aa397749bb18dc7d6d27fbc12fe8fca
 2017-10-06 16:16:52 +11:00
Christoph Kerschbaumer
79a239cba5 Bug 1387684 - CSP: Special case 'self' for unique opaque origins. r=dveditz 2017-08-23 10:05:12 +02:00
Nicholas Nethercote
f941156987 Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron. 
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.

The patch also removes a couple of unused declarations from
nsIStringBundle.idl.

Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.

--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
 2017-08-04 14:40:52 +10:00
Nicholas Nethercote
c86dc10505 Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk. 
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:

- a 16-bit C string literal, which is then converted to an 8-bit string in
  order for the lookup to occur;

- an 8-bit C string literal converted to a 16-bit string, which is then
  converted back to an 8-bit string in order for the lookup to occur.

This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.

The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.

Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.

The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)

--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
 2017-07-12 15:13:37 +10:00
Sylvestre Ledru
4e9cf83ee8 Bug 1378712 - Remove all trailing whitespaces r=Ehsan 
MozReview-Commit-ID: Kdz2xtTF9EG

--HG--
extra : rebase_source : 7235b3802f25bab29a8c6ba40a181a722f3df0ce
 2017-07-06 14:00:35 +02:00
Christoph Kerschbaumer
4956d67907 Bug 1367531: CSP should only check host (not including path) when performing frame ancestors checks. r=dveditz 2017-06-06 09:12:13 +02:00
Christoph Kerschbaumer
f18a8897be Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
Christoph Kerschbaumer
c267f70f91 Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb 2016-11-08 12:55:23 +01:00
Christoph Kerschbaumer
f41283f981 Bug 1298680 - Use uint64_t consistently for windowID within CSP. r=freddyb 2016-09-19 12:57:20 +02:00
Henry Chang
f9eeeb2620 Bug 1229639 - Part 1: Match CSP host source with percent-decoded URI. r=ckerschb 
MozReview-Commit-ID: CSGeoSR2qw8

--HG--
extra : rebase_source : f64cb0b9cab61ec09faa29139f72d28272fbbedb
 2016-09-06 18:29:26 +08:00
Christoph Kerschbaumer
df1432e805 Bug 1290560 - Update CSPParser to handle 'sandbox', 'require-sri' and 'report-uri' with no valid srcs correctly. r=dveditz 2016-08-19 18:41:45 +02:00
Thomas Nguyen
6516ad9dae Bug 959388 - Deliver CSP from HTTP header. r=ckerschb, r=khuey 
MozReview-Commit-ID: 13ndERn6rrL

--HG--
extra : rebase_source : e0ec31f9d322b1385994eb7d66bd885c91d75df3
 2016-06-30 12:31:59 +08:00
Paul Roberts
ec18fc5ff7 Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug 
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
 2016-06-29 07:48:44 -07:00
Frederik Braun
404a0bbb99 Bug 1265318: add require-sri-for CSP directive. r=ckerschb 
MozReview-Commit-ID: 200PAvKtBME
 2016-05-31 11:14:00 +02:00
Carsten "Tomcat" Book
927b1a0b3a Backed out changeset 7469725d7461 (bug 959388) 2016-05-23 11:36:12 +02:00
Thomas Nguyen
32e38271c9 Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey 
MozReview-Commit-ID: LUl5LyO94m3

--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
 2016-05-19 11:57:32 +08:00
Frederik Braun
582caa399f Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb 
MozReview-Commit-ID: I1w9QrWJeEo

--HG--
extra : histedit_source : 1258cfc50d32c10f0de90ba1e863e21ae3ebf0f8
 2016-04-24 14:56:22 -04:00
Kris Maglione
f3feb0cfd3 Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb 
MozReview-Commit-ID: G8b86UvSv0y

--HG--
extra : rebase_source : c7857e88af0d94dd1162dccfe12aae6567945f2c
 2016-04-23 20:42:43 -07:00
Christoph Kerschbaumer
39f2d53360 Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap) 2016-01-13 20:58:16 -08:00
Kate McKinley
67f4155fe6 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Birunthan Mohanathas
a8939590de Bug 1182996 - Fix and add missing namespace comments. rs=ehsan 
The bulk of this commit was generated by running:

  run-clang-tidy.py \
    -checks='-*,llvm-namespace-comment' \
    -header-filter=^/.../mozilla-central/.* \
    -fix
 2015-07-13 08:25:42 -07:00
Christoph Kerschbaumer
d338b7f9d9 Bug 1139297 - Implement CSP upgrade-insecure-requests directive - csp changes (r=sstamm) 
--HG--
extra : rebase_source : 34377eb11cf33beef768bd11883c048c37351a8d
 2015-07-10 09:13:54 -07:00
Marcos Caceres
8fc79cb285 Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb 
---
 dom/base/nsContentPolicyUtils.h                    |   1 +
 dom/base/nsDataDocumentContentPolicy.cpp           |   3 +-
 dom/base/nsIContentPolicy.idl                      |   2 +-
 dom/base/nsIContentPolicyBase.idl                  |   7 +-
 dom/base/nsISimpleContentPolicy.idl                |   2 +-
 dom/base/test/csp/browser.ini                      |   4 +
 dom/base/test/csp/browser_test_web_manifest.js     | 265 +++++++++++++++++++++
 .../csp/browser_test_web_manifest_mixed_content.js |  55 +++++
 dom/base/test/csp/file_CSP_web_manifest.html       |   6 +
 dom/base/test/csp/file_CSP_web_manifest.json       |   1 +
 .../test/csp/file_CSP_web_manifest.json^headers^   |   1 +
 dom/base/test/csp/file_CSP_web_manifest_https.html |   4 +
 dom/base/test/csp/file_CSP_web_manifest_https.json |   1 +
 .../csp/file_CSP_web_manifest_mixed_content.html   |   9 +
 .../test/csp/file_CSP_web_manifest_remote.html     |   8 +
 dom/base/test/csp/file_csp_testserver.sjs          |  14 +-
 dom/base/test/csp/mochitest.ini                    |   7 +
 dom/base/test/moz.build                            |   5 +-
 dom/fetch/InternalRequest.cpp                      |   3 +
 dom/fetch/InternalRequest.h                        |   2 +-
 .../security/nsIContentSecurityPolicy.idl          |   3 +-
 dom/ipc/manifestMessages.js                        |  25 +-
 dom/security/nsCSPUtils.cpp                        |   7 +
 dom/security/nsCSPUtils.h                          |  10 +-
 dom/security/nsMixedContentBlocker.cpp             |   1 +
 dom/webidl/CSPDictionaries.webidl                  |   1 +
 extensions/permissions/nsContentBlocker.cpp        |   6 +-
 netwerk/mime/nsMimeTypes.h                         |   1 +
 28 files changed, 439 insertions(+), 15 deletions(-)
 create mode 100644 dom/base/test/csp/browser.ini
 create mode 100644 dom/base/test/csp/browser_test_web_manifest.js
 create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html
 create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html
 2015-06-02 15:42:19 -04:00
Christoph Kerschbaumer
f679dfded5 Bug 1129999 - Implement CSP devtool using GCLI; CSP to JSON (r=sstamm,bholley) 2015-05-21 11:16:04 -07:00
Eric Rahm
4879ae86f4 Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj 2015-05-19 11:15:34 -07:00
Andrew McCreight
9e8f4b219e Bug 1152551, part 2 - Fix mode lines in dom/. r=jst 2015-05-03 15:32:37 -04:00
Christoph Kerschbaumer
b2c8937b41 Bug 1004703 - ignore 'unsafe-inline' if nonce- or hash-source specified (r=sstamm) 
--HG--
extra : rebase_source : 119d3903ba156300f49f097efe2d18bbf8c8a6b5
 2015-04-07 09:06:05 -07:00