Commit Graph

1907 Commits

Author SHA1 Message Date
Jonathan Kingston
2a8b750345 Bug 1502743 - Replace black/whitelist within caps to block/allowlist r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D10013

--HG--
extra : moz-landing-system : lando
2018-10-31 17:56:43 +00:00
Kyle Machulis
6d3b4e7492 Bug 1492648 - Move from nsDocShellLoadInfo to nsDocShellLoadState; r=bz, nika
Creates the nsDocShellLoadState object, which is basically
nsDocShellLoadInfo plus a few extra fields to make it usable as a
single argument to nsDocShell::LoadURI (and eventually
nsDocShell::InternalLoad).

Subframe history handling is a huge logic block in
nsDocShell::LoadURI, which is only used on history loads. This patch
also extracts the logic out into its own function to make the body of
LoadURI clearer.
2018-10-29 17:13:29 -07:00
Kyle Machulis
ee8ccacb05 Backed out changeset fa8487b94a38 due to a=BUSTAGE on comm-central 2018-10-29 12:28:02 -07:00
Tim Huang
15c3ab7c9c Bug 1492607 - Part 1: Making postMessage to be aware of OAs when the targetOrigin is "*." r=arthuredelstein,baku
This patch adds a MOZ_DIAGNOSTIC_ASSERT for assuring the OAs
are matching when the targetOrigin is "*" for the postMessage().
But it ignores the FPD in OA since the FPDs are possible to be
different.

We also add a new pref 'privacy.firstparty.isolate.block_post_message'
for allowing blocking postMessage across different FPDs.

Differential Revision: https://phabricator.services.mozilla.com/D8521

--HG--
extra : moz-landing-system : lando
2018-10-25 06:47:08 +00:00
Kyle Machulis
ca0550b32b Bug 1492648 - Move from nsDocShellLoadInfo to nsDocShellLoadState r=bzbarsky,nika
Creates the nsDocShellLoadState object, which is basically
nsDocShellLoadInfo plus a few extra fields to make it usable as a
single argument to nsDocShell::LoadURI (and eventually
nsDocShell::InternalLoad).

Subframe history handling is a huge logic block in
nsDocShell::LoadURI, which is only used on history loads. This patch
also extracts the logic out into its own function to make the body of
LoadURI clearer.

Differential Revision: https://phabricator.services.mozilla.com/D6944

--HG--
rename : docshell/base/nsDocShellLoadInfo.cpp => docshell/base/nsDocShellLoadState.cpp
rename : docshell/base/nsDocShellLoadInfo.h => docshell/base/nsDocShellLoadState.h
extra : moz-landing-system : lando
2018-10-26 03:50:37 +00:00
Collin Wing
795a861aad Bug 1497087 Remove eula support from addons manager r=Gijs,aswan
Differential Revision: https://phabricator.services.mozilla.com/D8149

--HG--
extra : rebase_source : 906a5e7e38ba1293002579e699425c7410601d92
extra : source : 2d0174d68cec998537cb529f688c96cfa729a892
2018-10-19 21:52:20 +00:00
Margareta Eliza Balazs
1a7c7d8823 Merge mozilla-central to autoland. a=merge CLOSED TREE 2018-10-23 12:31:53 +03:00
Andrea Marchesini
4439acd683 Bug 1498510 - Move nsICSPEventListener out of CSP object, r=ckerschb 2018-10-23 08:17:13 +02:00
Julian Descottes
73e3a16c0d Bug 1499096 - Use ok() with 2 arguments instead of 3 when possible;r=Standard8
Depends on D8740.
This changeset replaces calls to ok with 3 arguments to calls with 2 arguments
in situations where the switch does not have a significant impact on the assert.

Differential Revision: https://phabricator.services.mozilla.com/D8741

--HG--
extra : moz-landing-system : lando
2018-10-23 07:13:35 +00:00
Mark Banner
ceaeb93550 Bug 1486741 - Enable ESLint rule comma-dangle for all of mozilla-central (automatic fixes). r=mossop
Differential Revision: https://phabricator.services.mozilla.com/D8389

--HG--
extra : moz-landing-system : lando
2018-10-19 12:55:39 +00:00
Narcis Beleuzu
5d00f78a13 Backed out changeset 8dd09fad1f35 (bug 1492648) for bc failures on browser_auto_close_window.js
--HG--
rename : docshell/base/nsDocShellLoadState.cpp => docshell/base/nsDocShellLoadInfo.cpp
rename : docshell/base/nsDocShellLoadState.h => docshell/base/nsDocShellLoadInfo.h
2018-10-19 10:11:33 +03:00
Kyle Machulis
0bb3246aa5 Bug 1492648 - Move from nsDocShellLoadInfo to nsDocShellLoadState r=bzbarsky,nika
Creates the nsDocShellLoadState object, which is basically
nsDocShellLoadInfo plus a few extra fields to make it usable as a
single argument to nsDocShell::LoadURI (and eventually
nsDocShell::InternalLoad).

Subframe history handling is a huge logic block in
nsDocShell::LoadURI, which is only used on history loads. This patch
also extracts the logic out into its own function to make the body of
LoadURI clearer.

Differential Revision: https://phabricator.services.mozilla.com/D6944

--HG--
rename : docshell/base/nsDocShellLoadInfo.cpp => docshell/base/nsDocShellLoadState.cpp
rename : docshell/base/nsDocShellLoadInfo.h => docshell/base/nsDocShellLoadState.h
extra : moz-landing-system : lando
2018-10-18 22:14:54 +00:00
Christoph Kerschbaumer
bf820bc9d2 Bug 1499355: EnsurePreloadCSP on SystemPrincipal should return error. r=baku 2018-10-17 07:05:55 +02:00
vinoth
7b887cfbbc Bug 1498885 - Assertion added in ContentSecurityPolicyPermitsJSAction() to not allow eval with SystemPrincipal r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D8683

--HG--
extra : moz-landing-system : lando
2018-10-15 08:02:04 +00:00
Jan de Mooij
cfc1f8fa90 Bug 1491728 - Fix ContentPrincipal::GetSiteOrigin to handle IPv6 addresses correctly. r=bzbarsky
The problem is that we used ThirdPartyUtil.getBaseDomain and for IP addresses that
returns the host, and for IPv6 addresses GetHost strips the '[' and ']' brackets.
Then when we passed that IP address to SetHost, we failed because SetHost wants
the brackets to be present.

This patch changes GetSiteOrigin to call getBaseDomain on the TLD service instead,
so we can handle this case ourselves by not calling SetHost when we have an IP
address. GetBaseDomain still uses ThirdPartyUtil.

I tried to add a test for this (with an iframe + postMessage) but the mochitest
http server doesn't support IPv6.

Differential Revision: https://phabricator.services.mozilla.com/D6523

--HG--
extra : moz-landing-system : lando
2018-10-01 12:16:39 +00:00
Kris Maglione
b9ad1e41b7 Bug 1473933: Remove xpinstallConfirm dialog. r=aswan
Differential Revision: https://phabricator.services.mozilla.com/D6854

--HG--
extra : rebase_source : 15a43212697a02ef7aa35eccc4b3c09bd195d7ed
2018-09-25 15:33:52 -07:00
Christoph Kerschbaumer
60e3239dee Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-25 07:25:05 +02:00
shindli
0b6d93ef4d Backed out changeset 510e95767aeb (bug 1490874) for security failures in browser/components/payments/test/mochitest/test_basic_card_form.html CLOSED TREE 2018-09-24 11:43:30 +03:00
Christoph Kerschbaumer
0df81cd9f4 Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-24 09:34:04 +02:00
Jan de Mooij
4a02cf562c Bug 1491342 - Ignore document.domain in ShouldWaiveXray. r=bholley
We want to get rid of JS_GetCompartmentPrincipals. The origin stored in CompartmentPrivate does not account for document.domain changes because that's a per-realm thing.

Fortunately we should not have waivers in any cases that involve document.domain.

Differential Revision: https://phabricator.services.mozilla.com/D6035

--HG--
extra : moz-landing-system : lando
2018-09-21 07:13:15 +00:00
Andrea Marchesini
d654a2915d Bug 1422456 - Origin for about: URL should not contain query or ref parts, r=smaug 2018-09-14 20:07:22 +02:00
Jan de Mooij
cb90b553cd Bug 1487032 - Store origin/site info in CompartmentPrivate. r=bholley
This will let us answer the following questions (in a performant way):

1) What's the compartment's origin? Necessary to implement compartment-per-origin.
2) What's the origin's site? Necessary for the new Wrap() algorithm.
3) Has any realm in the compartment set document.domain? Necessary for the new Wrap() algorithm.

Differential Revision: https://phabricator.services.mozilla.com/D5423

--HG--
extra : moz-landing-system : lando
2018-09-11 09:01:14 +00:00
Jan de Mooij
9a0c648a30 Bug 1489196 - Don't call SetDomain in ContentPrincipal::Read. r=bholley
This fixes two issues:

1) We no longer SetHasExplicitDomain() when the domain is null.
2) We avoid the unnecessary (because new principal) wrapper recomputation.

Differential Revision: https://phabricator.services.mozilla.com/D5160

--HG--
extra : moz-landing-system : lando
2018-09-06 16:40:56 +00:00
Nika Layzell
933f7fe4d4 Bug 1485177 - Add |siteOrigin| information to nsIPrincipal r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-05 03:22:16 +00:00
Tiberius Oros
2fe7330f2d Backed out changeset 33c7b0ea5caa (bug 1485177) for assertion failure at builds/worker/workspace/build/src/caps/ContentPrincipal.cpp on a CLOSED TREE 2018-09-01 05:06:55 +03:00
Nika Layzell
452350d97c Bug 1485177 - Add |siteOrigin| information to nsIPrincipal, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-01 00:52:00 +00:00
Timothy Guan-tin Chien
bfd7aeb85d Bug 1431255 - Part III, Create per-origin sandboxes from XPCJSRuntime and load UA widgets scripts r=bholley,jaws,sfink
This patch creates the basic structure on how the widget scripts can be loaded
and be pointed to the Shadow Root, from the UAWidgetsChild.jsm.

The UAWidgetsClass class asks for a sandbox from Cu.getUAWidgetScope(), which
calls into XPCJSRuntime::GetUAWidgetScope(). It creates and keeps the
sandboxes, in a GCHashMap keyed to the origin, so we could reuse it if needed.

MozReview-Commit-ID: J6W4PDQWMcN

--HG--
extra : rebase_source : a62b0a22195f09cdb508df72c954e20d18c7bf68
2018-06-27 11:34:07 -07:00
Boris Zbarsky
754087a992 Bug 1446940 part 5. Stop getting docshells from windows via getInterface in dom/editor/etc code. r=kmag 2018-08-01 13:07:11 -04:00
Jorg K
ba1be252a0 Bug 1478441 - Introduce nsIURIWithSpecialOrigin needed for Thunderbird. r=baku 2018-07-31 11:27:00 +03:00
Boris Zbarsky
75abc43e0d Bug 1476145 part 8. Stop using getInterface(nsIDOMWindowUtils) in various test code. r=kmag 2018-07-24 19:47:43 -04:00
Andrea Marchesini
f6768a8ff6 Bug 1228139 - Remove nsIURIWithPrincipal - part 3 - main part, r=bz
nsIURIWithPrincipal is currently used to retrieve the nsIPrincipal from a
BlobURL object.  BlobURLProtocolHandler has a hashtable containing, for each
blobURL, a BlobImpl and its nsIPrincipal. This patch introduces
BlobURLProtocolHandler::GetBlobURLPrincipal() that retrieves the nsIPrincipal
from this hashtable.

This patch fixes also a bug in how the revocation of blobURLs is broadcasted to
other processes. This should be done immediately because each process creates
its own timer to revoke them after 5 seconds.

An important change is related to NS_SecurityCompareURIs() where, if 1 (or
both) of the 2 URIs to compare, is a revoked BlobURL, we will QI its URL to
nsIStandardURL and fail out at that point.
2018-07-24 22:15:57 +02:00
Andrea Marchesini
212fc6788b Bug 1228139 - Remove nsIURIWithPrincipal - part 1 - Use of NullPrincipal when nsIURIWithPrincipal.getPrincipal() returns a nullptr, r=bz 2018-07-24 22:15:17 +02:00
Valentin Gosu
7937c7c4cc Bug 1476928 - Remove nsIURI.CloneIgnoringRef and nsIURI.CloneWithNewRef r=JuniorHsu
The patch introduces NS_GetURIWithNewRef and NS_GetURIWithNewRef which perform the same function.

Differential Revision: https://phabricator.services.mozilla.com/D2239

--HG--
extra : moz-landing-system : lando
2018-07-23 11:28:47 +00:00
Andrea Marchesini
4e97b69ebf Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 3 - ContentPrincipal, r=ckerschb 2018-07-17 21:38:48 +02:00
Andrea Marchesini
58f78c6f5d Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 2 - SystemPrincipal, r=ckerschb 2018-07-17 21:38:19 +02:00
Andrea Marchesini
a053cf1c15 Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 1 - NullPrincipal, r=ckerschb 2018-07-17 21:37:48 +02:00
Kris Maglione
caa1a1228b Bug 1473631: Part 10 - Replace pref observers with callbacks in ScriptSecurityManager. r=njn
MozReview-Commit-ID: COEgATfeEj

--HG--
extra : rebase_source : 8cdd70210041b0140ef951b3899dc324e0a9d74c
2018-07-05 14:53:14 -07:00
Bogdan Tara
a8850882a7 Merge autoland to mozilla-central. a=merge 2018-07-17 00:58:15 +03:00
Andrea Marchesini
ceea0172b0 Bug 1473587 - CSP Violation events should have the correct sample for inline contexts, r=jorendorff, r=ckerschb 2018-07-16 17:58:04 +02:00
Tim Huang
c0118a2d73 Bug 1473247 - Part 1: Fixing the issue that the IP addresses won't be set for first party domains. r=arthuredelstein,baku
Right now, the firstPartyDomain won't be set when using IP addresses as
first party domains. It is because of that the TLD service won't accept
IP addresses as valid hosts. The patch fixes this problem by detecting
that if the host is a IP address. If it is, we will still set the
firstPartyDoamin with the IP address.

Differential Revision: https://phabricator.services.mozilla.com/D1977

--HG--
extra : moz-landing-system : lando
2018-07-13 19:53:15 +00:00
Olli Pettay
de99e4460b Bug 1439153 - Make WebExtensions work with Shadow DOM/WebComponents, r=kmag
--HG--
extra : rebase_source : 83638cba42eea1523d32d06a2eb14df20cbab404
2018-07-14 05:26:15 +03:00
imjching
0c7582c716 Bug 1416066 - Enable caching for scripts with codebase URLs of about:home, about:newtab, and about:welcome. r=kmag
MozReview-Commit-ID: HC3cNVxWLe6

--HG--
extra : rebase_source : eab95e34618bf1ac856b44db89800b615c6503b8
2018-07-03 21:24:52 -04:00
Andrea Marchesini
5fff1762ad Bug 1418236 - Correct EventTarget for CSP violation events, r=ckerschb 2018-07-10 17:40:21 +02:00
Andrea Marchesini
14d462eeb3 Bug 1418246 - Return valid columnNumber value in CSP violation events, r=ckerschb 2018-07-05 08:21:04 +02:00
Tim Huang
f5dcf5b4b6 Bug 1470156 - Part 2: Fixing the crashing problem when using an invalid character in a firstPartyDomain. r=baku
This patch adds a sanitization of firstPartyDomain when calling the
OriginAttributes::CreateSuffix() and remove the release assert there.
The cookies API for the web extension can use a arbitrary string for the
firstPartyDomain. So, we should sanitize the firstPartyDomain before
we creating a suffix. The release assert is not required anymore since
the firstPartyDomain is sanitized

Depends on D1845.

Differential Revision: https://phabricator.services.mozilla.com/D1856

--HG--
extra : moz-landing-system : lando
2018-07-03 13:47:45 +00:00
Kris Maglione
26c59776be Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : source : d28d3a80e781ae10cbc97775415827ec93193c56
2018-06-26 00:19:46 -07:00
shindli
13098ab1ef Backed out 3 changesets (bug 1470023, bug 1469719, bug 1470965) for | toolkit/components/perfmonitoring/tests/browser/browser_compartments.js on a CLOSED TREE
Backed out changeset bab121b4dd84 (bug 1469719)
Backed out changeset d28d3a80e781 (bug 1470965)
Backed out changeset 1adc0372343e (bug 1470023)
2018-06-26 22:57:54 +03:00
Kris Maglione
ab6b58eddf Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : rebase_source : e2caed633f39896df6c065abcb18791b582d8f59
2018-06-26 00:19:46 -07:00
Valentin Gosu
a8e3a8c349 Bug 1448330 - Make nsIURI.clone a private method r=mayhemer
MozReview-Commit-ID: 1efpeaEPaXP

--HG--
extra : rebase_source : e660f1e5bcae9b7119bc5b37713691069272b375
2018-06-14 13:05:43 +02:00
Joel Maher
50b91c0a14 Bug 1405428 - skip-if = verify on mochitests which do not pass test-verify. r=gbrown 2018-06-10 05:01:47 -04:00