Christoph Kerschbaumer
3739c23b85
Bug 1439713 - Add flag to loadinfo for skipping certain security policy checks. r=bz
2018-03-29 11:14:35 +02:00
Jonathan Kingston
10ebc30d5d
Bug 1440701 - Adding in telemetry for upgrading display content. r=ckerschb,valentin
...
MozReview-Commit-ID: 7oEIith4Ehv
--HG--
extra : rebase_source : 454d56277aa5dc08bf8cfd7cd9c1e24d31014838
2018-03-04 14:33:33 +00:00
Honza Bambas
8aaa7351b0
Bug 1438935 - Serialize selected LoadInfo properties from HTTPChannelParent to HTTPChannelChild through OnStartRequest and Redirect1Begin, r=asuth
...
--HG--
extra : rebase_source : 6d93112fbd0bcd9562094a05c70cb02e0c3bb4b9
2018-03-06 08:07:00 +02:00
Gurzau Raul
2a77281049
Merge mozilla-central to autoland. a=merge CLOSED TREE
2018-02-21 19:30:44 +02:00
Christoph Kerschbaumer
a6c1ffb498
Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer
2018-02-18 19:52:52 +01:00
Jonathan Kingston
8afc412494
Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer
...
MozReview-Commit-ID: ETIgVF3zhRu
--HG--
extra : rebase_source : e4c59f50584158f4b31527347b10424b56692fa1
2018-02-05 15:37:27 +00:00
Christoph Kerschbaumer
494f074b53
Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=smaug
...
--HG--
extra : source : 27527f95cccca4927d4fee56b0dab9af11c5733f
extra : intermediate-source : 2fa11c525da3d0c7ca58a593241c1902f2849528
2018-02-01 14:07:01 +01:00
Sebastian Hengst
a6cab8c4e8
Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js
...
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer
8c6aa97797
Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=smaug
...
--HG--
extra : source : 27527f95cccca4927d4fee56b0dab9af11c5733f
2018-02-01 14:07:01 +01:00
Andrea Marchesini
c6da271117
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
...
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
2018-01-24 17:17:31 +01:00
Brindusan Cristian
368c3d5b6b
Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE
...
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
2018-01-24 20:47:48 +02:00
Andrea Marchesini
6480b95ba3
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
2018-01-24 17:17:31 +01:00
Ben Kelly
322046c942
Bug 1231211 P12 Allow the ClientInfo and ServiceWorkerDescriptor to be passed to NS_NewChannel() for principal based loads. r=valentin
2018-01-23 10:38:54 -05:00
Ben Kelly
9225189e3a
Bug 1231211 P3 Serialize LoadInfo's mClientInfo, mReservedClientInfo, and mReservedClientInfo members across IPC. r=valentin
2018-01-23 10:38:52 -05:00
Ben Kelly
8e535f8460
Bug 1231211 P2 Pass the controller ServiceWorkerDescriptor on the channel LoadInfo and back in PHttpChannel's OnStartRequest message. r=valentin
2018-01-23 10:38:52 -05:00
Ben Kelly
8d4bfc7c66
Bug 1231211 P1 Allow docshell reload state to be set on LoadInfo. r=valentin
2018-01-23 10:38:51 -05:00
Ciure Andrei
f7400ad72e
Merge inbound to mozilla-central r=merge a=merge
2018-01-11 11:54:56 +02:00
Kate McKinley
e97980a95e
Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb
...
This patch removes support and tests for HSTS priming from the tree.
2018-01-10 11:07:00 -05:00
Andrew Swan
63c732760f
Bug 1396399
- Clarify rules for applying activeTab permission to content scripts. r=kmag, r=bz
...
MozReview-Commit-ID: 9xPDX8Qk2iR
2017-11-04 21:06:20 -07:00
Tom Tung
c24bbe2dc8
Bug 1222008 - P7: Freeze the tainting if a service worker responds with a synthesize response. r=bkelly
...
--HG--
extra : rebase_source : ef1d3b00654e57ae7b173eb39e4a574af566c769
2017-11-03 15:37:35 +08:00
Ben Kelly
156cd8dec2
Bug 1418007 P1 Allow the reserved/initial/source client data and service worker to be marked on LoadInfo. r=baku r=valentin
2017-11-16 13:15:09 -05:00
Christoph Kerschbaumer
6584da597b
Bug 1407891: Allow view-image to open a data: URI by setting a flag on the loadinfo. r=bz
2017-11-08 20:01:41 +01:00
Christoph Kerschbaumer
3d0a1f002e
Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug
2017-11-03 13:23:11 +01:00
evilpies@gmail.com
06beef32ba
Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz,mystor
...
MozReview-Commit-ID: 1IMi5MqTx7o
--HG--
extra : rebase_source : 373f1928987718fe3bc22306e0dd3ae13fc0cd9f
2017-10-10 09:54:00 -07:00
Wes Kocher
7c7aca4ea6
Backed out 2 changesets (bug 1305237) for crashtest failures in 403574-1.xhtml and 1282985-1.svg a=backout
...
Backed out changeset 96b5d596cc27 (bug 1305237)
Backed out changeset 5fe72402746f (bug 1305237)
MozReview-Commit-ID: CjCWY73Hps1
--HG--
extra : rebase_source : 7a9f0893dabdb0cb6ea79cc9cb7169ceed14616f
2017-10-02 16:41:56 -07:00
evilpies@gmail.com
af192f668f
Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz
...
MozReview-Commit-ID: ADVtxjSQjk5
--HG--
extra : rebase_source : 6e0ddf49328d7ae71937b7bbe5e5bea736c49bef
2017-10-02 11:05:33 -07:00
Wes Kocher
6b7e085c86
Backed out 2 changesets (bug 1305237) for bc failures in browser_WebRequest_ancestors.js a=backout
...
Backed out changeset 163a2b0bb0a0 (bug 1305237)
Backed out changeset e05bab140564 (bug 1305237)
MozReview-Commit-ID: GLlbWYZqyVS
2017-10-02 13:35:03 -07:00
evilpies@gmail.com
8d8e27a06f
Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz
...
MozReview-Commit-ID: ADVtxjSQjk5
--HG--
extra : rebase_source : 6e0ddf49328d7ae71937b7bbe5e5bea736c49bef
2017-10-02 11:05:33 -07:00
Ryan VanderMeulen
2ccfaf0697
Backed out changesets d0d30a90efa1 and fd1d81b93380 (bug 1305237) for causing bug 1403932.
2017-09-28 17:55:43 -04:00
evilpies@gmail.com
95cfc510a9
Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz
...
MozReview-Commit-ID: JdOjc7Ihhv
--HG--
extra : rebase_source : 82ac220ad4cb39536014d5732b4731f0889dafa6
2017-09-25 12:12:47 -07:00
Kris Maglione
c79059605f
Bug 1396856: Part 2 - Add top outer window ID to LoadInfo. r=ehsan
...
The WebRequest API needs to know if a given window ID is at the top level, for
various reasons. It currently figures this out by mapping a channel's load
context to a <browser> element, which tracks its current top outer window ID.
But this is inefficient, and not friendly to C++ callers.
Adding the top window ID to the load info simplifies things considerably.
MozReview-Commit-ID: Fy0gxTqQZMZ
--HG--
extra : rebase_source : bb5b1e1b3294004ca5e713fc88c4e20652296e53
2017-09-06 14:25:23 -07:00
Christoph Kerschbaumer
1b8c06e845
Bug 1331740: Pass correct context for TYPE_DOCUMENT loads within docshell. r=smaug
2017-09-05 18:01:07 +02:00
Honza Bambas
9e38f7b8fc
Bug 1319111 - Expose 'result principal URI' on LoadInfo as a source for NS_GetFinalChannelURI (removes some use of LOAD_REPLACE flag). r=bz, r=mikedeboer
...
--HG--
extra : rebase_source : c9690f4b8decd39a10da676bd50ec09cb2ad8892
2017-05-30 18:07:59 +02:00
Kate McKinley
37a7ace256
Bug 1359987 - Update HSTS priming telemetry r=ckerschb,francois,mayhemer p=francois
...
Collect telemetry for all requests to get an exact percentage of
requests that are subject to HSTS priming, and how many result in an
HSTS Priming request being sent. Clean up telemetry to remove instances
of double counting requests if a priming request was sent.
HSTSPrimingListener::ReportTiming was using mCallback to calculate
timing telemetry, but we were calling swap() on the nsCOMPtr. Give it an
explicit argument for the callback.
Add tests for telemetry values to all of the HSTS priming tests. This
tests for the minimum as telemetry may be gathered on background or
other requests.
MozReview-Commit-ID: 5V2Nf0Ugc3r
--HG--
extra : rebase_source : daa357219a77d912a78b95a703430f39d884c6ab
2017-05-09 15:36:07 -07:00
Ben Kelly
362a5e853d
Bug 1369862 P1 Expose LoadInfo::SynthesizeServiceWorkerTainting(). r=ckerschb
2017-06-07 08:34:51 -07:00
Ben Kelly
88167e3b71
Backout 78533a4ef62e to 4fe11fc40572 (bug 1369862) for incorrect bug number on P1 r=me
2017-06-07 08:32:23 -07:00
Ben Kelly
c405b96cf8
Bug 1368962 P1 Expose LoadInfo::SynthesizeServiceWorkerTainting(). r=ckerschb
2017-06-07 08:14:57 -07:00
Thomas Nguyen
4fcb94e968
Bug 1351146 - P1 - Add more information to redirect chains. r=dragana
...
In order to provide more details context of how client arrived at the unsafe
page, particularly in redirect case, we may have to add more information to
redirect chains including:
- referrer (if any)
- remote address.
- URL
We may want to use an idl interface instead of nsIPrincipal to store these
information
MozReview-Commit-ID: 3Uh4r06w60C
2017-05-25 19:42:00 +02:00
Honza Bambas
b852ed009a
Backout of 7f28c1084c47 (bug 1319111) for security checks breakage, r=me
2017-05-25 18:16:02 +02:00
Honza Bambas
2dfe5d94b8
Bug 1319111 - Expose 'result principal URI' on LoadInfo as a source for NS_GetFinalChannelURI (removes some use of LOAD_REPLACE flag). r=bz
2017-05-23 08:09:00 -04:00
Honza Bambas
d6d727a69e
backout of f9abb9c83452 (bug 1319111) for crashes, r=bz
2017-05-13 13:55:11 +02:00
Wes Kocher
0a1e1fe23b
Backed out changeset 95ff98f1c2e5 (bug 1319111) for talos failures a=backout
...
MozReview-Commit-ID: Gs09moFm5rQ
2017-05-12 18:24:42 -07:00
Honza Bambas
70f62bdec1
backout of f9abb9c83452 (bug 1319111) for crashes, r=bz
2017-05-12 22:13:49 +02:00
Honza Bambas
a1b64b4694
Bug 1319111 - Expose URI to make security check against on LoadInfo (no LOAD_REPLACE flag). r=bz
2017-01-27 19:10:01 +01:00
Ehsan Akhgari
d9f2b1af97
Bug 1149127 - Stop exporting LoadInfo unnecessarily; r=ckerschb
2017-02-06 13:07:46 -05:00
Ehsan Akhgari
b62bca9af3
Bug 1335526 - Ensure that sandboxed channel's result principal is unique; r=bzbarsky
2017-02-01 13:47:26 -05:00
Sebastian Hengst
53d59b106f
Backed out changeset a273aee1be72 (bug 1335526) for bustage. r=backout
2017-02-01 17:41:29 +01:00
Ehsan Akhgari
9b36bf10cd
Bug 1335526 - Ensure that sandboxed channel's result principal is unique; r=bzbarsky
2017-02-01 11:24:49 -05:00
Christoph Kerschbaumer
7578c6e2b5
Bug 1271173 - Upgrade-insecure-requests for navigational requests. r=smaug,freddyb
2017-01-23 15:29:44 +01:00
Andrea Marchesini
359ae91eac
Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby
2017-01-12 17:38:48 +01:00