Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 07:15:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
614,803 Commits 615 Branches 98 Tags 5.9 GiB
fc396c9967
Commit Graph

893 Commits

Author SHA1 Message Date
Gijs Kruitbosch
f6a05ddbd5 Bug 1427726 - remove support for remote JAR files, r=michal 
MozReview-Commit-ID: H7aaTmj3FI1

--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 30a8e937840bbfed5fe7e66202a5d2893b19c037
 2018-02-07 13:54:39 +00:00
Andreea Pavel
f9b34d3781 Backed out 5 changesets (bug 1427726) for failing linux asan at modules/libjar/test/unit/test_bug407303.js on a CLOSED TREE 
Backed out changeset ee9abd6f1ba5 (bug 1427726)
Backed out changeset b1b76f9dff73 (bug 1427726)
Backed out changeset f41cf7811770 (bug 1427726)
Backed out changeset cb35e7b10235 (bug 1427726)
Backed out changeset 753ece6c9f1b (bug 1427726)

--HG--
rename : modules/libjar/test/mochitest/bug1173171.zip => modules/libjar/test/mochitest/bug403331.zip
rename : modules/libjar/test/mochitest/bug1173171.zip^headers^ => modules/libjar/test/mochitest/bug403331.zip^headers^
 2018-04-11 12:46:20 +03:00
Gijs Kruitbosch
1f5038413e Bug 1427726 - remove support for remote JAR files, r=michal 
MozReview-Commit-ID: H7aaTmj3FI1

--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 0fbe2ed07a3ccdb3693973e966e1ea3e43dd1623
 2018-02-07 13:54:39 +00:00
Tom Schuster
b0dadb57b5 Bug 1452701 - Add pref to allow FTP subresources. r=ckerschb 
--HG--
extra : rebase_source : 571060a866cc46ab253b0718d33dcbbd0f7e0a87
 2018-04-09 21:07:01 +02:00
Christoph Kerschbaumer
1c93e06911 Bug 1286861: Add tests for same site top-level. r=mgoodwin 2018-04-08 19:53:08 +02:00
Christoph Kerschbaumer
fc9d4babcc Bug 1286861: Add tests for same site subrequests. r=mgoodwin 2018-04-08 19:52:49 +02:00
Tom Schuster
b12501054b Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb 
--HG--
extra : rebase_source : 642ba0d40d6b1d2e7ef85fdc52dffa72b5a24f5b
extra : histedit_source : 117afa5310977211fd18007e5ed7d2991a8b8837
 2018-04-06 00:27:02 +02:00
Boris Zbarsky
4292bca4ee Bug 1449631 part 6. Remove nsIDOMEventTarget::DispatchEvent. r=smaug 
MozReview-Commit-ID: 8YMgmMwZkAL
 2018-04-05 13:42:41 -04:00
Tom Schuster
f2161b8a15 Bug 1404744 - Simple sub-resource only test. r=ckerschb 
--HG--
extra : rebase_source : b9f35ec37ae00eb4c3a8d3fbcb3eb0e488351527
 2018-04-01 20:07:06 +02:00
Tom Schuster
8e3324212f Bug 1404744 - Block loading FTP as a subresource everywhere. r=ckerschb 
--HG--
extra : rebase_source : 479f1b7f55c3133c7f46c1a343a394fef15e9f59
 2018-03-26 21:05:08 +02:00
Jonathan Kingston
27171aed4f Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb 
MozReview-Commit-ID: 6bMAVJl9RTG

--HG--
extra : rebase_source : e2cceb777ac659f7fd1a84f6d8408dc7e7179a35
 2018-03-08 16:23:03 -08:00
Dave Townsend
e2dffad4ac Bug 1448500: Add speculative request content policy type. r=bz, r=kmag 
Adds a new TYPE_SPECULATIVE to nsIContentPolicy uses it as the type for
speculative connection channels from the IO service. I believe I've added it to
all the content policies in tree to make sure it behaves the same as TYPE_OTHER
used to.

The webextension test shows that the webextension proxy API sees speculative
lookups requested through the IO service.

MozReview-Commit-ID: DQ4Kq0xdUOD

--HG--
extra : rebase_source : d9460fdac118bc68f0db79749a16f181b580f2e7
 2018-03-23 15:27:08 -07:00
Emilio Cobos Álvarez
109ffb9beb Bug 1420680: Remove the mechanism to buffer CSP violations. r=bz 
With the previous patch it's unused.

MozReview-Commit-ID: 4EKufeNu0Jz
 2018-04-03 16:22:51 +02:00
vinoth
c6574d2c99 Bug 1400487 - Move img src declaration after onload and onerror declaration in file_meta_element.html. r=ckerschb 2018-03-29 15:22:53 -04:00
Christoph Kerschbaumer
4197b7d96d Bug 1439713 - Update tests relying on nsIContentPolicy. r=bz 2018-03-29 11:14:58 +02:00
Christoph Kerschbaumer
a929955d1f Bug 1439713 - Change nsIContentPolicy shouldLoad to take an <uri, loadInfo> pair instead of the various args. r=bz 2018-03-29 12:16:23 +02:00
Bogdan Tara
302a55b534 Merge inbound to mozilla-central. a=merge 2018-03-27 12:12:57 +03:00
Henri Sivonen
eaa2f6b46b Bug 1395114 - Remove nsIUnicharStreamLoader. r=emilio,michal 
MozReview-Commit-ID: ECKNnJt80oK

--HG--
extra : rebase_source : 6f09937e0648c65d035dfb4935d6e9a06d0223df
 2018-03-26 12:45:31 +03:00
Vinothkumar Nagasayanan
42549de27c Bug 1440582 - Add CSP test with default-src 'none' that uses window.open() r=ckerschb 
--HG--
extra : amend_source : 1d5a5367f7eabaa06fb7a75216eaca892be1b1e7
 2018-03-26 18:33:43 +03:00
vinoth
24cafeec62 Bug 1416045. r=mayhemer CLOSED TREE 
Reviewers: mayhemer

Reviewed By: mayhemer

Subscribers: freddyb, dveditz, mayhemer, ckerschb, vinoth

Tags: PHID-PROJ-wkydohdk6pajyfn2llkb

Bug #: 1416045

Differential Revision: https://phabricator.services.mozilla.com/D675

--HG--
extra : rebase_source : 65fb235d787b6955da1433ea2ffd56082cab0b30
extra : amend_source : affac492394597daf9b3294d4aca2f61bc27fc73
 2018-03-22 21:02:16 +02:00
vinoth
c28a0c2d53 Bug 1414541 - Intermittent failure fixed for toplevel data: URI. r=ckerschb 2018-03-21 17:18:00 -04:00
vinoth
28c7245f64 Bug 1391823 - Don't run |finish() called multiple times| for dom/security/test/mixedcontentblocker/test_frameNavigation.html. r=ckerschb 
Reviewers: ckerschb

Reviewed By: ckerschb

Subscribers: ckerschb

Bug #: 1391823

Differential Revision: https://phabricator.services.mozilla.com/D562

--HG--
extra : rebase_source : 0ff9fc78d2ca00c2c347f14167de34e31ded1967
extra : amend_source : f2a350607bb0645e3140b51cc57353a50f7c2261
 2018-03-19 12:00:55 +02:00
Tooru Fujisawa
1adba8c1fc Bug 1442465 - Part 4.2: Stop unnecessarily awaiting on BrowserTestUtils.removeTab (simple part). r=dao 2018-03-19 11:16:45 +09:00
Jonathan Kingston
10ebc30d5d Bug 1440701 - Adding in telemetry for upgrading display content. r=ckerschb,valentin 
MozReview-Commit-ID: 7oEIith4Ehv

--HG--
extra : rebase_source : 454d56277aa5dc08bf8cfd7cd9c1e24d31014838
 2018-03-04 14:33:33 +00:00
Andrea Marchesini
5784769019 Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug 2018-03-13 06:40:38 +01:00
Cristian Brindusan
aebd2b4f26 Bug 1391823 - Disable dom/security/test/mixedcontentblocker/test_frameNavigation.html for frequent failures. r=jmaher 2018-03-03 05:16:00 +02:00
Sebastian Hengst
118e03a936 merge mozilla-central to mozilla-inbound 2018-03-01 20:32:20 +02:00
Tiberius Oros
61d400da1c Merge inbound to mozilla-central. a=merge 2018-03-01 19:29:00 +02:00
Georg Koppen
f58841a715 Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE 2018-03-01 10:13:22 +01:00
Georg Koppen
dd4fb3ba9f Bug 1382359: Treat .onion as a secure context 
Websites which collect passwords but don't use HTTPS start showing scary
warnings from Firefox 51 onwards and mixed context blocking has been
available even longer.

.onion sites without HTTPS support are affected as well, although their
traffic is encrypted and authenticated. This patch addresses this
shortcoming by making sure .onion sites are treated as potentially
trustworthy origins.

The secure context specification
(https://w3c.github.io/webappsec-secure-contexts/) is pretty much focused
on tying security and trustworthiness to the protocol over which domains
are accessed. However, it is not obvious why .onion sites should not be
treated as potentially trustworthy given:

"A potentially trustworthy origin is one which a user agent can
generally trust as delivering data securely.

This algorithms [sic] considers certain hosts, scheme, and origins as
potentially trustworthy, even though they might not be authenticated and
encrypted in the traditional sense."
(https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy)

We use step 8 in the algorithm to establish trustworthiness of .onion
sites by whitelisting them given the encrypted and authenticated nature
of their traffic.
 2018-03-01 09:44:30 +01:00
Adam Kasztenny
fc42b2fa73 Bug 1355166 - Remove remote newtab's dead code. r=ursula 2018-02-28 16:44:00 +02:00
Nicolas Chevobbe
8ea55ce28a Bug 1382606 - Switch webconsole to new event-emitter; r=Honza. 
MozReview-Commit-ID: HBogPeOI7WM

--HG--
extra : rebase_source : 4ad1fb922ffc818d175ae3c09820ce31ba416487
 2018-02-23 09:10:36 +01:00
Florian Quèze
c714053d73 Bug 1433175 - scripted patch to replace Components.classes[, Components.interfaces.nsI, Components.utils. and Components.results. with Cc, Ci, Cu and Cr, r=Mossop. 2018-02-28 18:51:33 +01:00
Valentin Gosu
84b854ce2c Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer 
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.

MozReview-Commit-ID: 3cK5HeyzjFE

--HG--
extra : rebase_source : f34400c11245d88648b0ae9c196637628afa9517
 2018-02-26 20:43:46 +01:00
Christoph Kerschbaumer
e8f5150467 Bug 1439444: resource and chrome images and styles should not be subject to CSP. r=gijs 2018-03-01 13:45:04 +01:00
Jonathan Kingston
eab7568bd9 Bug 1441794 - Add deprecation warning to passive OBJECT_SUBREQUEST loads. r=ckerschb 
MozReview-Commit-ID: 3j2t5FDZFmp

--HG--
extra : rebase_source : f18623e42ba4fd54335d26536e4d40deab15c584
 2018-02-28 13:56:35 +00:00
Gurzau Raul
2a77281049 Merge mozilla-central to autoland. a=merge CLOSED TREE 2018-02-21 19:30:44 +02:00
Christoph Kerschbaumer
a6c1ffb498 Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer 2018-02-18 19:52:52 +01:00
Jonathan Kingston
8afc412494 Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer 
MozReview-Commit-ID: ETIgVF3zhRu

--HG--
extra : rebase_source : e4c59f50584158f4b31527347b10424b56692fa1
 2018-02-05 15:37:27 +00:00
Christoph Kerschbaumer
1407489a4b Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
extra : intermediate-source : 91c948c94506089d6f40dc59d13c75ab78ce914d
 2018-01-25 14:20:31 +01:00
Sebastian Hengst
a6cab8c4e8 Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js 
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
 2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer
6575d66c41 Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
 2018-01-25 14:20:31 +01:00
Andrew McCreight
b7bb86d0d4 Bug 1436184 - Remove definitions of Ci, Cr, Cc, and Cu from httpd.js and .sjs files. r=florian 
MozReview-Commit-ID: IKKb9zr2OSf

--HG--
extra : rebase_source : 72d949405c18e6d421422e7865182352eee0c407
 2018-02-06 15:03:13 -08:00
Andrew McCreight
5dec0e0beb Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian 
This patch was autogenerated by my decomponents.py

It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.

It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.

It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)

MozReview-Commit-ID: DeSHcClQ7cG

--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b
 2018-02-06 09:36:57 -08:00
Florian Quèze
2b1c8dccb6 Bug 1339461 - script-generated patch to convert foo.indexOf(...) == -1 to foo.includes(), r=Mossop. 2018-02-01 20:45:22 +01:00
Kris Maglione
918ed6c474 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
extra : intermediate-source : 34c999fa006bffe8705cf50c54708aa21a962e62
extra : histedit_source : b2be2c5e5d226e6c347312456a6ae339c1e634b0
 2018-01-29 15:20:18 -08:00
Boris Zbarsky
7c392f077e Bug 1418085 part 6. Remove nsIDOMHTMLElement. r=mystor 
MozReview-Commit-ID: 5QUyFeAQYZQ
 2018-01-30 00:25:36 -05:00
Boris Zbarsky
9da3878bc9 Bug 1418076 part 11. Eliminate the nsIDOMHTMLDocument interface. r=mystor 
MozReview-Commit-ID: 4lEcUeenbg3
 2018-01-26 01:03:25 -05:00
Cosmin Sabou
9a65a40178 Backed out 3 changesets (bug 1431533) for Android mochitest failures on testEventDispatcher on a CLOSED TREE 
Backed out changeset a1eca62826a1 (bug 1431533)
Backed out changeset 34c999fa006b (bug 1431533)
Backed out changeset e2674287e57f (bug 1431533)
 2018-01-30 07:17:48 +02:00
Boris Zbarsky
e565b1fe1b Bug 1432944 part 11. Remove nsIDOMElement::GetAttribute. r=mccr8 
MozReview-Commit-ID: 2f1vFvRdCPG
 2018-01-29 23:28:00 -05:00
Boris Zbarsky
f60fd673d6 Bug 1432186 part 19. Remove the nsIDOMNode::*_NODE constants. r=mccr8 
MozReview-Commit-ID: KvKjeKIOB9K
 2018-01-29 23:10:53 -05:00
Kris Maglione
6476f95b13 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
 2018-01-29 15:20:18 -08:00
Brindusan Cristian
af8879d1eb Backed out 2 changesets (bug 1431533) for ESlint failures on a CLOSED TREE 
Backed out changeset 6e56f4c8843e (bug 1431533)
Backed out changeset 12fc4dee861c (bug 1431533)
 2018-01-30 02:32:43 +02:00
Kris Maglione
c276bb9375 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : rebase_source : c004a023389f1f6bf3d2f3efe93c13d423b23ccd
 2018-01-29 15:20:18 -08:00
vinoth
7b23ba9165 Bug 1397740 - Removed security.xcto_nosniff_block_images from about:config r=ckerschb,fkiefer 
MozReview-Commit-ID: HTalMWq694W

--HG--
extra : rebase_source : 0ce03ae0ed6bb754791f7aadb52bc6c55aa6c7cd
 2018-01-05 10:43:17 +01:00
vinoth
9d7a2186b4 Bug 1370468 - frame-ancestor tests added for userpass r=ckerschb,fkiefer 
MozReview-Commit-ID: 4wW24JnxaKh

--HG--
extra : rebase_source : b926ea06208c1fbd91fe1a9fdee100f8cb21e8d1
 2017-08-30 15:58:20 +02:00
Andrea Marchesini
c6da271117 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug 
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
 2018-01-24 17:17:31 +01:00
Kris Maglione
aec63e140c Backed out 3 changesets (bug 1431533) for Android mochitest bustage. CLOSED TREE 
MozReview-Commit-ID: 5ubE9EMQpZ9

--HG--
extra : histedit_source : df68d7595925c07d9d6e8bacc2c46e69556f479a%2C72b768b9825e20ede6603ead75f871c50dc041f7
 2018-01-24 22:04:59 -08:00
Kris Maglione
30b3a49bfd Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
MozReview-Commit-ID: 8V1ZT53ReiP

--HG--
extra : rebase_source : 12b5f8c3e125111db7382eb3d7d20a99fb2c35b3
extra : absorb_source : e99fa7f6eee02e7e6cadeb898c7fcf6dac9c902a
extra : histedit_source : d0dfc31fadc2b81d341c9d0cd1efec02923c003b
 2018-01-24 15:48:47 -08:00
Brindusan Cristian
368c3d5b6b Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE 
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
 2018-01-24 20:47:48 +02:00
Andrea Marchesini
6480b95ba3 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug 2018-01-24 17:17:31 +01:00
Christoph Kerschbaumer
16dba8baf1 Bug 1432137 - Add test to verify insecure redirects to data: URIs are blocked for script modules. r=jonco 2018-01-23 14:04:21 +01:00
Christoph Kerschbaumer
d8e2caf90a Bug 1428793: Test block insecure redirects to data: URIs. r=smaug 2018-01-23 09:58:06 +01:00
Christoph Kerschbaumer
47e37d6df2 Bug 1428793: Block insecure redirects to data: URIs. r=smaug 2018-01-23 09:57:47 +01:00
Chung-Sheng Fu
0319902c5b Bug 1418243 - Fix mochitest failures due to violationDirective change. r=ckerschb 
MozReview-Commit-ID: AphtAxYo6Hr

--HG--
extra : rebase_source : 24cd7773cb1f3583c524d142908f859ff5e88e8a
 2018-01-16 23:00:00 +02:00
Chung-Sheng Fu
d1124b72c7 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL

--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
 2018-01-16 22:59:00 +02:00
Andrea Marchesini
a1765c1a3c Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, r=ckerschb 2018-01-16 15:03:02 +01:00
Andreea Pavel
77efdcf21a Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge 
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
 2018-01-16 13:02:32 +02:00
Chung-Sheng Fu
eaddf31393 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL
 2018-01-15 23:30:00 +02:00
Chris Peterson
37efe4d0e6 Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj 
MozReview-Commit-ID: DCPTnyBooIe

--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
 2017-11-05 19:37:28 -08:00
Honza Bambas
c3f3b8d161 Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz 2018-01-11 10:57:00 +02:00
Gijs Kruitbosch
9d094a2464 Bug 1427302 - Stop supporting type=content-* on XUL <browser>s, r=bz 
Was: Backed out changeset 83fbff91e9d2 (bug 1328605).

MozReview-Commit-ID: 2itUgw8Ogkl

--HG--
extra : rebase_source : bad855f0292b28eb61b1549a1d96914a792c0fb6
 2018-01-10 19:37:29 +00:00
Kate McKinley
e97980a95e Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb 
This patch removes support and tests for HSTS priming from the tree.
 2018-01-10 11:07:00 -05:00
Ryan VanderMeulen
41dae4c2d2 Bug 1425968 - Skip HSTS browser-chrome tests because the feature is being removed and they depend on an expiring Telemetry probe. r=kmckinley 2018-01-03 16:46:35 -05:00
Jonathan Kingston
392a4bf408 Bug 725490 - Change XFO sameorigin to check all ancestors for same origin. r=smaug 
MozReview-Commit-ID: 5fPxGpcdVms

--HG--
extra : rebase_source : 48fb23e477a49c71e4f09735efd05dd02c46be8d
 2017-11-03 15:37:10 +00:00
Florian Quèze
032c961e0a Bug 1421992 - script-generated patch to replace do_check_* functions with their Assert.* equivalents, rs=Gijs. 2017-12-21 11:08:17 +01:00
Gijs Kruitbosch
ffc0ed12d2 Bug 1425363 - remove onWindowTitleChanged given that nobody uses it, r=bgrins 
MozReview-Commit-ID: ALslAwZo4K9

--HG--
extra : rebase_source : ca1add0015eea86128c0c5f209252ebb6a228998
 2017-12-14 21:55:44 -06:00
Kartikaya Gupta
4f18e92ffb Bug 1334189 - Enable mochitest-plain for linux64-qr. r=jrmuizel 
MozReview-Commit-ID: nbcWhDq5de

--HG--
extra : rebase_source : 25e2c2b8b996ae11cd25dee07d9092ba574a9e40
 2017-12-13 18:38:39 -05:00
Bill McCloskey
9f4d083047 Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap) 
MozReview-Commit-ID: 2nQPOSGTr1s
 2017-12-07 12:55:24 -08:00
Andreea Pavel
89531e8dc3 Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE 
Backed out changeset 0c01a98f4fd5 (bug 1412456)
Backed out changeset 27077db47231 (bug 1412456)
Backed out changeset f35ec2a884f8 (bug 1412456)
Backed out changeset 602b30ac3c69 (bug 1412456)
Backed out changeset b1ff1050c589 (bug 1412456)
Backed out changeset f100d953f9eb (bug 1412456)
Backed out changeset d85af60fe259 (bug 1412456)
Backed out changeset 736f38486832 (bug 1412456)
Backed out changeset 13a637602dc2 (bug 1412456)
 2017-12-07 12:20:21 +02:00
Bill McCloskey
bef7c122df Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap) 
MozReview-Commit-ID: 2nQPOSGTr1s
 2017-12-06 21:17:05 -08:00
Dorel Luca
eb65c24c7b Backed out 8 changesets (bug 1412456) for ESlint failure on browser_urlbarKeepStateAcrossTabSwitches.js:13:49 r=backout on a CLOSED TREE 
Backed out changeset 0e88de036c55 (bug 1412456)
Backed out changeset 49b93f807db0 (bug 1412456)
Backed out changeset 039e980b7dc6 (bug 1412456)
Backed out changeset c7698410ddbd (bug 1412456)
Backed out changeset e56a1ba26b7c (bug 1412456)
Backed out changeset 0c4506e124ac (bug 1412456)
Backed out changeset a7aec2ce903b (bug 1412456)
Backed out changeset 3e9fb71f1e8e (bug 1412456)
 2017-12-07 07:09:33 +02:00
Bill McCloskey
be77cf4a01 Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap) 
MozReview-Commit-ID: 2nQPOSGTr1s
 2017-12-06 20:46:58 -08:00
Gijs Kruitbosch
e77ee731e9 Bug 1222924 - stop allowing webpages to link to moz-icon: , r=mrbkap 
MozReview-Commit-ID: FKEDboWIfFQ

--HG--
extra : rebase_source : 801317b5746c6e84431c6a8f2097b83523646016
 2017-11-22 21:31:41 +00:00
Chung-Sheng Fu
63739feac3 Bug 1037335 - Add a pref to enable only within Nightly and Early Beta. r=ckerschb,smaug 
MozReview-Commit-ID: Bi82dHm53qX

--HG--
extra : rebase_source : 61a7c517afb2759d672a1c486213a73ef505a324
extra : amend_source : 572a2c8613fe36ae1ebd613a361bb23acc019912
 2017-11-29 16:55:00 +02:00
Chung-Sheng Fu
a3b493b9ca Bug 1037335 - Add a mochitest for security policy violation event. r=ckerschb 
MozReview-Commit-ID: 7l5jJFEtIaT

--HG--
extra : rebase_source : 49b6794482f0be79919b20226aa571d6ebe066de
 2017-11-29 16:54:00 +02:00
Chung-Sheng Fu
8dd7eb1b95 Bug 1037335 - Implement security policy violation event. r=ckerschb,smaug 
MozReview-Commit-ID: 4BYThUXduI4

--HG--
extra : rebase_source : 5d4a34c5e6bb7fd3774fafb1de72e761bce4591f
 2017-11-29 16:53:00 +02:00
arthur.iakab
513ba7660d Backed out changeset b3d1e9847a7a (bug 725490) for mochitest failures in dom/base/test/test_x-frame-options.html r=backout on a CLOSED TREE 2017-11-29 12:01:19 +02:00
Mark Banner
099e4fa549 Bug 1421458 - Add more initial configuration setup and prepare .eslintignore for enabling ESLint on more xpcshell-test directories. r=mossop 
MozReview-Commit-ID: 4nbTuNNnAdZ

--HG--
extra : rebase_source : 7131f0ddad79d28615a5799c657972bd84a69180
 2017-11-28 22:57:08 +00:00
Jonathan Kingston
6986c42dfa Bug 1190623 - Add a pref to consider object sub requests as active. r=tanvi, r=ckerschb 
MozReview-Commit-ID: Br2F89IfWng
 2017-11-11 01:15:06 +00:00
Jonathan Kingston
5565689b54 Bug 725490 - Change XFO sameorigin to check all ancestors for same origin. r=smaug 
MozReview-Commit-ID: 5fPxGpcdVms

--HG--
extra : rebase_source : f25e525c1e5f6cfe2c5002779fefe17263896d02
 2017-11-03 15:37:10 +00:00
Kris Maglione
326ce05075 Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r=ckerschb 
This is necessary for tests which need to verify that reports are being sent
for the correct inline sources, where the current sample size is not enough to
completely distinguish them.

MozReview-Commit-ID: 2k2vAhJhIsi

--HG--
extra : rebase_source : 268a53d1450be6666081bf5093aa170352b398e1
 2017-11-06 14:01:32 -08:00
Andrea Marchesini
e011d320e1 Bug 1398229 - Save-link-as feature should use the loading principal - part 4 - Comment updated, r=me 2017-11-19 08:53:47 +01:00
Ciure Andrei
92d28bd8f2 Merge inbound to mozilla-central r=merge a=merge 2017-11-17 11:59:03 +02:00
Andrea Marchesini
97baa05333 Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb, r=tanvi 2017-11-16 12:27:01 +01:00
Tom Ritter
59de60ae4b Bug 1407343 Silence multiple classes of warnings for the MinGW build, including not enabling format warnings unless -Wformat is set r=froydnj,glandium 
MozReview-Commit-ID: ALmo1hbqVxC

--HG--
extra : rebase_source : a68475b90372cd5679c37474fb6705b2a5d48ddf
 2017-11-16 12:36:33 -06:00
Sebastian Hengst
6c1d6be6fb Backed out 3 changesets (bug 1398229) for failing own browser-chrome browser/components/contextualidentity/test/browser/browser_saveLink.js. r=backout on a CLOSED TREE 
Backed out changeset 5b3b0a38b2d1 (bug 1398229)
Backed out changeset a726fc7506ca (bug 1398229)
Backed out changeset 53dae7764e58 (bug 1398229)
 2017-11-15 20:49:09 +02:00
Andrea Marchesini
11eefa61bb Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb 2017-11-15 18:16:29 +01:00
Christoph Kerschbaumer
c848c91be9 Bug 1415612: Allow all plain text types when navigating top-level data URIs. r=bz 2017-11-13 21:25:02 +01:00
Christoph Kerschbaumer
1ea20715d4 Bug 1407891: Test navigation for right-click view-image on data:image/svg. r=bz 2017-11-08 17:43:26 +01:00
Christoph Kerschbaumer
6584da597b Bug 1407891: Allow view-image to open a data: URI by setting a flag on the loadinfo. r=bz 2017-11-08 20:01:41 +01:00
Christoph Kerschbaumer
d5958a52e0 Bug 1403870: Test toplevel data URI navigation to application/json is allowed. r=smaug 2017-11-03 13:27:01 +01:00
Christoph Kerschbaumer
078474c979 Bug 1403870: Allow toplevel data URI navigation data:application/json. r=smaug 2017-11-03 13:26:28 +01:00
Christoph Kerschbaumer
3d0a1f002e Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug 2017-11-03 13:23:11 +01:00
Christoph Kerschbaumer
60bd93b916 Bug 1403814 - Update tests for toplevel data URI blocking because we know block after we have received the response. r=smaug 2017-11-03 13:22:57 +01:00
Christoph Kerschbaumer
8f13729a0f Bug 1403814: Test navigation to data:text/csv. r=smaug 2017-10-11 22:47:12 +02:00
Christoph Kerschbaumer
5703b12317 Bug 1302667 - CSP: Update test_child-src_worker.html because child-src falls back to script-src. r=dveditz,mckinley 2017-10-30 18:46:34 +01:00
Christoph Kerschbaumer
67c85139df Bug 1302667 - CSP: Test 'frame-src'. r=dveditz,mckinley 2017-10-30 18:46:19 +01:00
Christoph Kerschbaumer
d1b704d00d Bug 1302667 - CSP: Test 'worker-src'. r=dveditz,mckinley 2017-10-30 18:46:05 +01:00
Christoph Kerschbaumer
5d54a394cc Bug 1302667 - CSP: Add Parser test for 'worker-src'. r=dveditz,mckinley 2017-10-30 18:45:50 +01:00
Christoph Kerschbaumer
2fd8493f7f Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley 2017-10-30 18:45:36 +01:00
Chris H-C
75fc345254 bug 1406391 - Remove toolkit.telemetry.enabled manipulation from tests r=Dexter 
Minor note:
reftests should've turned off uploadEnabled in the first place.
reftests should have unified telemetry on. It's the future.

MozReview-Commit-ID: 9spzuUAXwwP
 2017-10-30 10:47:39 -04:00
Coroiu Cristina
44d1b50592 Backed out changeset 70ccfda99dbc::ca6ae38c0432 (bug 1302667) for frequently failing mochitest in security/test/csp/test_worker_src.html r=backout a=backout on a CLOSED TREE 
Backed out changeset ca6ae38c0432 (bug 1302667)
Backed out changeset ff86e185e09d (bug 1302667)
Backed out changeset 8ec6b8bf8c6c (bug 1302667)
Backed out changeset 21c73f9d8fac (bug 1302667)
Backed out changeset e982481dbf2c (bug 1302667)
Backed out changeset 70ccfda99dbc (bug 1302667)
 2017-10-30 14:19:29 +02:00
Christoph Kerschbaumer
f74ce8742c Bug 1302667 - CSP: Update test_child-src_worker.html because child-src falls back to script-src. r=dveditz,mckinley 2017-10-30 09:07:31 +01:00
Christoph Kerschbaumer
3a0a307bf0 Bug 1302667 - CSP: Test 'frame-src'. r=dveditz,mckinley 2017-10-30 09:07:12 +01:00
Christoph Kerschbaumer
5fc9f5eebd Bug 1302667 - CSP: Test 'worker-src'. r=dveditz,mckinley 2017-10-30 09:06:53 +01:00
Christoph Kerschbaumer
0de95dd051 Bug 1302667 - CSP: Add Parser test for 'worker-src'. r=dveditz,mckinley 2017-10-30 09:06:35 +01:00
Christoph Kerschbaumer
58b63c1576 Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley 2017-10-30 09:10:36 +01:00
Phil Ringnalda
4bc2b1615d Backed out 4 changesets (bug 1408433, bug 1406391, bug 1408512) for crashing tests by touching the network contacting incoming.telemetry.mozilla.org on nightly builds 
Backed out changeset 9bfd4b0927dc (bug 1408433)
Backed out changeset 555850d5107e (bug 1408512)
Backed out changeset 15d959b9123e (bug 1406391)
Backed out changeset e1f34ba9cecc (bug 1406391)

MozReview-Commit-ID: BVoGRsD73Hf
 2017-10-27 21:08:27 -07:00
Chris H-C
8e6dd31d55 bug 1406391 - Remove toolkit.telemetry.enabled manipulation from tests r=Dexter 
Minor note:
reftests should've turned off uploadEnabled in the first place.

MozReview-Commit-ID: 9spzuUAXwwP
 2017-10-27 10:59:43 -04:00
Andrew McCreight
298aa82710 Bug 1412125, part 2 - Fix dom/ mode lines. r=qdot 
This was automatically generated by the script modeline.py.

MozReview-Commit-ID: BgulzkGteAL

--HG--
extra : rebase_source : a4b9d16a4c06c4e85d7d85f485221b1e4ebdfede
 2017-10-26 15:08:41 -07:00
Andrew McCreight
1d0acbdb9b Bug 1412125, part 1 - Manually add mode lines and MPL to files that were missing them entirely. r=qdot 
These were detected by the script used to generate part 2.

MozReview-Commit-ID: VMcT154f6f

--HG--
extra : rebase_source : 2f5fc8a314302fcacac840a8dbe0ff874d518e51
 2017-10-26 14:54:59 -07:00
Christoph Kerschbaumer
ebfa77072c Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz 2017-10-16 14:18:52 +02:00
Brendan Dahl
42bc28d260 Bug 1399956 - Disable some mochitests in headless. r=jrmuizel 
These tests will need more work and are low priority.

MozReview-Commit-ID: H0J16E8FqNr
 2017-10-16 16:15:45 -07:00
Kris Maglione
98c0c61998 Bug 1407056: Follow-up: Don't try to truncate data URI strings to a longer length. r=me 
MozReview-Commit-ID: CDsYXyrhB7T

--HG--
extra : rebase_source : 5647f2d05def805218a2ee45913da4388a4d9647
extra : amend_source : e5015c868db64dce924476600f713b6c3aac1e17
 2017-10-12 16:56:37 -07:00
Kris Maglione
84fb189b82 Bug 1407056: Part 2 - Override page CSP for loads by expanded principals. r=bz,krizsa 
Per the CSP specification, content injected by extensions is meant to be
exempt from page CSP. This patch takes care of the most common case of content
injected by extension content scripts, which always have expanded principals
which inherit from the page principal.

In a follow-up, we'll probably need to extend the exemption to stylesheet
content loaded by extension codebase principals.

MozReview-Commit-ID: GlY887QAb5V

--HG--
extra : rebase_source : 1371b4e4e7f330b7f7721d4aa169fcb52a7622d0
 2017-10-07 14:53:30 -07:00
Kris Maglione
5fdcb5a5d2 Bug 1407056: Part 1 - Provide more consistent principal/origin URL to content policies. r=bz,ckerschb 
We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.

Our existing content policy implementations which require or expect a loading
principal currently retrieve it from the context node. Since no current
callers require the principal to be the loading principal, and some already
expect it to be the triggering principal (which there's currently no other way
to retrieve), I chose to pass the triggering principal whenever possible, but
use the loading principal to determine the origin URL.

As a follow-up, I'd like to change the nsIContentPolicy interface to
explicitly receive loading and triggering principals, or possibly just
LoadInfo instances, rather than poorly-defined request
origin/principal/context args. But since that may cause trouble for
comm-central, I'd rather not do it as part of this bug.

MozReview-Commit-ID: LqD9GxdzMte

--HG--
extra : rebase_source : 41ce439912ae7b895e0a3b0e660fa6ba571eb50f
 2017-10-12 15:43:55 -07:00
Nicholas Nethercote
159f6b5627 Bug 1406794 - Provide the CSP keywords in both UTF8 and UTF16 forms. r=ckerschb 
This avoids the need for numerous 8-to-16-bit and 16-to-8-bit string
conversions.

The patch also introduces a higher-order macro, FOR_EACH_CSP_KEYWORD, which
defines all the stuff about the keywords in a single place and makes the code
nicer.

--HG--
extra : rebase_source : b0f655546aa397749bb18dc7d6d27fbc12fe8fca
 2017-10-06 16:16:52 +11:00
Jason Tarka
a8b72c7aa8 Bug 1380755 - Examine & report on frame-ancestors CSP in report-only mode. r=ckerschb 
Despite what the comment here says, there is nowhere in the W3C CSP spec stating
that frame-ancestors should be ignored in report-only mode.
 2017-07-17 14:19:57 -04:00
Ben Kelly
eec881a235 Bug 1391693 P3 Allow CSP report channels to be internally redirected. r=ckerschb 2017-10-09 10:03:40 -07:00
Nicolas B. Pierron
e51c33aaf4 Bug 1399379 - Use memcpy to import/export SRI hashes to the JS bytecode buffer. r=francois 2017-10-03 10:00:00 -04:00
Christoph Kerschbaumer
b0dac2b742 Bug 1403641: Test data: URI download. r=bz 2017-10-04 08:44:36 +02:00
Christoph Kerschbaumer
04a3ca2e32 Bug 1403641: Allow data: URI downloads even if data: URI navigations are blocked. r=bz 2017-10-04 08:43:56 +02:00
Christoph Kerschbaumer
a3d6a913cc Bug 1402363: Test Mixed Content Redirect Blocking. r=tanvi,kate 2017-10-02 09:12:12 +02:00
Christoph Kerschbaumer
8944f6c302 Bug 1402363: Explicitly cancel channel after mixed content redirect. r=honza,kate 2017-10-02 09:11:57 +02:00
Xidorn Quan
e69b3c7976 Bug 1403024 part 1 - Add nsContentUtils::SchemeIs helper function. r=bholley 
MozReview-Commit-ID: 2NVc5QJSjl

--HG--
extra : rebase_source : 5d25c9c507eaa2a08d68c331a8ba9d304c97f305
 2017-09-26 10:21:01 +10:00
Chris Peterson
5698729243 Bug 870698 - Part 10: Replace Append(NS_LITERAL_STRING("")) with AppendLiteral(u""). r=erahm 
The NS_LITERAL_STRING macro creates a temporary nsLiteralString to encapsulate the char16_t string literal and its length, but AssignLiteral() can determine the char16_t string literal's length at compile-time without nsLiteralString.

MozReview-Commit-ID: H9I6vNDMdIr

--HG--
extra : rebase_source : cf537a1f65af003c6c4f8919b925b0f305c1dd4d
extra : source : 13b89ce4e6a66c840f82a335c71f5a12938aba22
 2017-09-07 18:32:54 -07:00
Chris Peterson
a6a56ed916 Bug 870698 - Part 6: Replace Append(NS_LITERAL_CSTRING("")) with AppendLiteral(""). r=erahm 
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.

MozReview-Commit-ID: F750v6NN81s

--HG--
extra : rebase_source : 714dd78df0f4c33e23e5b117615bd8fd561674c5
extra : source : 742bda9e6b1ddaf34d09894204ad18ce798b79b7
 2017-09-07 18:25:25 -07:00
Chris Peterson
a0c8081df4 Bug 870698 - Part 4: Replace Equals("") with EqualsLiteral(""). r=erahm 
MozReview-Commit-ID: G1GhyvD29WK

--HG--
extra : rebase_source : 115842c37a40041bdca7b4e1ff0a5680b02ced15
extra : source : 90bfff9c01d80086cdc17637f310e898fea295ea
 2017-09-06 01:13:45 -07:00
Christoph Kerschbaumer
ece368a815 Bug 1398692: Test toplevel navigation to a data:application/pdf. r=bz 2017-09-14 07:37:07 +02:00
Christoph Kerschbaumer
929390bec4 Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz 2017-09-14 07:34:41 +02:00
Christoph Kerschbaumer
2cbe4b9466 Bug 1398691 - Unescape data: URI for console message when blocking toplevel data: URI navigations. r=smaug 2017-09-12 07:06:38 +02:00
Christoph Kerschbaumer
d43805d4f6 Bug 1396320: Fix CSP sandbox regression for allow-scripts. r=dveditz 2017-09-07 09:11:38 +02:00
Christoph Kerschbaumer
9db4e41781 Bug 1396798: Test toplevel data: URI navigation to images. r=smaug 2017-09-06 16:16:18 +02:00
Christoph Kerschbaumer
1e7caa84a1 Bug 1396798: Do not block toplevel data: navigation to image (except svgs). r=smaug 2017-09-06 16:27:05 +02:00
Christoph Kerschbaumer
11ddd453de Bug 1394554: Test block data: URI toplevel navigations after redirect. r=smaug 2017-09-06 09:34:59 +02:00
Christoph Kerschbaumer
8cc650c579 Bug 1394554: Test block data: URI toplevel navigations after redirect. r=smaug 2017-09-06 09:34:38 +02:00
Christoph Kerschbaumer
9522e28631 Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug 2017-09-06 09:33:10 +02:00
Christoph Kerschbaumer
1b8c06e845 Bug 1331740: Pass correct context for TYPE_DOCUMENT loads within docshell. r=smaug 2017-09-05 18:01:07 +02:00
Henri Sivonen
3c8567b60d Bug 1354989 - Avoid pivoting via UTF-16 when loading CSS in the Stylo mode. r=jdm,SimonSapin 
MozReview-Commit-ID: Llt29dvB4Io

--HG--
extra : rebase_source : 3ae51dc8beff3fb19e9318a6c7c30c9ab08a5b57
 2017-08-29 16:01:42 +03:00