gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-27 12:50:09 +00:00

Go to file

J.C. Jones bce88244c0 Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert

Credential Management defines a parameter `sameOriginWithAncestors` which is
set true if the responsible document is not either in a top-level browsing
context, or is in a nested context whose heirarchy is all loaded from the
same origin as the top-level context [1][2]. The individual credential types
of CredMan can use this flag to make decisions on whether to error or not.

Our Credential Management implementation right now is a shim to Web
Authentication, which says that if `sameOriginWithAncestors` is false, return
`"NotAllowedError"`.

This ensures that

  https://webauthn.bin.coffee/iframe.html

works, but the cross-origin

  https://u2f.bin.coffee/iframe-webauthn.html

does not.

[1] https://w3c.github.io/webappsec-credential-management/#algorithm-request
[2] https://w3c.github.io/webappsec-credential-management/#algorithm-create
[3] https://w3c.github.io/webauthn/#createCredential
[4] https://w3c.github.io/webauthn/#getAssertion

MozReview-Commit-ID: KIyakgl0kGv

--HG--
extra : rebase_source : dace4f4d73823913bff759fce8255da8e18ad5e3

2017-10-12 18:18:39 -07:00

.cargo

Bug 1426116 - Update for changes in WR PR 2251. r=jrmuizel

2018-01-08 09:19:27 -05:00

.vscode

Bug 1423565 - Update tasks.json as per documentation. r=rillian

2017-12-06 14:59:35 +01:00

accessible

Bug 1427754 - Enable ESLint rule mozilla/use-services for accessible/ r=surkov

2018-01-03 15:26:19 +00:00

browser

Bug 1428760 - Tidy up browser_bookmarkProperties_*.js tests and stop using some obsolete APIs. r=mak

2018-01-08 13:42:53 +00:00

build

Bug 1428864: Fix indexer plugin build with clang >= 5. r=kats

2018-01-08 20:21:53 +01:00

caps

Bug 1424474 part 1. Make sure we don't call into the chrome registry's AllowContentToAccess with non-chrome URLs. r=gijs

2017-12-21 10:54:43 -05:00

chrome

Bug 1426501 - Change JS code to use nsIURIMutator instead of the nsIURI.spec setter r=mayhemer

2018-01-08 15:20:29 +01:00

config

Bug 445128 - Stop putting the version number in the target directory for make install. r=nalexander

2017-12-31 17:18:52 +09:00

Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium

2017-12-07 22:09:15 +01:00

devtools

Bug 1306892 - Update style editor fetch test info. r=jdescottes

2018-01-08 12:16:31 -06:00

docshell

Bug 1426501 - Change C++ code to use NS_MutateURI when changing URI r=mayhemer

2018-01-08 15:20:35 +01:00

dom

Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert

2017-10-12 18:18:39 -07:00

editor

Bug 1427964 - Remove unused methods from CSSEditUtils. r=masayuki

2018-01-04 14:27:15 +09:00

embedding

…

extensions

Bug 1396980 - Spending too much time making ranges for spellchecker on Facebook page, r=smaug

2018-01-06 16:10:29 +02:00

gfx

Bug 1426116 - Regenerate FFI header and remove RGB8 references to go with changes in WR PR 2260. r=jrmuizel

2018-01-08 09:19:27 -05:00

gradle/wrapper

Bug 1366644 - Part 3a: Update Android build-tools (25.0.3), Gradle (3.4.1), Android-Gradle (2.3.3). r=maliu

2017-10-16 15:09:15 -07:00

hal

Bug 1412048 - Replace NS_RUNTIMEABORT("...") with MOZ_CRASH("..."). r=froydnj

2017-10-24 23:30:31 -07:00

image

Bug 1421992 - script-generated patch to replace do_execute_soon, do_print and do_register_cleanup with executeSoon, info and registerCleanupFunction, rs=Gijs.

2017-12-21 11:10:23 +01:00

intl

Bug 196175 - patch 2 - Override category of underscore for word-selection purposes so it is treated as a word-forming character, and update word-movement tests accordingly. r=m_kato

2018-01-03 10:02:39 +00:00

ipc

Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE

2018-01-06 00:59:25 +02:00

Bug 1403322: Switch jsreftests, jittests, test-verify to SCHEDULES; r=ahal

2017-12-20 00:39:21 +00:00

layout

Bug 1426116 - Update the reftest annotations after we fixed the webrender box shadow problem (WR PR 2261). r=kats

2018-01-08 13:29:09 +08:00

media

Bug 1406936 - Add unittests for re-configuring VideoConduit; r=pehrsons

2017-11-28 14:50:05 -05:00

memory

Bug 1417504 - Also wrap Heap{Alloc,ReAlloc,Free} when building without our allocator. r=njn

2017-12-19 14:46:23 +09:00

mfbt

Bug 1428541 - Make char16ptr_t::operator bool() explicit. r=froydnj

2017-12-24 23:33:56 +09:00

mobile

Bug 1423566 - Hide tabs tray when receiving an Assist App intent. r=nechen

2018-01-05 17:33:06 +01:00

modules

Bug 1421358 - Remove GCRuntime::notifyDidPaint and refresh_frame_slices.enabled pref. r=jonco

2018-01-06 22:25:25 +01:00

mozglue

Bug 1422394: Add a mechanism to report dll loads to an observer; r=jimm

2017-12-04 18:08:17 -07:00

netwerk

Bug 1426501 - Change C++ code to use NS_MutateURI when changing URI r=mayhemer

2018-01-08 15:20:35 +01:00

nsprpub

Bug 1420407, Land NSPR 4.18 into FF 59, NSPR_4_18_BETA5, r=me

2017-12-21 14:58:24 +01:00

other-licenses

Backed out 5 changesets (bug 1418425) for Windows updater bustages and xpshell failures on toolkit/mozapps/update/tests/unit_base_updater/marSuccessPartial.js r=backout on a CLOSED TREE

2017-12-12 17:48:45 +02:00

parser

Bug 1425321 - Renaming nsINode::RemoveChildAt to RemoveChildAt_Deprecated, r=catalinb

2018-01-03 14:01:03 +01:00

python

Backed out changeset e4ca69cab96a (bug 1426255) for bustage failures on /python/mozbuild/mozbuild/test/frontend/test_reader.py::TestBuildReader::test_schedules r=backout a=backout on a CLOSED TREE

2018-01-08 23:34:50 +02:00

rdf

Bug 1421992 - script-generated patch to replace do_check_* functions with their Assert.* equivalents, rs=Gijs.

2017-12-21 11:08:17 +01:00

security

No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update

2018-01-07 11:04:07 -08:00

services

Bug 1427850 - Check that sync is ready directly instead of reading the sync username to determine it r=markh

2018-01-03 15:22:43 -05:00

servo

servo: Merge #19647 - replace DocumentSource::NotFromParser with DocumentSource::FromParser (from tigercosmos:x3); r=jdm

2018-01-08 11:23:21 -06:00

startupcache

Bug 1408017 - Clear gStartupCacheWrapper in the dtor. r=froydnj

2017-10-26 16:47:27 -04:00

storage

Bug 1421992 - Hand written cleanup patch to make tests pass after removing obsolete xpcshell functions. r=Gijs,ochameau a=Aryx

2017-12-21 11:11:57 +01:00

taskcluster

Bug 1403322: Switch jsreftests, jittests, test-verify to SCHEDULES; r=ahal

2017-12-20 00:39:21 +00:00

testing

Bug 1403322: Switch jsreftests, jittests, test-verify to SCHEDULES; r=ahal

2017-12-20 00:39:21 +00:00

third_party

Bug 1300577 - Upgrade blessings to version 1.6.1, r=gps

2018-01-03 14:14:45 -05:00

toolkit

Bug 1425957 - Extend webextension telemetry probes for another 3 releases, r=liuche

2017-12-19 13:35:36 -05:00

tools

Bug 1401995 Update funsize to use async, to reduce task time r=jlorenzo

2018-01-03 14:42:47 +00:00

uriloader

Bug 1426501 - Change C++ code to use NS_MutateURI when changing URI r=mayhemer

2018-01-08 15:20:35 +01:00

view

Bug 1414666 part 1 - Add nsIFrame::PresShell() for convenient access to the shell. r=emilio

2017-11-09 03:00:48 +01:00

widget

Bug 1426501 - Change JS code to use nsIURIMutator instead of the nsIURI.spec setter r=mayhemer

2018-01-08 15:20:29 +01:00

xpcom

Bug 1426779 - Disable precise runnable leakchecking names on release and beta. r=froydnj

2018-01-04 12:59:02 -08:00

xpfe

Bug 1425363 - remove onWindowTitleChanged given that nobody uses it, r=bgrins

2017-12-14 21:55:44 -06:00

.arcconfig

Bug 1424950: Add missing repository.callsign to .arcconfig. r=dkl

2017-12-13 15:38:18 +01:00

.clang-format

Bug 1414764 - Remove Mozilla specific options to avoid build warnings with gcc and -Wcomment enabled. r=sylvestre

2017-11-06 11:47:40 +02:00

.clang-format-ignore

Backed out changeset 31f259ee387b (bug 1411004) for failing flake8 at tools/mach_commands.py:307:14 | indentation is not a multiple of four. r=backout

2017-10-31 16:20:11 +01:00

.cron.yml

Bug 1418188 - Run Searchfox indexing in TaskCluster on a daily basis (r=dustin,chmanchester)

2017-11-23 07:25:12 -08:00

.eslintignore

Bug 1426205 - ES module usage in exported tests cause eslint errors. r=k88hudson

2017-12-19 10:57:22 -08:00

.eslintrc.js

Bug 1427754 - Enable ESLint rule mozilla/use-services for accessible/ r=surkov

2018-01-03 15:26:19 +00:00

.flake8

…

.gdbinit

…

.gdbinit_python

…

.gitignore

Bug 1419836 - ID .gitignore entry ignores "id" locale (for mac). r=standard8

2017-11-22 10:30:55 -08:00

.hgignore

Bug 1415168 - Fix 404 error when running talos speedometer locally; r=igoldan

2017-11-28 15:35:44 -05:00

.hgtags

No bug - Tagging mozilla-central 1f91961bb79ad06fd4caef9e5dfd546afd5bf42c with FIREFOX_NIGHTLY_58_END. a=release DONTBUILD CLOSED TREE

2017-11-12 21:12:59 -05:00

.inferconfig

…

.lldbinit

…

.taskcluster.yml

bug 1328719 - add task.extra.tasks_for to help rebuild the decision task. r=dustin

2018-01-03 16:16:41 -08:00

.yamllint

…

.ycm_extra_conf.py

…

aclocal.m4

…

AUTHORS

…

build.gradle

(bug 1411688) Make --with-gradle handle single-locale repack r=snorp a=reland

2017-11-06 15:23:47 +02:00

client.mk

Bug 1417264 - Write .mozconfig.json from Python; r=nalexander

2017-11-13 17:45:03 -08:00

client.py

…

CLOBBER

Bug 1416465 - Expand pattern when track file is created rather than read. r=mshal

2017-12-02 16:51:19 +09:00

configure.in

…

configure.py

Bug 1412460 - Don't write make variables in configure.d; r=mshal

2017-11-01 15:02:11 -07:00

GNUmakefile

…

gradle.properties

…

gradlew

…

LEGAL

…

LICENSE

…

mach

…

Makefile.in

Bug 1424651: Remove unused SOCORRO_SYMBOL_UPLOAD_TOKEN_FILE mozconfig variable; r=ted.mielczarek

2017-12-10 23:05:05 -07:00

moz.build

Bug 1403322: Switch jsreftests, jittests, test-verify to SCHEDULES; r=ahal

2017-12-20 00:39:21 +00:00

moz.configure

Bug 1425035 - move --enable-ui-locale to moz.configure; r=gps

2017-12-18 14:21:26 -08:00

mozilla-config.h.in

Bug 1426898 - Stop including Char16.h everywhere. r=Waldo

2017-12-23 00:53:12 +09:00

npm-shrinkwrap.json

Bug 1371293 - Upgrade ESLint to version 4.8.0, configuration changes. r=mossop

2017-10-09 10:54:16 +01:00

old-configure.in

Bug 1423856 - Backed out changeset 411a410f23b4. Seems that bug 1424294 wasnt' enough to fix it r=me

2017-12-22 21:36:17 +01:00

package.json

Bug 1371293 - Upgrade ESLint to version 4.8.0, configuration changes. r=mossop

2017-10-09 10:54:16 +01:00

README.txt

…

settings.gradle

Bug 1360587 - Part 2. Remove bouncer apk build config; source; docs, r=nalexander

2017-10-25 22:51:44 +08:00

test.mozbuild

…

README.txt

An explanation of the Mozilla Source Code Directory Structure and links to
project pages with documentation can be found at:

    https://developer.mozilla.org/en/Mozilla_Source_Code_Directory_Structure

For information on how to build Mozilla from the source code, see:

    https://developer.mozilla.org/en/docs/Build_Documentation

To have your bug fix / feature added to Mozilla, you should create a patch and
submit it to Bugzilla (https://bugzilla.mozilla.org). Instructions are at:

    https://developer.mozilla.org/en/docs/Creating_a_patch
    https://developer.mozilla.org/en/docs/Getting_your_patch_in_the_tree

If you have a question about developing Mozilla, and can't find the solution
on https://developer.mozilla.org, you can try asking your question in a
mozilla.* Usenet group, or on IRC at irc.mozilla.org. [The Mozilla news groups
are accessible on Google Groups, or news.mozilla.org with a NNTP reader.]

You can download nightly development builds from the Mozilla FTP server.
Keep in mind that nightly builds, which are used by Mozilla developers for
testing, may be buggy. Firefox nightlies, for example, can be found at:

    https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/
            - or -
    https://nightly.mozilla.org/

Languages

JavaScript 32.3%

C++ 25.4%

HTML 21%

C 10.8%

Python 2.8%

Other 7.2%