Sebastian Hengst
a8f25b8f67
Backed out changeset a7b0c6ddd812 (bug 863246)
2017-08-25 16:43:33 +02:00
Chung-Sheng Fu
2c9f10e897
Bug 863246 - Fix test failures r=Gijs
...
MozReview-Commit-ID: 8tUr27zvs8z
--HG--
extra : rebase_source : f9ce0f19c1cceeefac0a015d33b94bb787a34ffb
2017-07-19 17:30:01 +08:00
Eric Rahm
a33f11e0f5
Bug 1391803 - Use nsStringFwd.h for forward declaring string classes. r=froydnj
...
We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299
2017-08-16 16:48:52 -07:00
Christoph Kerschbaumer
2ae1ae3098
Bug 1387871 - CSP: Test 'self' within meta csp in data: URI iframe. r=dveditz
2017-08-23 09:50:20 +02:00
Christoph Kerschbaumer
d6143e40d8
Bug 1391011: CSP: Test upgrade-insecure-requests for toplevel navigations when base it https. r=smaug
2017-08-21 08:58:01 +02:00
Wes Kocher
366445521c
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: DjSlrmDFfe3
2017-08-16 17:14:41 -07:00
Kate McKinley
5c5de1568b
Bug 1390687 - remove versioned javascript and legacy generator code r=emk
...
MozReview-Commit-ID: 5f3NQdjQ68v
--HG--
extra : rebase_source : 6216fa33d168fb39b885f7cd0e4f7622af8dc3df
2017-08-15 16:08:16 -07:00
Gabor Krizsanits
722233fed1
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-16 13:00:22 +02:00
Carsten "Tomcat" Book
eea1986e03
merge mozilla-inbound to mozilla-central a=merge
2017-08-16 11:23:24 +02:00
Carsten "Tomcat" Book
1fc6e56a12
merge autoland to mozilla-central a=merge
2017-08-16 11:20:31 +02:00
Carsten "Tomcat" Book
a478b0ef54
Backed out changeset adf5ed713e0d (bug 1376895)
2017-08-16 11:15:50 +02:00
Nicholas Nethercote
a83fefd956
Bug 1390036 (part 1) - Remove most remaining uses of nsXPIDLString. r=erahm.
...
CompareCacheHashEntry::mCrit[] is the only case where the nsXPIDLString-ness
was important. The patch adds an explicit SetIsVoid() call to that class's
constructor and changes some null checks to IsVoid() checks.
--HG--
extra : rebase_source : e68befcde4dd098bac2a550bc666eaf3bf1298d7
2017-08-11 18:31:22 +10:00
Wes Kocher
3945278423
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: D96bIJACwZe
2017-08-15 19:16:12 -07:00
Masatoshi Kimura
38894511bc
Bug 1390106 - Stop using versioned scripts in dom. r=mrbkap
...
MozReview-Commit-ID: 89KvCoTAg3I
--HG--
extra : rebase_source : 24831fa454a1cc6fff70a9b1eb509d0f5aeb800a
2017-08-14 20:42:55 +09:00
Gabor Krizsanits
a53261ca24
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-15 14:05:17 +02:00
Cameron McCormack
7f90eb21ad
Bug 1384741 - Part 4: Test that we don't send CSP violation reports for cached fonts we don't actually use. r=jfkthame
...
MozReview-Commit-ID: Hlu6Dp1Hc1D
2017-08-07 10:13:31 +08:00
Cameron McCormack
d531dc4afb
Bug 1384741 - Part 2: Allow file_report_chromescript.js to listen for more than one CSP violation report. r=bz
...
MozReview-Commit-ID: 8ym5OqSUTMW
2017-08-07 10:11:04 +08:00
Brian Grinstead
0262e6e6ac
Bug 1388552 - Export the HUDService object directly instead of individual methods and properties;r=nchevobbe
...
MozReview-Commit-ID: 9AYCuqqv1U7
--HG--
extra : rebase_source : 83612fd2c4edfde5c86cfc11a70682cc74ebfa12
2017-08-11 09:07:04 -07:00
Masatoshi Kimura
32e5d77ba4
Bug 1387805 - Remove [deprecated] nsIScriptSecurityManager.getCodebasePrincipal(). r=bz
...
MozReview-Commit-ID: CY47PBaQ5oy
--HG--
extra : rebase_source : 6a82bae0d3caafadc772a08a1d392ab30c4ad914
2017-08-06 15:31:31 +09:00
Christoph Kerschbaumer
a1341ccf6d
Bug 1387811 - Follow up for Test within Bug 1381761: CSP JSON is never null, hence it's better to check actual contents of JSON for testing. r=dveditz
2017-08-06 11:37:09 +02:00
Christoph Kerschbaumer
4c276ebc38
Bug 1382869: Test data document should ignore meta csp. r=bz
2017-08-08 15:38:22 +02:00
Masatoshi Kimura
8b713b2b0f
Bug 1375125 - Stop using nsILocalFile in the tree. r=froydnj
...
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.
MozReview-Commit-ID: 4ecl3RZhOwC
--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
2017-08-04 17:49:22 +09:00
Kate McKinley
092434c08c
Bug 1376651 - Pass the nsIScriptElement instead of allocating a string every time r=ckerschb
...
Change the interface to GetAlowsInline to take an nsISupports* instead
of a string, and pass the nsIScriptElement directly. If we don't have an
element, then pass nullptr or the mock string created as an
nsISupportsString.
MozReview-Commit-ID: pgIMxtplsi
--HG--
extra : rebase_source : 4691643bb67ff6c78a74a4886a04c4816cff6219
2017-07-27 11:01:24 -07:00
Christoph Kerschbaumer
8b999864f0
Bug 1381761 - Test data: URIs inherit the CSP even if treated as unique, opaque origins. r=dveditz
2017-08-04 14:10:38 +02:00
Christoph Kerschbaumer
38a3b36992
Bug 1386183 - Test Meta CSP on data: URI iframe to be merged with CSP from including context. r=dveditz
2017-08-03 10:52:27 +02:00
Wes Kocher
20689fef47
Backed out 2 changesets (bug 1376895) for breaking browser_identity_UI.js with assertions in nsPermissionManager.cpp a=backout
...
Backed out changeset 620d01ac103a (bug 1376895)
Backed out changeset 3a06ab7fda1a (bug 1376895)
MozReview-Commit-ID: 2C8kUg77dz8
2017-08-14 13:13:45 -07:00
Gabor Krizsanits
7f2b53e79a
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-14 17:42:05 +02:00
Sebastian Hengst
ddd4030358
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: IrMqWiJhwan
2017-08-01 11:23:57 +02:00
Nicholas Nethercote
73558eac3d
Bug 1384834 (part 2) - Remove remaining uses of nsAdoptingCString. r=erahm.
...
--HG--
extra : rebase_source : 70a385a0a06bc88e728d51459e7460a68f15f7fb
2017-07-28 11:21:47 +10:00
Nicholas Nethercote
d18fdecf67
Bug 1384834 (part 1) - Remove remaining uses of nsAdoptingString. r=erahm.
...
--HG--
extra : rebase_source : c81ee11b9d08198a000979760a8e29a01e9498d0
2017-07-28 11:21:45 +10:00
Kyle Machulis
ef8d138ba7
Bug 1279218 - Remove tests related to the applet tag; r=bz
...
MozReview-Commit-ID: FzzA5Qic4Uq
--HG--
extra : rebase_source : 64206ee3e5073bafd822b23040fe6e24dda3463f
2017-07-10 16:15:16 -07:00
Christoph Kerschbaumer
e4b4af3900
Bug 1331351: Disable mochitest on android. r=me
2017-07-25 13:33:50 +02:00
Christoph Kerschbaumer
2d37dad0be
Bug 1331351: Test allow toplevel window data: URI navigations from system. r=smaug
2017-07-24 18:51:39 +02:00
Christoph Kerschbaumer
e116c4627b
Bug 1331351: Test block toplevel window data: URI navigations. r=smaug
2017-07-24 18:52:01 +02:00
Kartikaya Gupta
1ad55fc00a
Bug 1380683 - Fix test_frameNavigation.html to pass with webrender enabled. r=jhao
...
MozReview-Commit-ID: 7CiM1eAFNJU
--HG--
extra : rebase_source : 0900fcc0cee8d44957408929f5451093e1db0728
2017-07-13 11:17:16 -04:00
Kate McKinley
84d5adef43
Bug 1331730 - Log CORS messages from the content process r=bz,mayhemer
...
In e10s, a channel created by parent does not have a reliable reference
to the inner window ID that initiated the request. Without that, the
channel must request that the content process log and blocked messages
to the web console. This patch creates a new ipdl interface to pass the
message from the parent to the child process. The nsCORSListenerProxy
also needs to keep a reference to the nsIHttpChannel that created it so
it can find its way back to the child. Additionally, the
HttpChannelParent needs to be propagated when creating a new channel for
CORS.
MozReview-Commit-ID: 8CUhlVCTWxt
--HG--
extra : rebase_source : 350f39ad6f7ada39e88dfcc69c4f2c470e2be0de
2017-02-15 12:40:41 +09:00
Geoff Brown
a6583be403
Bug 1376238 - Skip browser_hsts-priming_include-subdomains.js on linux for intermittent failures; r=me,test-only
2017-07-12 10:48:29 -06:00
Yoshi Huang
9ff74a50f4
Bug 1373513 - Part 3: Revert Bug 1363634. r=ckerschb
...
Revert what we did in Bug 1363634, from the spec, data:text/css should be same origin.
2017-07-12 11:00:34 +08:00
Christoph Kerschbaumer
250d4b1ff8
Bug 1377426 - Set CSP on freshly created nullprincipal when iframe is sandboxed. r=dveditz
2017-07-11 08:48:37 +02:00
Joel Maher
a039d5288b
Bug 1311239 - Intermittent dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js. temporarily disable. r=gbrown
...
MozReview-Commit-ID: EWCAOjebfcH
2017-06-23 15:12:34 -04:00
Nicholas Nethercote
fe9268c4cd
Bug 1374580 (part 2) - Remove nsAFlat{,C}String typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsAFlatString --> nsString
- nsAFlatCString --> nsCString
--HG--
extra : rebase_source : b37350642c58a85a08363df2e7c610873faa6e41
2017-06-20 19:19:05 +10:00
Florian Quèze
66f6d259bc
Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop.
2017-06-22 12:51:42 +02:00
Paolo Amadini
10ee6a5c4e
Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian
...
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.
MozReview-Commit-ID: 1buqgX1EP4P
--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
2017-06-19 11:32:37 +01:00
Kate McKinley
396962011a
Bug 1363546 - Store and report HSTS upgrade source r=francois,keeler,mayhemer p=francois
...
Add a field to the HSTS cache which indicates the source of the HSTS
entry if known, from the preload list, organically seen header, or HSTS
priming, or unknown otherwise. Also adds telemetry to collect the source
when upgrading in NS_ShouldSecureUpgrade.
MozReview-Commit-ID: 3IwyYe3Cn73
--HG--
extra : rebase_source : 9b8daac3aa02bd7a1b4285fb1e5731a817a76b7f
2017-05-23 15:31:37 -07:00
Kate McKinley
37a7ace256
Bug 1359987 - Update HSTS priming telemetry r=ckerschb,francois,mayhemer p=francois
...
Collect telemetry for all requests to get an exact percentage of
requests that are subject to HSTS priming, and how many result in an
HSTS Priming request being sent. Clean up telemetry to remove instances
of double counting requests if a priming request was sent.
HSTSPrimingListener::ReportTiming was using mCallback to calculate
timing telemetry, but we were calling swap() on the nsCOMPtr. Give it an
explicit argument for the callback.
Add tests for telemetry values to all of the HSTS priming tests. This
tests for the minimum as telemetry may be gathered on background or
other requests.
MozReview-Commit-ID: 5V2Nf0Ugc3r
--HG--
extra : rebase_source : daa357219a77d912a78b95a703430f39d884c6ab
2017-05-09 15:36:07 -07:00
Christoph Kerschbaumer
0d10a7c233
Bug 1024557 - Test XFO is ignored when frame-ancestors is present. r=smaug
2017-06-07 10:12:55 +02:00
Christoph Kerschbaumer
b6b3bb161d
Bug 1367531: Update CSP frame ancestors test to make sure paths are ignored. r=dveditz
2017-06-06 09:12:32 +02:00
Yoshi Huang
7aef584058
Bug 1363634 - rewrite test_style_crossdomain.html. r=ckerschb
...
data:text/css should be considered as a CORS request, and should be
blocked if crossorigin is not specified.
Also move the original test to test_style-crossdomain_legacy.html
--HG--
rename : dom/security/test/sri/iframe_style_crossdomain.html => dom/security/test/sri/iframe_style_crossdomain_legacy.html
2017-05-23 09:02:06 +08:00
Francois Marier
c10dd4c73c
Bug 1364262 - Convert SRI metadata to ASCII before parsing it. r=ckerschb
...
MozReview-Commit-ID: Ekw8lNzDvou
--HG--
extra : rebase_source : a2fe92e804b5b690856c44783e88d815e38e2922
2017-05-16 17:33:22 -07:00
Christoph Kerschbaumer
e4f38c8d7c
Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian
2017-05-15 21:49:50 +02:00
Birunthan Mohanathas
5e41427024
Bug 903966 - Stop blocking ' http://127.0.0.1/ ' as mixed content. r=ckerschb,kmckinley
...
According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:
- 349501cdaa
- https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
Note that we only whitelist '127.0.0.1' and '::1' to match Chrome 53 and
later. See:
- 130ee686fa
It is unclear if HTTPS origins should be able to use workers and WebSocket
connections through a loopback HTTP address. They are not supported in Chrome
(whether this is intentional or not is uncertain) so lets just ignore them for
now.
See also: https://github.com/w3c/web-platform-tests/pull/5304
2017-05-10 20:50:00 +03:00
Christoph Kerschbaumer
b9a841105c
Bug 1355801: Nonce should not apply to images tests. r=dveditz
2017-05-10 08:53:27 +02:00
Christoph Kerschbaumer
58bdcd15b5
Bug 1345615: Disable websocket tests on android. r=test-fix
2017-04-27 17:28:13 +02:00
Dragana Damjanovic
9a3cfa6017
Bug 1334776 - Store header names into nsHttpHeaderArray. r=mcmanus
2017-04-27 16:48:36 +02:00
Christoph Kerschbaumer
62c0c912c8
Bug 1345615: Test websocket schemes when using 'self' in CSP. r=freddyb,dveditz
2017-04-27 09:59:35 +02:00
Florian Queze
37ff4fc7cc
Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws.
2017-04-14 21:51:38 +02:00
Sebastian Hengst
a07223d699
Backed out changeset 322fde2d53bf (bug 1356569) so bug 1355161 can be backed out. r=backout
2017-04-14 23:39:22 +02:00
Florian Queze
95d4d20c17
Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws.
2017-04-14 21:51:38 +02:00
Dan Banner
cdf987089d
Bug 1107904 - Remove packed.js and references to it as it is unused. r=standard8
...
MozReview-Commit-ID: K5TLF92pHq4
--HG--
extra : rebase_source : 295bf325a07fa8ec4c55a8babf5418588308dca6
2017-04-12 11:10:00 +01:00
Joel Maher
694ea4ea3b
Bug 1183300 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disable on win7. r=ckerschb,gbrown
...
MozReview-Commit-ID: AslnFrYGOVw
2017-04-09 05:43:47 -04:00
Kate McKinley
d082c41757
Bug 1322044 - Only mark a subdomain cached when includeSubDomains is true r=ckerschb,keeler
...
MozReview-Commit-ID: 3lFkuLauyGg
--HG--
extra : rebase_source : c356f1d4bef73b634eed6ca4d8078281ebc3ce3c
2017-02-13 13:36:01 +09:00
Andrea Marchesini
2c716cd273
Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan
2017-03-29 15:28:46 +02:00
Sebastian Hengst
eadf7b5c6e
Backed out changeset 4af10700c64c (bug 1347817)
2017-03-29 11:17:04 +02:00
Andrea Marchesini
4b77f4a4b9
Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan
2017-03-29 08:27:17 +02:00
Christoph Kerschbaumer
f49ee1fdca
Bug 1316305 - Explicilty call .close() for websocket in test. r=baku
2017-03-22 13:04:02 +01:00
Frederik Braun
56207a1b8b
Bug 1073952: tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,Tomcat
...
MozReview-Commit-ID: 5Q8XIJPrRPk
--HG--
extra : rebase_source : 391431d3585173d096ab58747a854542dfd3adca
2017-01-30 14:12:15 +01:00
Frederik Braun
17c2bf2604
Bug 1224225: Tests for punycode/unicode in CSP source matching code r=ckerschb,KWierso
...
MozReview-Commit-ID: 21Mr9ekUvnk
--HG--
extra : rebase_source : be5d673efaa31e322fea5da5ff4e7e6fa749daca
2017-03-15 13:22:55 +01:00
Christoph Kerschbaumer
658552e990
Bug 1316305 - Add debug information for test_upgrade_insecure_requests. r=jmaher
2017-03-13 12:00:46 +01:00
Ursula Sarracini
6b1858e254
Bug 1340181 - Hide Activity Stream URL in URLbar r=fkiefer,mconley
...
MozReview-Commit-ID: F0P5tn2wyG
--HG--
extra : rebase_source : a9f766913b8340e12a4f526dc741e8ed752e6acf
2017-02-22 13:18:09 -05:00
Masatoshi Kimura
7be7b11a1c
Bug 1342144 - Remove version parameter from the type attribute of script elements. r=jmaher
...
This patch is generated by the following sed script:
find . ! -wholename '*/.hg*' -type f \( -iname '*.html' -o -iname '*.xhtml' -o -iname '*.xul' -o -iname '*.js' \) -exec sed -i -e 's/\(\(text\|application\)\/javascript\);version=1.[0-9]/\1/g' {} \;
MozReview-Commit-ID: AzhtdwJwVNg
--HG--
extra : rebase_source : e8f90249454c0779d926f87777f457352961748d
2017-02-23 06:10:07 +09:00
Joel Maher
51bcce91f3
Bug 1316305 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disabled on osx. r=gbrown
...
MozReview-Commit-ID: FyX1wqxhyT7
2017-02-24 12:33:21 -05:00
Xidorn Quan
3e72a08b95
Bug 1339394 - Don't serialize transparent color to transparent keyword when not necessary. r=heycam,jaws
...
MozReview-Commit-ID: 59cmaCoFJMR
--HG--
extra : rebase_source : 3b927d3c056b66e98f457de1726cf9d459eb8708
2017-02-16 10:26:13 +11:00
Tooru Fujisawa
6582faf6eb
Bug 1338251 - Remove remaining legacy generator from dom/security/test/hsts/. r=smaug
2017-02-11 01:53:23 +09:00
Kate McKinley
af9b4969e3
Bug 1334838 - Avoid matching same host with a non-test URI a=testonly r=ckerschb
...
MozReview-Commit-ID: 7Ok7FXFtMoH
--HG--
extra : rebase_source : 99e6beac73e043e9d6174277ab9458fe8d7556c7
2017-02-08 11:28:29 +08:00
Franziskus Kiefer
456a4733d7
Bug 1336654 - update expired certs and signatures for content signature tests, r=mgoodwin
...
--HG--
extra : rebase_source : ec6a62f2f8d651f6e2cc8d4dade93d9647d03a10
2017-02-06 10:07:49 +01:00
Wes Kocher
f9c7eaa259
Bug 1336654 - Skip the suddenly permafailing tests to reopen the tree a=me CLOSED TREE
...
MozReview-Commit-ID: 1KLjbaojvYc
2017-02-03 17:17:51 -08:00
Andrea Marchesini
43b97e9ea3
Bug 1288768 - Better error reporting for network errors in workers - WPT, r=bz
2017-01-28 15:40:08 +01:00
Phil Ringnalda
5d4072a82c
Merge m-i to m-c, a=merge
2017-01-28 13:09:00 -08:00
Phil Ringnalda
439b10ced6
Backed out 2 changesets (bug 1288768) for wptlint failure
...
Backed out changeset 3361d527f683 (bug 1288768)
Backed out changeset d8b8219c20d6 (bug 1288768)
2017-01-28 08:10:26 -08:00
Andrea Marchesini
cab859bea8
Bug 1288768 - Better error reporting for network errors in workers - WPT, r=bz
2017-01-28 15:40:08 +01:00
Kate McKinley
0baeefeea1
Bug 1328460 - Don't send priming to IP or non-standard ports r=ckerschb
...
MozReview-Commit-ID: GLyLfp8gqYt
--HG--
extra : rebase_source : f722504803ed63c5d3be9b84d5053cb1abea984e
2017-01-23 14:01:43 -08:00
Florian Quèze
b11907c7aa
Bug 1334156 - script-generated patch to replace .ownerDocument.defaultView with .ownerGlobal, r=jaws.
2017-01-27 10:51:03 +01:00
Florian Quèze
2cf30507bd
Bug 1334261 - script-generated patch to remove more newURI null parameters, r=jaws.
2017-01-27 10:51:02 +01:00
Florian Quèze
be4dbae285
Bug 1334199 - script-generated patch to omit getComputedStyle's second argument when it's falsy, r=jaws.
2017-01-27 10:51:02 +01:00
Wes Kocher
3317135d5c
Backed out 3 changesets (bug 1073952) for test_iframe_srcdoc.html failures a=backout
...
Backed out changeset e63233859ee1 (bug 1073952)
Backed out changeset 5534087efac3 (bug 1073952)
Backed out changeset 1e631015acc8 (bug 1073952)
MozReview-Commit-ID: Fmrv8mz4HYI
2017-01-27 10:37:05 -08:00
Joel Maher
2c0ed9cf64
Bug 1334242 - add BUG_COMPONENT to dom/security/* files. r=ckerschb
...
MozReview-Commit-ID: EeYWpLBI5G5
2017-01-27 08:18:50 -05:00
Frederik Braun
d15c007015
Bug 1073952 - Part 2 - tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,dveditz
...
MozReview-Commit-ID: DPJRqEut5pu
2017-01-27 01:05:00 +01:00
Frederik Braun
f72672a461
Bug 1073952: inherit CSP into iframe sandbox srcdoc r=ckerschb,dveditz
...
MozReview-Commit-ID: KTzCLoDfYnd
2017-01-27 01:05:00 +01:00
Christoph Kerschbaumer
52276acb40
Bug 1271173 - Test upgrade-insecure-requests for navigational requests. r=smaug,freddyb
2016-05-09 13:37:49 +02:00
Christoph Kerschbaumer
dd581118f0
Bug 1329288 - Test ContentPolicy blocks opening a new window. r=smaug
2017-01-22 17:42:42 +01:00
Sebastian Hengst
040a162daf
Backed out changeset 828efd8ce683 (bug 1329288)
2017-01-22 13:09:53 +01:00
Christoph Kerschbaumer
5b0e184329
Bug 1329288 - Test ContentPolicy blocks opening a new window. r=smaug
2017-01-22 07:30:10 +01:00
Mark Banner
16e6d381ac
Bug 503613 - Remove old 'tail =' lines from xpcshell.ini files; r=gps
...
MozReview-Commit-ID: 62Hp5ISxowJ
--HG--
extra : rebase_source : daa8efb3409031fea553f4fd0c9d0746e38dc308
extra : histedit_source : b4c23aacf678ba0d0ac9c09191a7c494ead11a08
2017-01-18 10:30:39 +00:00
Ehsan Akhgari
4ef7762311
Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb
2017-01-18 15:18:29 -05:00
Ehsan Akhgari
ee5969e9c2
Backout changeset 7040329487e9 (bug 1331838) because it was the wrong patch
2017-01-18 15:18:29 -05:00
Ehsan Akhgari
842ce9fb2d
Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb
2017-01-18 13:11:42 -05:00
Florian Quèze
85611a7b6d
Bug 1331081
- script generated patch to omit addEventListener/removeEventListener's third parameter when it's false, r=jaws.
...
--HG--
extra : rebase_source : a22344ee1569f58f1f0a01017bfe0d46a6a14602
2017-01-17 11:50:25 +01:00
Kate McKinley
edae411c07
Bug 1313595 - Lower HSTS priming timeout r=mayhemer
...
MozReview-Commit-ID: 5wOqtYM1MfD
--HG--
extra : rebase_source : 78cb81a9223c80b93b2c574846111eb3bad91c03
2016-12-08 11:07:55 -10:00
Geoff Brown
ab089bc866
Bug 1324870 - Skip test_bug803225.html and test_ext_downloads_misc.js on linux32 only, to enable taskcluster migration; r=jmaher
2017-01-05 16:34:47 -07:00
Iris Hsiao
8ca3b2dc24
Backed out changeset 724fdfe8f396 (bug 1324870)
2017-01-05 12:21:31 -05:00
Geoff Brown
4fdfff0c12
Bug 1324870 - Skip test_bug803225.html and test_ext_downloads_misc.js on linux32 only, to enable taskcluster migration; r=jmaher
...
--HG--
extra : rebase_source : eb4c1e94381f46d54619f0a3ba65e3f5beed2221
2017-01-05 09:15:11 -07:00
Tooru Fujisawa
515ef9ba45
Bug 1321218 - Remove legacy generator from dom/. r=smaug
2016-12-01 18:11:32 +09:00
André Bargull
8843a98210
Bug 1319936 - Remove String generics uses in dom. r=billm
...
--HG--
extra : rebase_source : f2b40e5d4a423035d2de8739570a76305a058cf0
2016-11-24 13:17:00 -08:00
Carsten "Tomcat" Book
450508f7f3
merge mozilla-inbound to mozilla-central a=merge
2016-11-29 11:39:49 +01:00
Carsten "Tomcat" Book
002a446aec
Backed out changeset 3472d9d9dd47 (bug 1313595) for hopefully reducing crashes
2016-11-29 10:25:07 +01:00
Frederik Braun
29efcb86ac
Bug 1316826 - Test for JS URLs and strict-dynamic. r=dveditz
...
MozReview-Commit-ID: EKmYoZbap25
2016-11-28 21:56:55 -05:00
Thomas Wisniewski
fe33117844
Bug 1309219 - Only allow valid base64-values for CSP nonce and hash sources, per spec. r=francois
2016-11-24 21:46:09 -05:00
Frederik Braun
53901256a5
Bug 1316826 - Test case for strict-dynamic blocks inline event handlers. r=dveditz
...
MozReview-Commit-ID: 4TS4pUNeIS1
--HG--
extra : rebase_source : e517f4898d0a9873c77e2731152ce3255b7c5938
2016-11-21 15:13:29 -05:00
Ryan VanderMeulen
e1487e92f8
Bug 1311599
- Disable HSTS tests on linux debug.
...
--HG--
extra : rebase_source : 5ad7d6ea972d4a350091458b0cc47dd148f13bb6
2016-11-21 12:30:56 -05:00
Andrea Marchesini
42cdd9436b
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 2, r=qdot
2016-11-18 09:33:50 +01:00
Andrea Marchesini
2f974ccbce
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 1, r=qdot
2016-11-18 09:33:33 +01:00
Sebastian Hengst
7110a88674
Backed out changeset d43b778d95c6 (bug 1318273) for failing mochitest fetch/test_formdataparsing.html. r=backout on a CLOSED TREE
2016-11-17 20:58:38 +01:00
Sebastian Hengst
fdfd8b91d1
Backed out changeset 2560659cda95 (bug 1318273)
2016-11-17 20:57:59 +01:00
Andrea Marchesini
a895bd31ae
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 2, r=qdot
2016-11-17 19:36:21 +01:00
Andrea Marchesini
cf2ad8072f
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 1, r=qdot
2016-11-17 19:36:01 +01:00
Kate McKinley
dcbe139332
Bug 1317115 turn off HSTS priming to suppress perma-orange a=test-only
...
MozReview-Commit-ID: I1bNquP4yT7
2016-11-15 10:52:45 +09:00
Kate McKinley
5565f4d518
Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
...
Default is 3 seconds
MozReview-Commit-ID: 47hoaTEL9hV
2016-11-08 17:49:39 +09:00
Phil Ringnalda
8562d3859b
Backed out changeset a8be4ebc85cf (bug 1313595) for permaorange unexpected assertion in test_referrerdirective.html, a=backout
...
MozReview-Commit-ID: GxBqDrHHg7z
2016-11-14 18:30:58 -08:00
Kate McKinley
b8eeda422c
Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
...
Default is 3 seconds
MozReview-Commit-ID: 47hoaTEL9hV
--HG--
extra : rebase_source : 6954dc92966122b15c60f19f5e91086fcd859728
2016-11-08 17:49:39 +09:00
Kate McKinley
5ef79ef9a4
Bug 1313596 - Increase HSTS Priming default cache timeout. r=mayhemer
...
MozReview-Commit-ID: 6sHuB4wIEu4
--HG--
extra : rebase_source : 9672c18384efe24f6cb5e1aa455217e37a97db90
2016-11-10 00:30:00 -05:00
Sebastian Hengst
115286c614
Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout
2016-11-09 11:31:38 +01:00
Tanuja Sawant
134e80abde
Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb
2016-11-07 19:22:53 +05:30
Wes Kocher
41c087935b
Merge m-c to inbound, a=merge
2016-11-08 14:08:34 -08:00
Christoph Kerschbaumer
eb1fcc9de6
Bug 1299483 - CSP: Implement 'strict-dynamic', test default-src. r=dveditz
2016-11-08 13:34:36 +01:00
Christoph Kerschbaumer
54b5ba8aa1
Bug 1299483 - CSP: Implement 'strict-dynamic', parser inserted mochitests. r=dveditz,freddyb
2016-11-08 13:33:58 +01:00
Christoph Kerschbaumer
7148985f09
Bug 1299483 - CSP: Implement 'strict-dynamic', mochitests. r=dveditz,freddyb
2016-11-08 13:33:27 +01:00
Christoph Kerschbaumer
d9efe93bac
Bug 1299483 - CSP: Implement 'strict-dynamic', parser tests. r=dveditz,freddyb
2016-11-08 13:32:17 +01:00
Christoph Kerschbaumer
c267f70f91
Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb
2016-11-08 12:55:23 +01:00
Joel Maher
27b9e899b0
Bug 1311599
- Disable hsts tests on linux32-debug only. r=kmckinley
...
MozReview-Commit-ID: 2V5Xrfpwy3a
--HG--
extra : rebase_source : c02f00ac03368b5ce52598c23964e39f892e6007
2016-11-07 14:51:45 -05:00
Nicholas Nethercote
e13c48fba9
Bug 1315170 - gtestify dom/security/test/TestCSPParser.cpp. r=francois.
...
--HG--
rename : dom/security/test/TestCSPParser.cpp => dom/security/test/gtest/TestCSPParser.cpp
extra : rebase_source : 52b30a4c063ce2d330108fa4b8382ff8e4adf1b0
2016-11-04 17:02:26 +11:00
Phil Ringnalda
a7bc94158c
Merge m-i to m-c, a=merge
...
MozReview-Commit-ID: H4VKCYDq5cD
--HG--
rename : xpcom/tests/TestAutoRef.cpp => xpcom/tests/gtest/TestAutoRef.cpp
rename : xpcom/tests/TestCOMArray.cpp => xpcom/tests/gtest/TestCOMArray.cpp
rename : xpcom/tests/TestCOMPtr.cpp => xpcom/tests/gtest/TestCOMPtr.cpp
rename : xpcom/tests/TestCOMPtrEq.cpp => xpcom/tests/gtest/TestCOMPtrEq.cpp
rename : xpcom/tests/TestFile.cpp => xpcom/tests/gtest/TestFile.cpp
rename : xpcom/tests/TestHashtables.cpp => xpcom/tests/gtest/TestHashtables.cpp
rename : xpcom/tests/TestID.cpp => xpcom/tests/gtest/TestID.cpp
2016-11-05 13:36:25 -07:00
Sebastian Hengst
4b45959d12
Bug 1310297 - Remove test annotations using b2g, mulet or gonk: dom/security. r=RyanVM
...
MozReview-Commit-ID: 8G41CCQ1P01
--HG--
extra : rebase_source : d8f02480bc506c06e13d0d47fa123df6f8b2f18d
2016-11-05 11:29:17 +01:00
Frederik Braun
e8f0bc4a89
Bug 1312272 - Test that marquee event handlers are subject to CSP. r=smaug
...
MozReview-Commit-ID: 4KYon5u0ocf
--HG--
extra : histedit_source : 6de85932af364aba1960f16a51d20d32b8ec6b7c
2016-11-04 22:54:19 -04:00
Frederik Braun
579a6043ca
Bug 1312680 - Test that require-sri-for blocks style loads via @import r=francois
...
MozReview-Commit-ID: A8DPWH2S3sD
2016-11-03 03:18:00 +01:00
Kate McKinley
26490f6904
Bug 1310955 - Fix nsSiteSecurityService cache retrieval r=ckerschb,keeler
...
MozReview-Commit-ID: 55DpKrqcL1x
--HG--
extra : rebase_source : 5e068cc70c45dd1844a0e59559875cde659f202a
2016-10-18 20:09:15 +09:00
Phil Ringnalda
6c91017f20
Merge m-i to m-c, a=merge
...
MozReview-Commit-ID: FA9OZyjP59N
2016-10-18 19:36:18 -07:00
Ehsan Akhgari
f13c011369
Bug 1310895 - Remove support for app default and manifest CSP enforcement; r=baku
2016-10-18 09:40:41 -04:00
Kate McKinley
5b82359aa3
Bug 1305993 - Break tests up to avoid timeouts r=philor
...
MozReview-Commit-ID: 8y2gwNjnEnT
--HG--
extra : rebase_source : c24354dd7c60064b38bbbad067806d3c0a52c690
2016-10-07 17:19:38 +09:00
Christoph Kerschbaumer
066a3827af
Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb
2016-10-14 20:07:32 +02:00
Sebastian Hengst
24324313f6
Backed out changeset f443b21ba9de (bug 1307321) for unexpected passing of scripthash-unicode-normalization.sub.html. r=backout
2016-10-14 17:51:22 +02:00
Christoph Kerschbaumer
0341cd9771
Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb
2016-10-14 15:23:24 +02:00
Ehsan Akhgari
9de6bbbaec
Bug 1261019 - Part 3: Remove Navigator.mozApps and code depending on it; r=myk,jryans,fabrice,mcmanus,peterv
2016-10-13 13:18:41 -04:00
Steven Englehardt
f4e92ab657
Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-10-13 15:44:00 +08:00
Wes Kocher
2142de26c1
Backed out 8 changesets (bug 1277803) for browser-chrome test failures a=backout
...
Backed out changeset 477890efdb88 (bug 1277803)
Backed out changeset 49da326bfe68 (bug 1277803)
Backed out changeset 2d17a40a9077 (bug 1277803)
Backed out changeset b1cb0a195ca1 (bug 1277803)
Backed out changeset c7d82459d152 (bug 1277803)
Backed out changeset 3be9a06248af (bug 1277803)
Backed out changeset 8d119ca96999 (bug 1277803)
Backed out changeset be767a6f7ecd (bug 1277803)
2016-10-12 14:26:00 -07:00
Steven Englehardt
226661a0bc
Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-10-12 17:32:11 +08:00
Richard Barnes
ea829544cd
Bug 1308951 - Add a pref to whitelist specific domains as SecureContexts r=ckerschb,jcj
...
MozReview-Commit-ID: AxihCLsBNRw
--HG--
extra : rebase_source : bd2800c65af839ef67f4ca9a841f08884ac9c539
2016-10-10 11:32:24 -04:00
Yoshi Huang
06ba09a073
Bug 1264137 - Part 3: perform ContentPolicy check if the load is happening on this docshell. r=bz, smaug
2016-10-07 17:40:21 +08:00
Iris Hsiao
596b8e86ce
Backed out changeset 76788d4f83ce (bug 1277803)
...
CLOSED TREE
2016-10-07 11:23:40 +08:00
Steven Englehardt
1925944f12
Bug 1277803 - Part 5: Add a test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-09-13 00:33:00 -04:00
Frederik Braun
ae7fb1e8d0
Bug 1279139 - require-sri-for needs to govern scriptloading for workers. r=baku
...
MozReview-Commit-ID: 3m21kbiV5qK
--HG--
extra : rebase_source : 30c784392e96c1b28c55d38959cc529093b9b568
2016-10-04 02:36:00 +02:00
Christoph Kerschbaumer
b0951acfc5
Bug 1302539 - X-Content-Type-Options: nosniff should not apply to images (temporarily). r=dveditz
2016-09-30 09:38:44 +02:00
Edgar Chen
cf7304c3c6
Bug 1306007 - Part 1: Remove srcset/picture feature control preference; r=jdm,smaug
...
MozReview-Commit-ID: BsyTHeqiGZL
--HG--
extra : rebase_source : 2add2510dbe16c641fe997a8349c1a36009bec20
2016-04-16 18:07:56 -04:00
Thomas Wisniewski
c190891418
Bug 1303121 - Do not fire one last progress event on XHR errors, to match a spec change. r=annevk
...
--HG--
extra : rebase_source : 9a59934cfe8fc7f2ee8ef7788813f97e2355ce2a
2016-09-28 13:05:32 -04:00
Kate McKinley
c57d400961
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 11:27:00 -04:00
Iris Hsiao
767e1e9b11
merge mozilla-inbound to mozilla-central a=merge
2016-09-26 18:34:20 +08:00
Kate McKinley
694c12c743
Bug 1242019 - Truncate data URIs in CSP log messages. r=ckerschb
...
MozReview-Commit-ID: DaiGESRI1rb
--HG--
extra : transplant_source : %EC%7B%3F%20O%3A%A7g%BAl%82%BC-Xg%23%84%E2%3C%EE
2016-09-12 14:30:43 -07:00
Kate McKinley
ed0b5f06ee
Bug 1271796 use raw bytes to calculate SRI hash r=francois
...
MozReview-Commit-ID: F62t5CnsYlJ
--HG--
extra : rebase_source : 9c2148ffe99a51db5541ec6d9961597b578157ae
2016-09-05 12:55:25 +02:00
Gabor Krizsanits
9f5afabda0
Bug 1294381
- Delayed process script for test_bug803225.html. r=mrbkap
2016-09-22 09:26:26 +02:00
Frederik Braun
fd99ac5cc2
Bug 1277248 - Add test to ensure that require-sri-for does not allow svg:scripts r=ckerschb
...
MozReview-Commit-ID: 1knIYZ93UeY
--HG--
extra : rebase_source : 4c1385382ecdddf80ec45d46d440b37bf4ad47c1
2016-09-13 11:05:37 +02:00
Tom Tung
6f314fb375
Bug 1187335 - P3 - modify SRI test to match current behavior. r=bkelly, r=francois.
2016-05-30 12:26:56 +08:00
Henry Chang
6ea7c1b598
Bug 1229639 - Part 2: Test case. r=ckerschb
...
MozReview-Commit-ID: GbofB6JoFil
--HG--
extra : rebase_source : dc4ac339817a052f687179988e28ec02764bd3e7
2016-09-06 18:30:12 +08:00
Tom Schuster
885c81fd09
Bug 1299267 - Test for wrong mime types. r=ckerschb
2016-09-05 20:02:52 +02:00
Christoph Kerschbaumer
9489473322
Bug 1297051 - Test CSPRO should not block mixed content. r=dveditz
2016-08-24 09:24:20 +02:00
Christoph Kerschbaumer
4261d2f1f7
Bug 1288361 - Test block script with wrong MIME type. r=dveditz
2016-08-22 08:56:32 +02:00
Christoph Kerschbaumer
19b246a586
Bug 1290560 - Update TestCSPParser to include 'sandbox', 'require-sri' and 'report-uri' with no valid srcs. r=dveditz
2016-08-19 18:45:04 +02:00
Michael Layzell
8e946df619
Bug 1293001 - Part 2: Change the BinaryName of nsIContentSecurityPolicy::getPolicy from GetPolicy (which overloaded another virtual method), to GetPolicyString, r=froydnj
...
MozReview-Commit-ID: 4XWRar3Uuw
2016-08-11 15:49:40 -04:00
Thomas Wisniewski
95d1c98761
Bug 918703 - Part 2: Correct progress event logic so events are sent in the correct order and with the correct values according to spec. r=baku
...
--HG--
extra : rebase_source : da5305fdfb1b28404199733f68cb65803a087e38
2016-08-05 23:47:40 -04:00
Gabor Krizsanits
f6bc83a18a
Bug 1285894 - Fixing test_bug803225.html for e10s-multi. r=mrbkap
2016-08-01 12:26:38 +02:00
Christoph Kerschbaumer
886e7cd571
Bug 1289085: CSP - Test referrer with no valid src. r=dveditz
2016-07-29 22:53:59 +02:00
Thomas Wisniewski
6a1fb99d2b
Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz
2016-07-30 00:24:56 -04:00
Iris Hsiao
caea40742f
Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures
2016-07-27 13:14:07 +08:00
Kate McKinley
c6650db185
Bug 1246540 HSTS Priming Proof of Concept
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
Iris Hsiao
a7c8429fc4
Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures
2016-07-27 11:15:52 +08:00
Kate McKinley
567ebcf321
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
Carsten "Tomcat" Book
dcae5b0335
Merge mozilla-central to fx-team
2016-07-26 11:58:36 +02:00
Carsten "Tomcat" Book
a3904e8a8a
Merge mozilla-central to mozilla-inbound
2016-07-25 15:59:01 +02:00
Carsten "Tomcat" Book
b9a6c687fa
merge mozilla-inbound to mozilla-central a=merge
2016-07-25 15:50:41 +02:00
Franziskus Kiefer
249fa77287
Bug 1263793
- update SAN, r=mgoodwin,ulfr
...
MozReview-Commit-ID: HtMKl2gP1xi
--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book
0a5622c093
Backed out changeset 640247e978ba (bug 1246540) for bustage
2016-07-24 15:59:31 +02:00
Kate McKinley
547500d5a7
Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00
Johann Hofmann
0e04940e1a
Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi
...
MozReview-Commit-ID: BvR7Xb0AE9N
--HG--
extra : rebase_source : dfe2d600b15a6cffd49be454b3394106c3ff9bb3
extra : histedit_source : 8b03564ebced1305ce79652d904e7bb95a92a2e8
2016-06-02 17:14:27 +02:00
Christoph Kerschbaumer
022d9af2b3
Bug 1285003 - Test insecure http port :80 allows secure https port :443. r=dveditz
2016-07-22 11:32:21 +02:00
Carsten "Tomcat" Book
c7846e126c
Backed out changeset 16aa7041c009 (bug 1287107) for causing xpcshell and mac tests
2016-07-22 11:30:23 +02:00
Fabrice Desré
f5b619fb28
Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
...
MozReview-Commit-ID: 9uVUrmuVFXQ
--HG--
extra : rebase_source : d0c19fcda5c72ecdce3b0d0bbbafa5a7954d7a4c
2016-03-03 09:58:47 -08:00
Tom Tromey
5538d692d3
Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
...
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Franziskus Kiefer
dd5231632f
Bug 1263793
- Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
...
MozReview-Commit-ID: ABXYYseKImq
--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
2016-05-19 10:59:48 +02:00
Wes Kocher
e2d9911273
Backed out changeset 21d8bb5af7b4 (bug 1263793
) for leaks in various jobs CLOSED TREE
2016-07-20 11:16:37 -07:00
Franziskus Kiefer
9b9c643025
Bug 1263793
- Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
...
MozReview-Commit-ID: CHUPgBr8WaC
--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
2016-05-19 10:59:48 +02:00
Christoph Kerschbaumer
f2c908b15d
Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz
2016-07-20 12:33:29 +02:00
Christoph Kerschbaumer
23f7b47719
Bug 1273430 - Test CSP upgrade-insecure-requests for doc.write(iframe). r=tanvi
2016-07-20 09:26:16 +02:00
Fabrice Desré
7846da76d6
Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
...
MozReview-Commit-ID: 9uVUrmuVFXQ
--HG--
extra : rebase_source : 20f6f0235667530c21aca4889b5d33e39c2d1a48
2016-03-03 09:58:47 -08:00
Wes Kocher
c9783f64cb
Backed out 4 changesets (bug 471020) for frequent Windows w(2) failures CLOSED TREE a=merge
...
Backed out changeset d9675ab3d203 (bug 471020)
Backed out changeset 3ee328c56de0 (bug 471020)
Backed out changeset 000576e264bd (bug 471020)
Backed out changeset ffe60708c457 (bug 471020)
2016-07-18 16:07:28 -07:00
Christoph Kerschbaumer
6166c48409
Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz
2016-07-18 14:47:35 +02:00
Christoph Kerschbaumer
97e696739a
Bug 1286376 - Do not call finish multiple times within test_contentpolicytype_targeted_link_iframe.html. r=smaug
2016-07-13 09:04:30 +02:00
Christoph Kerschbaumer
0cd1f7698a
Bug 1234813
- Tests for: sendBeacon should not throw if blocked by Content Policy. r=barnes
2016-07-12 07:26:37 +02:00
Christoph Kerschbaumer
68b180b34f
Bug 1255240 - Test content policy types within content policies for targeted links in iframes. r=smaug
2016-07-11 20:58:57 +02:00
Christoph Kerschbaumer
84f2bb5302
Bug 1277557 - Test require-sri-for in meta tag r=francois
2016-07-08 07:26:34 +02:00
Francois Marier
11de73857c
Bug 1269241
- Add SRI tests for UTF-8 stylesheets. r=ckerschb,r=jkt
2016-07-07 14:44:51 -07:00
Thomas Nguyen
bd8bba9788
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: IhEAA89VyTr
--HG--
extra : rebase_source : 63d522eab0477706636aa2e9086f1b0cdc30889d
2016-06-30 12:32:03 +08:00
Paul Roberts
edd71bdffd
Bug 671389 - Extend CSP tests for iframe sandbox with CSP sandbox directive tests r=grobinson
...
--HG--
extra : rebase_source : 4a37c0828701909f32870c0079b75b5c55144381
2016-06-28 14:06:06 -07:00