Christoph Kerschbaumer
9e62aecdfc
Bug 1278272
- Convert test_csp_upgrade_insecure_request_header.js to channel.asyncOpen2() r=jkt
2016-06-29 13:08:47 +02:00
Christoph Kerschbaumer
1a5fda4297
Bug 1240193 - Skip TYPE_DOCUMENT assertions for loads initiated by JS tests (r=tanvi)
2016-06-29 12:59:45 +02:00
Jonathan Kingston
daa6f72c59
Bug 1279420 - Adding in security.csp.experimentalEnabled pref check to require-sri-for directive in CSP. r=ckerschb
...
MozReview-Commit-ID: 799ZZoW0YiG
--HG--
extra : transplant_source : %CAC%12%16%C6a%10AP%BEc%85%BA%93Z%7Cq%D43%8D
2016-06-20 19:49:38 +01:00
Christoph Kerschbaumer
24fbc29c99
Bug 1188642 - Use channel->ascynOpen2 in dom/base/nsObjectLoadingContent.cpp r=smaug
2016-06-28 09:37:55 +02:00
Christoph Kerschbaumer
25f6f710d7
Bug 1100181 - CSP: Enforce connect-src when submitting pings. r=arroway
2016-06-24 15:25:11 +02:00
Christoph Kerschbaumer
76f6cc7739
Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen
...
--HG--
extra : rebase_source : 92bd320351de91b72304c2fc386f1ae295837a9e
2016-06-22 14:13:03 +02:00
Christoph Kerschbaumer
1b81dcec35
Bug 1271198 - Convert Websockets to use AsyncOpen2(). r=jduell
2016-05-17 12:04:11 +02:00
Thomas Nguyen
4b7ad0e2c5
Bug 1223838 - Fix wrong policy associated with empty string. r=fkiefer,hsivonen
...
MozReview-Commit-ID: 7kFH39cegmH
2016-05-30 15:17:45 +08:00
Dimi Lee
83ab2f2e39
Bug 1148732 - (CVE-2015-4483) feed: protocol + POST method => mixed scripting. r=tanvi
2016-05-23 12:11:02 +08:00
Stephanie Ouillon
e4fbe1d9ac
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
Frederik Braun
404a0bbb99
Bug 1265318: add require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: 200PAvKtBME
2016-05-31 11:14:00 +02:00
Frederik Braun
e8df1f59be
Bug 1265318: tests for require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: Ji14cwB8D3P
2016-05-31 08:30:00 +02:00
Jonathan Hao
525c086187
Bug 1259871 - Replace getSimpleCodebasePrincipal with createCodebasePrincipal. r=sicking
...
MozReview-Commit-ID: Frx0CjBzuve
--HG--
extra : histedit_source : 036eb321d9ccb20e0e071ba588b0a1249eb34bdd
2016-05-24 18:01:34 +08:00
Sebastian Hengst
4a29890033
Backed out changeset c970fb57fedd (bug 1247459) for failing its own test on Windows. r=backout
2016-05-31 08:36:02 +02:00
Stephanie Ouillon
fc06857f8e
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
Christoph Kerschbaumer
8a208322fb
Bug 1269254 - Skip CheckLoadURIWithPrincipal checks within ContentSecurityManager on loadingPrincipal if security flag indicates allow cross origin loads (r=sicking)
2016-05-29 20:40:16 +02:00
Christoph Kerschbaumer
031a59734b
Bug 1196013 - Use channel->ascynOpen2 in toolkit/components/places. r=billm r=sicking r=mak
2016-05-23 23:57:31 +02:00
Patrick McManus
2cd574f25f
Bug 1274376 - more mozilla::net namespaces r=dragana
...
--HG--
extra : rebase_source : 914d48f23a4a5db052a789b9e21c1ff922533d35
2016-05-18 22:02:57 -04:00
Carsten "Tomcat" Book
927b1a0b3a
Backed out changeset 7469725d7461 (bug 959388)
2016-05-23 11:36:12 +02:00
Carsten "Tomcat" Book
9214312096
Backed out changeset 9feb9c89d33a (bug 959388)
2016-05-23 11:36:10 +02:00
Thomas Nguyen
61fe1800b8
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: Ahx419BHWrS
--HG--
extra : rebase_source : 2016c1e68f990a8ba9cd471e18778c87b08546e1
2016-05-19 11:59:54 +08:00
Thomas Nguyen
32e38271c9
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey
...
MozReview-Commit-ID: LUl5LyO94m3
--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
2016-05-19 11:57:32 +08:00
Christoph Kerschbaumer
52a84afc5c
Bug 1273418
- CSP: Test evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:36:02 +02:00
Christoph Kerschbaumer
3713fd6352
Bug 1273418
- CSP: Evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:35:45 +02:00
Sebastian Hengst
468fcc6924
Backed out changeset 2292661153e3 (bug 1271198) for web-platform failures. r=backout on a CLOSED TREE
2016-05-19 17:06:04 +02:00
Christoph Kerschbaumer
bbc661631e
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 15:42:01 +02:00
Sebastian Hengst
d6e3286232
Backed out changeset 854a8df494d3 (bug 1271198) for many assertions at nsHttpChannel.cpp:5204. r=backout on a CLOSED TREE
2016-05-19 14:23:51 +02:00
Christoph Kerschbaumer
0e2d46a840
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 11:54:02 +02:00
Trevor Saunders
1e81548029
bug 1271436 - use nsIDocShellTreeItem::GetDocument() more r=smaug
2016-05-17 18:16:07 -04:00
Chris Peterson
8a9e2d2bd4
Bug 1272513 - Part 2: Remove redundant -Wshadow CXXFLAGS from moz.build files. r=glandium
2016-05-14 00:54:55 -07:00
Henry Chang
dc7cba21ef
Bug 1251152 - Part 3: Test case. r=franziskus
2016-05-05 11:11:34 +08:00
Andreas Farre
51e42c28d2
Bug 1268851 - Add SRILogHelper to hold GetSriLog r=baku
...
MozReview-Commit-ID: BqW7LXOFirn
--HG--
extra : rebase_source : cf0d1c8f1f88e05912830cef673e866b7c2756c4
2016-05-03 17:43:33 -07:00
Christoph Kerschbaumer
9944442791
Bug 1261634
- Tests for whitespace skipping within meta csp. r=dveditz
2016-04-21 21:19:50 +02:00
Christoph Kerschbaumer
a9a95d1918
Bug 1261634
- Update whitespace skipping for meta csp. r=dveditz
2016-04-21 21:15:06 +02:00
Aryeh Gregor
f14f1babe8
Bug 1193762 part 8 - Fix things that will break; r=froydnj
...
It looks like VC++ doesn't like comparisons of nsCOMPtr to 0 after this
change, but those are bad style anyway, so I removed them from
TestCOMPtr.cpp instead of trying to make them work.
2016-05-01 21:29:23 +03:00
Christoph Kerschbaumer
da0d241d98
Bug 1206961 - Use channel->AsyncOpen2() for imageLoader; Remove security checks from callsites (r=bz)
2016-04-27 19:41:13 +02:00
Jonathan Watt
2bb448cbb2
Bug 1267509 - Make nsContentSecurityManager::IsURIPotentiallyTrustworthy act on an nsIPrincipal. r=bz
...
MozReview-Commit-ID: Zu1zU4Brkx
--HG--
rename : dom/security/test/unit/test_isURIPotentiallyTrustworthy.js => dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
2016-04-26 11:30:43 +01:00
Christoph Kerschbaumer
c607e5cac1
Bug 1263286 - Update csp base-uri tests. r=bz
...
--HG--
rename : dom/security/test/csp/file_base-uri.html => dom/security/test/csp/file_base_uri_server.sjs
2016-04-26 12:38:06 +02:00
Kyle Huey
c73656947b
Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj
2016-04-25 17:23:21 -07:00
Frederik Braun
582caa399f
Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb
...
MozReview-Commit-ID: I1w9QrWJeEo
--HG--
extra : histedit_source : 1258cfc50d32c10f0de90ba1e863e21ae3ebf0f8
2016-04-24 14:56:22 -04:00
Kris Maglione
f3feb0cfd3
Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb
...
MozReview-Commit-ID: G8b86UvSv0y
--HG--
extra : rebase_source : c7857e88af0d94dd1162dccfe12aae6567945f2c
2016-04-23 20:42:43 -07:00
Christoph Kerschbaumer
d82c07bf27
Bug 1262635 - Don't strip URIs of ftp: when sending reports. r=dveditz
2016-04-17 20:09:18 +02:00
Matt Robenolt
1d82e1412f
Bug 1192840 - Fix CSP report content-type. r=ckerschb
2016-04-14 12:51:31 +02:00
Frederik Braun
6c12520100
Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb
...
MozReview-Commit-ID: TzpGH63EPF
--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
2016-04-08 14:14:38 +02:00
Tanvi Vyas
9c0a7ac154
Bug 1105556 - Add a hidden preference that is checked in debug mode to determine whether the main LoadInfo() constructor should assert that the ContentPolicyType is not TYPE_DOCUMENT.
...
Set the preference in xpcshell tests that create TYPE_DOCUMENT loads in javascript and hence end up using the main constructor. r=sicking, ckerschb
2016-04-13 16:30:36 -07:00
Tanvi Vyas
b58752765c
Bug 1105556 - Don't call CheckLoadURIWithPrincipal() in DoCheckLoadURIChecks() for TYPE_DOCUMENT loads where we don't have a loadingPrincipal. Ensure SEC_COOKIES_SAME_ORIGIN isn't set for TYPE_DOCUMENT loads in CheckChannel(). r=ckerschb, sicking
2016-04-13 16:30:28 -07:00
Sebastian Hengst
4ee65db5e7
Backed out changeset 0c21f872515b (bug 1192840) for failure in modified test_csp_reports.js. r=backout
2016-04-13 19:32:44 +02:00
Frederik Braun
ae7f565803
Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb
...
MozReview-Commit-ID: TzpGH63EPF
--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
2016-04-08 14:14:38 +02:00
Marcos Caceres
387bd9e686
Bug 1258005 - Remove setTimeout to avoid intermittent issue. r=bkelly
2016-04-12 00:39:00 +02:00
Jonathan Hao
e1331785d7
Bug 1241634 - Reflow before clicking in mixedcontentblocker test r=mckinley
...
MozReview-Commit-ID: 5rbeuVjaw0B
--HG--
extra : rebase_source : f0f603c31e0e2ee43f8bbac575de3dab0660e333
2016-03-25 16:52:49 +08:00