The test change makes sure the test actually tests this codepath. The resulting
test changes are all due to the test now recognizing <pre> as preformatted.
It's not possible to construct a useful Origin header when we have
an expanded principal and are about to perform a CORS fetch. Therefore,
instead of sending a CORS fetch with an |Origin: null| header, we
must fail the request.
These tests are racy, as we can receive all the data for the SVG image,
thereby unblocking the onload event, but the actual SVG image may not be
fully decoded, which means that we're not getting the use counters
updated that we need for the test. Other SVG image tests should go
through the same codepaths as rendering SVG images for backgrounds,
though, so these tests are superfluous.
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
With the content accumulations now being aggregated in the parent, both the
child and parent must be allowed to record for Telemetry accumulations to work.
MozReview-Commit-ID: 2j9YZIPqbZr
waitOnCondition is used to wait for the telemetry batch to be processed
(roughly every 2s). It resolves and rejects to the same value as there are a
couple of xfail tests that need the wrong answer.
MozReview-Commit-ID: I1JqEXQSL7d
When swapping content from <iframe mozbrowser> to <xul:browser>, we now stop the
frame scripts that implement the content side of the browser API since they are
no longer needed and can cause issues if they remain active.
MozReview-Commit-ID: JrecxA4MI93
--HG--
extra : rebase_source : cc68b975c7d82035410a647ff66eab130055ed04
waitOnCondition is used to wait for the telemetry batch to be processed
(roughly every 2s). It resolves and rejects to the same value as there are a
couple of xfail tests that need the wrong answer.
MozReview-Commit-ID: I1JqEXQSL7d
waitOnCondition is used to wait for the telemetry batch to be processed
(roughly every 2s). It resolves and rejects to the same value as there are a
couple of xfail tests that need the wrong answer.
MozReview-Commit-ID: I1JqEXQSL7d
waitOnCondition is used to wait for the telemetry batch to be processed
(roughly every 2s). It resolves and rejects to the same value as there are a
couple of xfail tests that need the wrong answer.
MozReview-Commit-ID: I1JqEXQSL7d
Add a ChromeOnly method called 'setOriginAttributes' on the XMLHttpRequest,
so that we can override the origin attributes for those XHRs running by XUL
(which will use System Principal).
Boris Zbarsky
Sebastian Hengst
Ehsan Akhgari
Andrea Marchesini
Carsten "Tomcat" Book
Jorg K
Nathan Froyd
Robert Longson
Phil Ringnalda
Thomas Wisniewski
Kate McKinley
Thomas Nguyen
Cameron McCormack
Wes Kocher
Iris Hsiao
Horatiu
John Dai
Chris H-C
J. Ryan Stinnett
Shing Lyu
Mike de Boer
Emilio Cobos Álvarez
Yoshi Huang
Jon Coppeard
Aryeh Gregor
Ryan VanderMeulen
Fernando Jimenez