mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
676 524 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

1309 Коммитов

Автор SHA1 Сообщение Дата
Sebastian Streich 07e8abd797 Bug 1590322 - Enable Cache-Split-Test with fission r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50476

--HG--
extra : moz-landing-system : lando
 2019-10-24 14:50:06 +00:00
Thomas Nguyen cf2f2ec008 Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre 
Differential Revision: https://phabricator.services.mozilla.com/D48825

--HG--
extra : moz-landing-system : lando
 2019-10-23 19:39:00 +00:00
Christoph Kerschbaumer be72bce5f7 Bug 1590777: Add Null check for referrerinfo within ParseCSPAndEnforceFrameAncestorCheck. r=tnguyen 
Differential Revision: https://phabricator.services.mozilla.com/D50239

--HG--
extra : moz-landing-system : lando
 2019-10-23 15:21:48 +00:00
Christoph Kerschbaumer a9ab8a0285 Bug 1590784: Move GetHttpChannelHelper into nsContentSecurityUtils. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D50238

--HG--
extra : moz-landing-system : lando
 2019-10-23 15:17:21 +00:00
Razvan Maries 7fb625f8cf Backed out changeset ae33b9c001e5 (bug 1580462) for build bustages on nsWindow.cpp. CLOSED TREE 2019-10-23 11:07:00 +03:00
Thomas Nguyen a220530f6b Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre 
Differential Revision: https://phabricator.services.mozilla.com/D48825

--HG--
extra : moz-landing-system : lando
 2019-10-22 14:36:00 +00:00
Sebastian Streich f4b2f14328 Bug 1585664 - Add GetAsciiSpecForLogging and update callers r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47909

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:03:27 +00:00
Sebastian Streich 14d2d23a81 Bug 1590318 - Make browser_test_FTP_console_warning.js fission ready r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50075

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:20:11 +00:00
Sebastian Streich a2f3e00d0d Bug 1583553 - Make browser_CORS-console-warnings.js fission ready r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D50080

--HG--
extra : moz-landing-system : lando
 2019-10-22 16:20:09 +00:00
Christoph Kerschbaumer 61c17da3e9 Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49147

--HG--
extra : moz-landing-system : lando
 2019-10-22 10:57:43 +00:00
Bogdan Tara e1b6bc2222 Backed out changeset 8705284b50d4 (bug 1584993) for test_report_uri_missing_in_report_only_header.html failures CLOSED TREE 2019-10-22 13:25:49 +03:00
Christoph Kerschbaumer 2d974555d2 Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49147

--HG--
extra : moz-landing-system : lando
 2019-10-22 08:53:47 +00:00
Christoph Kerschbaumer f5cd986818 Bug 1583044: Make nsMozIconURI serializeable. r=valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49442

--HG--
extra : moz-landing-system : lando
 2019-10-21 14:16:49 +00:00
Razvan Maries f1b8926d68 Backed out changeset fb8fb91d2a96 (bug 1583044) for causing perma fails on test_DownloadUtils.js and reftests. CLOSED TREE 2019-10-18 15:25:07 +03:00
Christoph Kerschbaumer 89195abaf2 Bug 1583044: Make nsMozIconURI serializeable. r=valentin 
Differential Revision: https://phabricator.services.mozilla.com/D49442

--HG--
extra : moz-landing-system : lando
 2019-10-18 10:49:55 +00:00
Christoph Kerschbaumer ecf163cc61 Bug 1587417: Add about:logo to allowlist of CSP assertion. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D48703

--HG--
extra : moz-landing-system : lando
 2019-10-09 13:33:15 +00:00
Tom Ritter 23ba7b6fe3 Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku 
This patch does several things.  Because Workers aren't on the main thread,
many of the things done are in the name of off main thread access.

1) Changes a parameter in IsEvalAllowed from a nsIPrincipal to a bool.
   We only used the principal to determined if it was the System Principal.
   Principals aren't thread safe and can only be accessed on Main Thread, so
   if we passed a Principal in, we would be in error. Instead only pass in
   the bool which - for workers - comes from a thread-safe location.

2) Separates out the Telemetry Event Recording and sending a message to the
   console into a new function nsContentSecurityUtils::NotifyEvalUsage. (And
   creates a runnable that calls it.)

   We do this because we will need to only call this method on the main thread.

   Telemetry Event Recording has only ever been called on the Main Thread.
   While I possibly-successfully cut it over to happen Off Main Thread (OMT)
   by porting preferences to StaticPrefs, I don't know if there were other
   threading assumptions in the Telemetry Code. So it would be much safer to
   just continue recording Event Telemetry on the main thread.

   Sending a message to the console requires calling GetStringBundleService()
   which requires main thread. I didn't investigate if this could be made
   thread-safe, I just threw it onto the main thread too.

   If, in IsEvalAllowed, we are on the main thread - we call NotifyEvalUsage
   directly. If we are not, we create a runnable which will then call
   NotifyEvalUsage for us on the main thread.

3) Ports allow_eval_with_system_principal and allow_eval_in_parent_process
   from bools to RelaxedAtomicBool - because we now check these prefs OMT.

4) In RuntimeService.cpp, adds the call to IsEvalAllowed.

5) Add resource://gre/modules/workers/require.js to the allowlist of eval
   usage. This was the script that identified this gap in the first place.
   It uses eval (twice) for structural reasons (scope and line number
   massaging.)  The contents of the eval are the result of a request to a
   uri (which may be internal, like resource://). The whole point of this
   is to implement a CommonJS require() api.

   This usage of eval is safe because the only way an attacker can inject
   into it is by either controlling the response of the uri request or
   controlling (or appending to) the argument. If they can do that, they
   are able to inject script into Firefox even if we cut this usage of eval
   over to some other type of safe(r) script loader.

   Bug 1584564 tracks making sure calls to require.js are safe.

6) Adds cld-worker.js to the allowlist. Bug 1584605 is for refactoring that
   eval usage, which is decidedly non-trivial.

7) Does _not_ enforce the eval restrictions for workers. While I've gotten
   try to be green and not throw up any instances of eval-usage by workers,
   it is much safer to deploy this is Telemetry-only mode for Workers for
   a little bit to see if anything pops up from the Nightly population.

   Bug 1584602 is for enforcing the checks.

Differential Revision: https://phabricator.services.mozilla.com/D47480

--HG--
extra : moz-landing-system : lando
 2019-10-08 17:31:35 +00:00
Sebastian Streich ceace3f3aa Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
***

Use Window.opener in test

Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-07 12:05:36 +00:00
Sylvestre Ledru f12b9fa5c3 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D47737

--HG--
extra : moz-landing-system : lando
 2019-10-06 18:29:55 +00:00
Jonathan Kingston e7760ef29c Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47888

--HG--
extra : moz-landing-system : lando
 2019-10-02 11:17:28 +00:00
Oana Pop Rus ee3312ea5b Backed out changeset 7978f68a5355 (bug 1585055) for multiple mochitest-plain-chunked failures. on a CLOSED TREE 2019-10-02 02:26:13 +03:00
Sebastian Streich cb72b07f82 Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47635

--HG--
extra : moz-landing-system : lando
 2019-10-01 09:43:36 +00:00
Geoff Brown a93eb8d621 Bug 1580643 - Skip test_navigate_to.html on fission; r=mccr8 
Avoid frequent intermittent test failures on fission.

Differential Revision: https://phabricator.services.mozilla.com/D47695

--HG--
extra : moz-landing-system : lando
 2019-10-01 17:21:41 +00:00
Christoph Kerschbaumer 28f91efa92 Bug 1584992: Make upgrade-insecure-requests work with fission enabled. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47650

--HG--
extra : moz-landing-system : lando
 2019-09-30 21:33:28 +00:00
Sebastian Streich c494962b4b Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-30 10:38:32 +00:00
Christoph Kerschbaumer 877c77623f Bug 1583489: TIghten CSP assertion for about: pages. r=jkt 
Differential Revision: https://phabricator.services.mozilla.com/D47423

--HG--
extra : moz-landing-system : lando
 2019-09-27 12:33:27 +00:00
Anny Gakhokidze f1c694e18f Bug 1582531 - Update fission annotations for skipped tests that are now passing succesfully, r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D47347

--HG--
extra : moz-landing-system : lando
 2019-09-27 14:25:10 +00:00
Christoph Kerschbaumer 30285b4a58 Bug 1499354: Add object-src 'none' to the CSP of all about: pages. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D46950

--HG--
extra : moz-landing-system : lando
 2019-09-26 16:22:41 +00:00
Noemi Erli 68edbc8842 Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE 
--HG--
extra : rebase_source : 5c71e17d6c48d398a11aa919208963aa47209064
extra : amend_source : 8802cdb433e0f770c0648a91bb876dae7dd51100
 2019-09-26 17:00:16 +03:00
Sebastian Streich 245b87853c Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 12:34:17 +00:00
Noemi Erli ba7231bd82 Backed out changeset af8ca81b90e4 (bug 1583932) for causing build bustages in nsCSPService.cpp CLOSED TREE 2019-09-26 14:31:33 +03:00
Sebastian Streich 84f7f4dcb4 Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D47125

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:16:36 +00:00
Sebastian Streich 154d7196d0 Bug 1581512 - Use plain or octetStream as default mime for XTCO -r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46004

--HG--
extra : moz-landing-system : lando
 2019-09-26 10:06:05 +00:00
Alex Catarineu 8d86dd4c94 Bug 1573276 - Always allow localization in error pages r=johannh,peterv 
Differential Revision: https://phabricator.services.mozilla.com/D43216

--HG--
extra : moz-landing-system : lando
 2019-09-25 10:39:45 +00:00
Christoph Kerschbaumer 53d5895e71 Bug 1497200: Apply Meta CSP to about:downloads. r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D45330

--HG--
extra : moz-landing-system : lando
 2019-09-25 13:50:28 +00:00
Jonas Allmann ce89ff6a7a Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46452

--HG--
extra : moz-landing-system : lando
 2019-09-25 12:30:23 +00:00
Matt Woodrow 1a317c31b2 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:42 +00:00
Matt Woodrow edbd9409af Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 08:25:22 +00:00
Cosmin Sabou ff85d01d81 Bug 1580565 - Disable tests that crash on fission. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D46872

--HG--
extra : moz-landing-system : lando
 2019-09-24 17:03:40 +00:00
Cosmin Sabou 89350c28cd Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE 
Backed out changeset e3e31e1dfc13 (bug 1583076)
Backed out changeset 97e4bfbc5578 (bug 1583076)
Backed out changeset 6ccf5880c324 (bug 1583076)
Backed out changeset b4140efc183d (bug 1583076)
 2019-09-25 08:22:10 +03:00
Matt Woodrow f6c8016c29 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:51:13 +00:00
Matt Woodrow 6aa089f744 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-25 04:50:44 +00:00
Bogdan Tara f1b65b22c7 Backed out 5 changesets (bug 1583076) for href-location-redirected-blocked.sub.html failures CLOSED TREE 
Backed out changeset dd4117098844 (bug 1583076)
Backed out changeset 97bc75b1cfe1 (bug 1583076)
Backed out changeset 084b244a33c0 (bug 1583076)
Backed out changeset 1baaf14e2451 (bug 1583076)
Backed out changeset 56c3918b5c21 (bug 1583076)
 2019-09-25 00:53:46 +03:00
Mihai Alexandru Michis ca805e6ecb Bug 1583076 - Fix bustages in nsCSPService.cpp:317:12 a=bustage-fix CLOSED TREE 2019-09-24 23:15:00 +03:00
Matt Woodrow ce6f028211 Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb 
Depends on D46741

Differential Revision: https://phabricator.services.mozilla.com/D46742

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:13:51 +00:00
Matt Woodrow 29c34b4b28 Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 
Depends on D46739

Differential Revision: https://phabricator.services.mozilla.com/D46740

--HG--
extra : moz-landing-system : lando
 2019-09-24 12:12:18 +00:00
Andreea Pavel e7cf747b38 Bug 1580771 - Set test_main.html to always fail on fission r=neha 
Differential Revision: https://phabricator.services.mozilla.com/D46278

--HG--
extra : moz-landing-system : lando
 2019-09-19 13:26:22 +00:00
Tom Ritter c2e992ed6e Bug 1570681 - Enforce eval restrictions in system contexts and the parent process r=ckerschb 
We log to MOZ_LOG, report an error to the console, send telemetry, and in debug builds - crash

Differential Revision: https://phabricator.services.mozilla.com/D45055

--HG--
extra : moz-landing-system : lando
 2019-09-19 02:32:41 +00:00
Tom Ritter 9621f537b0 Bug 1570681 - Move Eval testing logic from nsContentSecurityManager to nsContentSecurityUtils r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D45484

--HG--
extra : moz-landing-system : lando
 2019-09-18 19:36:31 +00:00
Valentin Gosu 9be69aefcb Bug 1580750 - Enable more fission tests r=JuniorHsu 
Differential Revision: https://phabricator.services.mozilla.com/D46175

--HG--
extra : moz-landing-system : lando
 2019-09-17 19:35:00 +00:00