We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299
Add a field to the HSTS cache which indicates the source of the HSTS
entry if known, from the preload list, organically seen header, or HSTS
priming, or unknown otherwise. Also adds telemetry to collect the source
when upgrading in NS_ShouldSecureUpgrade.
MozReview-Commit-ID: 3IwyYe3Cn73
--HG--
extra : rebase_source : 9b8daac3aa02bd7a1b4285fb1e5731a817a76b7f
The [must_use] property on XPIDL methods and attributes is useful for making
sure errors are properly handled.
As a first step, this patch adds the property to PSM methods and attributes that
are already correctly checked everywhere.
MozReview-Commit-ID: KyGxwUK3x0X
--HG--
extra : rebase_source : 45bd3f8d305fe221cc1bba73a520f11829dc5a42
Smart string IDL types give us nsA[C]String in C++ code, which is safer than
raw char strings.
MozReview-Commit-ID: KJ3Z4qK9i61
--HG--
extra : rebase_source : a24101d876d1120bd3b6c757fc48a2b76a8b489f
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
Eric Rahm
Kate McKinley
Cykesiopka
Jonathan Hao
Phil Ringnalda
Mark Goodwin
Thomas Zimmermann
Birunthan Mohanathas