c73e96a53d
Bug 1105556 - Call Create(originAttributes) when loadinfo->loadingPrincipal is null, instead of CreatePrincipalWithInheritedAttributes(). r=sicking
2016-04-13 16:30:22 -07:00
b9cbf42ad8
Bug 1237479 -- nsScriptSecurityManager needs to use the correct user context id in the origin attributes in a few places. r=sicking
2016-04-01 22:36:00 -04:00
70202e15a1
Bug 1251308; r=luke
...
MozReview-Commit-ID: AqsMX4m7Qh9
--HG--
extra : rebase_source : 519aef2cf8c0bb39771d4589069e8fd1a06970c3
2016-03-09 11:20:11 +01:00
95f8000ac8
Bug 1238160 - Add assertions in non-desktop code paths. r=bz,fabrice
...
Several code paths try to ask the principal if it's in a browser element, but
the principal now only knows about *isolated* browser elements. All such code
paths are currently unused on desktop. The frame loader now asserts that
isolation remains enabled for cases where apps are used.
MozReview-Commit-ID: 775DZecc35t
2016-03-02 10:35:56 -06:00
2a55d065b7
Bug 1238160 - Rename OriginAttributes.mInBrowser and associated methods. r=bz,mayhemer
...
This change renames OriginAttributes.mInBrowser to mInIsolatedMozBrowser and
nsIPrincipal::GetIsInBrowserElement to GetIsInIsolatedMozBrowserElement. Other
methods that pass these values around also have name changes.
Tokens such as "inBrowser" have previously been serialized into cache keys, used
as DB column names, stored in app registries, etc. No changes are made to any
serialization formats. Only runtime method and variable names are updated.
No behavior changes are made in this patch, so some renamed methods may have
nonsensical implementations. These are corrected in subsequent patches
focused on behavior.
MozReview-Commit-ID: 66HfMlsXFLs
2016-03-02 10:35:56 -06:00
87574e4920
Bug 1251311. JS::DescribeScriptedCaller can't throw JS exceptions. Adjust some callers accordingly. r=khuey
2016-02-26 15:23:13 -05:00
be5bd39145
Bug 1240651 - Annotate addonId into crash report (r=bholley)
2016-02-01 16:05:53 -08:00
ef04fd0f90
Bug 1172165 - check all nested URI schemes in CAPS. Make view-source dangerous to load, and about: URIs use per-URI flags so they keep working, r=bz
...
Also, add an opt-out for crashtest/reftest for the view-source thing so they don't all break, r=bz
--HG--
extra : commitid : 8NqvmbphSgh
extra : rebase_source : bbe0b6f11a77d7e6241a5733931d9baa95bb3fed
2015-12-11 08:06:41 -05:00
b02a011eef
Bug 1211590 - Inherits OriginAttributes from loading principal for GetChannelURIPrincipal. r=sicking
2016-01-13 05:30:00 +01:00
72ea23c63e
Bug 1239601 - improve the UniquePtr situation (r=jandem)
...
--HG--
extra : commitid : JegWAoGsuQ9
extra : rebase_source : 995c1b6ab8e4fd3b83c44741cd84a2d7b0d934d7
2016-01-15 18:26:20 -06:00
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00
774236075d
Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout
2015-12-05 16:34:47 +01:00
df33e62850
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-05 01:46:20 -08:00
4b500464f5
Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking.
2015-11-03 09:50:54 +08:00
a84c33ecb0
Bug 1125423 part 1 - Attach WindowProxies to globals instead of using innerObject/outerObject hooks. r=bz,luke
2015-11-06 19:03:51 +01:00
01583602a9
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
...
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout. The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.
CLOSED TREE makes big refactorings like this a piece of cake.
# The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
xargs perl -p -i -e '
s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
s/nsRefPtr ?</RefPtr</g; # handle declarations and variables
'
# Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h
# Handle nsRefPtr.h itself, a couple places that define constructors
# from nsRefPtr, and code generators specially. We do this here, rather
# than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
# things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
mfbt/nsRefPtr.h \
xpcom/glue/nsCOMPtr.h \
xpcom/base/OwningNonNull.h \
ipc/ipdl/ipdl/lower.py \
ipc/ipdl/ipdl/builtin.py \
dom/bindings/Codegen.py \
python/lldbutils/lldbutils/utils.py
# In our indiscriminate substitution above, we renamed
# nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'
if [ -d .git ]; then
git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
5e14a3b3a8
Bug 1178533 - Add nsIInstallPackagedWebapp for registering permissions when navigating to signed packages r=bholley,fabrice,valentin
2015-08-26 13:12:13 +02:00
d38b78ae54
Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager. r=bholley
2015-09-23 16:10:21 +08:00
a281e74201
Bug 1184387 - Bail out of file:// loads for all non-chrome:// URIs. r=Gijs
2015-08-06 16:37:00 -07:00
f2cc7352a6
Backed out changesets f4fa8c49ebc6 and 78e2ba8842d4 (bug 1184387) for browser_parsable_css.js failures.
...
CLOSED TREE
2015-08-05 14:39:28 -04:00
82a19a631c
Bug 1184387 - Bail out of file:// loads for all non-chrome:// URIs. r=Gijs
2015-08-05 10:43:22 -07:00
4fefff8e42
Bug 1186152 - Implement nsIProtocolHandlerWithDynamicFlags and use it for moz-extension. r=bz
2015-07-28 12:26:51 -07:00
0ead8c2e5e
Bug 1161831 - Associate extension URIs with the appropriate addon ID. r=billm,sr=bz
2015-07-21 12:57:23 -07:00
f925835ed9
Bug 1161831 - Implement moz-extension protocol. r=bz,r=billm,sr=mcmanus
...
The heavy lifting all happened in the previous patch, so this is easy now.
2015-07-21 12:57:22 -07:00
d79403aa15
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - scriptSecurityManager changes (r=sicking,bholley)
2015-07-19 19:12:26 -07:00
87abc69fb0
Bug 1182357 - Add an API to mint nsExpandedPrincipals. r=mrbkap
2015-07-15 16:59:09 -07:00
258ad59e3f
Bug 1171931 - Refactor duplicated code using XRE_IsParent/ContentProcess. r=froydnj
2015-07-03 18:29:00 -07:00
10dd21a3ef
Bug 886459, part 3 - Remove simple uses of nsIJSRuntimeService to get the JSRuntime. r=bholley
2015-06-26 18:44:14 -07:00
f4abeb8aba
Bug 886459, part 1 - Remove unused includes of nsIJSRuntimeService.h. r=bholley
2015-06-26 18:44:13 -07:00
5f5c327690
Backed out changeset 8b4e4083639e (bug 1171931) for B2G debug emulator bustage.
2015-06-25 19:48:42 -04:00
702a59d135
Bug 1171931 - Refactor duplicated code using XRE_IsParent/ContentProcess. r=froydnj
...
--HG--
extra : rebase_source : 2ecbe6c1dd8a7ad8dc529b53349ad431cf1116c9
2015-06-24 14:11:00 -04:00
8ee7426f3a
Bug 1165162 - Fix up nsScriptSecurityManager::AppStatusForPrincipal to compare principals rather than origins. r=gabor, sr=sicking
...
The current check will fail once we start munging the format of nsIPrincipal::Origin.
2015-05-20 17:11:47 -07:00
91e0c12696
Bug 1165162 - Rework the nsIScriptSecurityManager principal-minting API to be originAttributes-centric. r=gabor,r=bholley,sr=sicking
2015-05-20 17:11:41 -07:00
f8d1d0c840
Bug 1164977 - Hoist app attributes into a struct on BasePrincipal and refer to them as 'origin attributes'. r=gabor
...
This sets the stage for the upcoming work for signed apps.
2015-05-18 15:52:34 -07:00
e61971d74b
Bug 1164292 - Switch nsIPrincipal::origin to ACString. r=gabor
2015-05-15 11:51:51 -07:00
e6a1d175c3
Bug 1134096 - Revise docs for ::NewChannel2, ::GetChannelPrincipal and add deprecation warnings (r=tanvi,sicking)
2015-04-13 13:37:14 -07:00
b077d9624d
Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd
2015-04-01 13:51:45 +09:00
ab624ae20e
Bug 1149280 part 1. Make nullprincipal creation faster. r=smaug
2015-03-31 13:11:00 -04:00
9ae27c5155
Bug 1126014 - DomainPolicy support for e10s. r=mrbkap
2015-03-24 15:29:16 +01:00
1f28a7b068
Bug 1144991 another followup, to fix the stupid compile issue. r=must-reopen-the-CLOSED TREE
2015-03-19 21:16:22 -04:00
3535d21268
Bug 1144991 followup. Allow the hidden window to link to chrome things even though most resource:// URIs can't. r=bholley and I sneer upon the CLOSED TREE.
2015-03-19 21:04:25 -04:00
94fe221522
Bug 1144991 - Be a bit more restrictive about when a URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that doesn't have the same scheme. r=bholley, a=me
2015-03-19 18:58:44 -04:00
c9d51e1ad0
Bug 1123854 - Remove some out of memory checks in caps/. r=jst
2015-01-30 10:59:49 -08:00
97e4b52984
Bug 1110615 - Fix inheriting problem for blobs (r=sicking)
2014-12-12 09:03:47 -08:00
f7aea19aae
Backed out 15 changesets (bug 1087442)
...
Backed out changeset 3f4166fb5e37 (bug 1087442)
Backed out changeset 0c9c9123a0a9 (bug 1087442)
Backed out changeset 1d85d298042d (bug 1087442)
Backed out changeset 51f3ce397d68 (bug 1087442)
Backed out changeset f3b81a623692 (bug 1087442)
Backed out changeset 472e8fa74596 (bug 1087442)
Backed out changeset 12f97df7b79c (bug 1087442)
Backed out changeset 253cde88d3c5 (bug 1087442)
Backed out changeset b44f9ebd56cb (bug 1087442)
Backed out changeset 48e412887726 (bug 1087442)
Backed out changeset a2c76343f7a9 (bug 1087442)
Backed out changeset 0b5b07cfef0e (bug 1087442)
Backed out changeset 2931c35342a4 (bug 1087442)
Backed out changeset 681ce9dcad64 (bug 1087442)
Backed out changeset 47c505856954 (bug 1087442)
2014-12-11 21:58:21 -08:00
31b61e551f
Bug 1087442 - Attach LoadInfo inside each individual ProtocolHandler - securitymanager changes (r=sicking)
2014-12-11 20:47:55 -08:00
ba415e054d
Bug 1083422 - Add triggering Principal to nsILoadInfo - update consumers (r=bz)
2014-11-14 08:57:26 -08:00
08be6709e0
Bug 1088617 - Remove nsIScriptSecurityManager::CheckSameOrigin. r=me
2014-10-29 09:21:18 +01:00
bf9324688d
Bug 1069694 - Remove OldDebugAPI from the browser. r=shu
2014-10-12 19:37:41 +02:00
8ce4688d81
Bug 1066718 - Get sIOService before invoking ReadPrefs. r=bz
2014-09-16 21:30:32 +02:00
86ba57ba6a
Bug 1053725 - When one domain is whitelisted for file:// URI access, whitelist all subdomains. r=bz
2014-09-08 22:22:22 -07:00
21d9e88153
Bug 1061136 - Followup bugfix. r=bz
2014-09-08 22:22:21 -07:00
6cfbd9472f
Bug 1061136 - Assume both http:// and https:// for schemeless URIs in CAPS prefs. r=bz
2014-09-05 20:01:06 -07:00
68de320099
Bug 1062529 - Split GetChannelPrincipal into GetChannelResultPrincipal and GetChannelURIPrincipal. r=bz
2014-08-06 16:05:40 -07:00
4533961b74
Bug 1011738 - Theme support for b2g/gaia, Part 4 : security checks r=bent,bz
2014-08-28 17:20:27 -07:00
e70ddb7476
Bug 1052052 - Hoist Auto*JSContext into nsContentUtils and kill nsCxPusher.{cpp,h}. r=gabor
2014-08-14 18:47:15 -07:00
30ae466592
Backed out changesets 5b1a3161f614, 17a9673ed782, and a9b8c346d295 (bug 1052052) for B2G non-unified bustage.
2014-08-14 17:23:10 -04:00
3e4d70a655
Bug 1052052 - Hoist Auto*JSContext into nsContentUtils and kill nsCxPusher.{cpp,h}. r=gabor
2014-08-14 12:54:34 -07:00
f6516d5622
Bug 1022229 - Borrow App ID and mozBrowser-ness when creating sandbox null principals. r=bz
2014-07-29 08:47:52 -07:00
22b3a5b9bb
Bug 1022229 - Hoist GetAppStatus into a static method on nsScriptSecurityManager. r=bz
2014-07-29 08:47:52 -07:00
9a8cfb647e
Backed out 5 changesets (bug 1022229) for non-unified bustage.
...
Backed out changeset d79b991a8d96 (bug 1022229)
Backed out changeset 34f9a0e7dbde (bug 1022229)
Backed out changeset 37fbaf69c6e0 (bug 1022229)
Backed out changeset d6111b0603f5 (bug 1022229)
Backed out changeset 154922edf5fe (bug 1022229)
2014-07-28 15:08:51 -04:00
0f8a49569d
Bug 1022229 - Borrow App ID and mozBrowser-ness when creating sandbox null principals. r=bz
2014-07-28 10:37:54 -07:00
635f27b521
Bug 1022229 - Hoist GetAppStatus into a static method on nsScriptSecurityManager. r=bz
2014-07-28 10:37:54 -07:00
0e87a94e07
Bug 1035395, r=bholley,smaug
...
--HG--
extra : rebase_source : 478200a62a5073177ae3c782e252fa9a804e5b01
2014-07-18 09:37:42 -07:00
a4ac396211
Bug 1038535 - Flatten caps/{idl,include,src}/ directories. r=bholley,gps
...
--HG--
rename : caps/src/DomainPolicy.cpp => caps/DomainPolicy.cpp
rename : caps/include/DomainPolicy.h => caps/DomainPolicy.h
rename : caps/idl/nsIDomainPolicy.idl => caps/nsIDomainPolicy.idl
rename : caps/idl/nsIPrincipal.idl => caps/nsIPrincipal.idl
rename : caps/idl/nsIScriptSecurityManager.idl => caps/nsIScriptSecurityManager.idl
rename : caps/src/nsJSPrincipals.cpp => caps/nsJSPrincipals.cpp
rename : caps/include/nsJSPrincipals.h => caps/nsJSPrincipals.h
rename : caps/src/nsNullPrincipal.cpp => caps/nsNullPrincipal.cpp
rename : caps/include/nsNullPrincipal.h => caps/nsNullPrincipal.h
rename : caps/src/nsNullPrincipalURI.cpp => caps/nsNullPrincipalURI.cpp
rename : caps/src/nsNullPrincipalURI.h => caps/nsNullPrincipalURI.h
rename : caps/src/nsPrincipal.cpp => caps/nsPrincipal.cpp
rename : caps/include/nsPrincipal.h => caps/nsPrincipal.h
rename : caps/src/nsScriptSecurityManager.cpp => caps/nsScriptSecurityManager.cpp
rename : caps/include/nsScriptSecurityManager.h => caps/nsScriptSecurityManager.h
rename : caps/src/nsSystemPrincipal.cpp => caps/nsSystemPrincipal.cpp
rename : caps/include/nsSystemPrincipal.h => caps/nsSystemPrincipal.h
2014-07-15 11:12:59 -07:00
Tanvi Vyas
Dave Huseby
Benjamin Bouvier
J. Ryan Stinnett
Boris Zbarsky
Yoshi Huang
Gijs Kruitbosch
Henry Chang
Luke Wagner
Jonas Sicking
Sebastian Hengst
Jan de Mooij
Nathan Froyd
Stephanie Ouillon
Bobby Holley
Ryan VanderMeulen
Christoph Kerschbaumer
Juan Gomez
Andrew McCreight
Mike Hommey
Gabor Krizsanits
Phil Ringnalda
Tom Schuster
Fabrice Desré
Steve Fink
Birunthan Mohanathas