a2f3e00d0d
Bug 1583553 - Make browser_CORS-console-warnings.js fission ready r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D50080
--HG--
extra : moz-landing-system : lando
2019-10-22 16:20:09 +00:00
61c17da3e9
Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D49147
--HG--
extra : moz-landing-system : lando
2019-10-22 10:57:43 +00:00
e1b6bc2222
Backed out changeset 8705284b50d4 (bug 1584993) for test_report_uri_missing_in_report_only_header.html failures CLOSED TREE
2019-10-22 13:25:49 +03:00
2d974555d2
Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D49147
--HG--
extra : moz-landing-system : lando
2019-10-22 08:53:47 +00:00
f5cd986818
Bug 1583044: Make nsMozIconURI serializeable. r=valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D49442
--HG--
extra : moz-landing-system : lando
2019-10-21 14:16:49 +00:00
f1b8926d68
Backed out changeset fb8fb91d2a96 (bug 1583044) for causing perma fails on test_DownloadUtils.js and reftests. CLOSED TREE
2019-10-18 15:25:07 +03:00
89195abaf2
Bug 1583044: Make nsMozIconURI serializeable. r=valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D49442
--HG--
extra : moz-landing-system : lando
2019-10-18 10:49:55 +00:00
ecf163cc61
Bug 1587417: Add about:logo to allowlist of CSP assertion. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D48703
--HG--
extra : moz-landing-system : lando
2019-10-09 13:33:15 +00:00
23ba7b6fe3
Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku
...
This patch does several things. Because Workers aren't on the main thread,
many of the things done are in the name of off main thread access.
1) Changes a parameter in IsEvalAllowed from a nsIPrincipal to a bool.
We only used the principal to determined if it was the System Principal.
Principals aren't thread safe and can only be accessed on Main Thread, so
if we passed a Principal in, we would be in error. Instead only pass in
the bool which - for workers - comes from a thread-safe location.
2) Separates out the Telemetry Event Recording and sending a message to the
console into a new function nsContentSecurityUtils::NotifyEvalUsage. (And
creates a runnable that calls it.)
We do this because we will need to only call this method on the main thread.
Telemetry Event Recording has only ever been called on the Main Thread.
While I possibly-successfully cut it over to happen Off Main Thread (OMT)
by porting preferences to StaticPrefs, I don't know if there were other
threading assumptions in the Telemetry Code. So it would be much safer to
just continue recording Event Telemetry on the main thread.
Sending a message to the console requires calling GetStringBundleService()
which requires main thread. I didn't investigate if this could be made
thread-safe, I just threw it onto the main thread too.
If, in IsEvalAllowed, we are on the main thread - we call NotifyEvalUsage
directly. If we are not, we create a runnable which will then call
NotifyEvalUsage for us on the main thread.
3) Ports allow_eval_with_system_principal and allow_eval_in_parent_process
from bools to RelaxedAtomicBool - because we now check these prefs OMT.
4) In RuntimeService.cpp, adds the call to IsEvalAllowed.
5) Add resource://gre/modules/workers/require.js to the allowlist of eval
usage. This was the script that identified this gap in the first place.
It uses eval (twice) for structural reasons (scope and line number
massaging.) The contents of the eval are the result of a request to a
uri (which may be internal, like resource://). The whole point of this
is to implement a CommonJS require() api.
This usage of eval is safe because the only way an attacker can inject
into it is by either controlling the response of the uri request or
controlling (or appending to) the argument. If they can do that, they
are able to inject script into Firefox even if we cut this usage of eval
over to some other type of safe(r) script loader.
Bug 1584564 tracks making sure calls to require.js are safe.
6) Adds cld-worker.js to the allowlist. Bug 1584605 is for refactoring that
eval usage, which is decidedly non-trivial.
7) Does _not_ enforce the eval restrictions for workers. While I've gotten
try to be green and not throw up any instances of eval-usage by workers,
it is much safer to deploy this is Telemetry-only mode for Workers for
a little bit to see if anything pops up from the Nightly population.
Bug 1584602 is for enforcing the checks.
Differential Revision: https://phabricator.services.mozilla.com/D47480
--HG--
extra : moz-landing-system : lando
2019-10-08 17:31:35 +00:00
ceace3f3aa
Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb
...
***
Use Window.opener in test
Differential Revision: https://phabricator.services.mozilla.com/D47635
--HG--
extra : moz-landing-system : lando
2019-10-07 12:05:36 +00:00
f12b9fa5c3
Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
...
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D47737
--HG--
extra : moz-landing-system : lando
2019-10-06 18:29:55 +00:00
e7760ef29c
Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D47888
--HG--
extra : moz-landing-system : lando
2019-10-02 11:17:28 +00:00
ee3312ea5b
Backed out changeset 7978f68a5355 (bug 1585055) for multiple mochitest-plain-chunked failures. on a CLOSED TREE
2019-10-02 02:26:13 +03:00
cb72b07f82
Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D47635
--HG--
extra : moz-landing-system : lando
2019-10-01 09:43:36 +00:00
a93eb8d621
Bug 1580643 - Skip test_navigate_to.html on fission; r=mccr8
...
Avoid frequent intermittent test failures on fission.
Differential Revision: https://phabricator.services.mozilla.com/D47695
--HG--
extra : moz-landing-system : lando
2019-10-01 17:21:41 +00:00
28f91efa92
Bug 1584992: Make upgrade-insecure-requests work with fission enabled. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D47650
--HG--
extra : moz-landing-system : lando
2019-09-30 21:33:28 +00:00
c494962b4b
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D47125
--HG--
extra : moz-landing-system : lando
2019-09-30 10:38:32 +00:00
877c77623f
Bug 1583489: TIghten CSP assertion for about: pages. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D47423
--HG--
extra : moz-landing-system : lando
2019-09-27 12:33:27 +00:00
f1c694e18f
Bug 1582531 - Update fission annotations for skipped tests that are now passing succesfully, r=kmag
...
Differential Revision: https://phabricator.services.mozilla.com/D47347
--HG--
extra : moz-landing-system : lando
2019-09-27 14:25:10 +00:00
30285b4a58
Bug 1499354: Add object-src 'none' to the CSP of all about: pages. r=freddyb
...
Differential Revision: https://phabricator.services.mozilla.com/D46950
--HG--
extra : moz-landing-system : lando
2019-09-26 16:22:41 +00:00
68edbc8842
Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE
...
--HG--
extra : rebase_source : 5c71e17d6c48d398a11aa919208963aa47209064
extra : amend_source : 8802cdb433e0f770c0648a91bb876dae7dd51100
2019-09-26 17:00:16 +03:00
245b87853c
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D47125
--HG--
extra : moz-landing-system : lando
2019-09-26 12:34:17 +00:00
ba7231bd82
Backed out changeset af8ca81b90e4 (bug 1583932) for causing build bustages in nsCSPService.cpp CLOSED TREE
2019-09-26 14:31:33 +03:00
84f7f4dcb4
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D47125
--HG--
extra : moz-landing-system : lando
2019-09-26 10:16:36 +00:00
154d7196d0
Bug 1581512 - Use plain or octetStream as default mime for XTCO -r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46004
--HG--
extra : moz-landing-system : lando
2019-09-26 10:06:05 +00:00
8d86dd4c94
Bug 1573276 - Always allow localization in error pages r=johannh,peterv
...
Differential Revision: https://phabricator.services.mozilla.com/D43216
--HG--
extra : moz-landing-system : lando
2019-09-25 10:39:45 +00:00
53d5895e71
Bug 1497200: Apply Meta CSP to about:downloads. r=Gijs
...
Differential Revision: https://phabricator.services.mozilla.com/D45330
--HG--
extra : moz-landing-system : lando
2019-09-25 13:50:28 +00:00
ce89ff6a7a
Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46452
--HG--
extra : moz-landing-system : lando
2019-09-25 12:30:23 +00:00
1a317c31b2
Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46742
--HG--
extra : moz-landing-system : lando
2019-09-25 08:25:42 +00:00
edbd9409af
Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46740
--HG--
extra : moz-landing-system : lando
2019-09-25 08:25:22 +00:00
ff85d01d81
Bug 1580565 - Disable tests that crash on fission. r=kmag
...
Differential Revision: https://phabricator.services.mozilla.com/D46872
--HG--
extra : moz-landing-system : lando
2019-09-24 17:03:40 +00:00
89350c28cd
Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE
...
Backed out changeset e3e31e1dfc13 (bug 1583076)
Backed out changeset 97e4bfbc5578 (bug 1583076)
Backed out changeset 6ccf5880c324 (bug 1583076)
Backed out changeset b4140efc183d (bug 1583076)
2019-09-25 08:22:10 +03:00
f6c8016c29
Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46742
--HG--
extra : moz-landing-system : lando
2019-09-25 04:51:13 +00:00
6aa089f744
Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D46740
--HG--
extra : moz-landing-system : lando
2019-09-25 04:50:44 +00:00
f1b65b22c7
Backed out 5 changesets (bug 1583076) for href-location-redirected-blocked.sub.html failures CLOSED TREE
...
Backed out changeset dd4117098844 (bug 1583076)
Backed out changeset 97bc75b1cfe1 (bug 1583076)
Backed out changeset 084b244a33c0 (bug 1583076)
Backed out changeset 1baaf14e2451 (bug 1583076)
Backed out changeset 56c3918b5c21 (bug 1583076)
2019-09-25 00:53:46 +03:00
ca805e6ecb
Bug 1583076 - Fix bustages in nsCSPService.cpp:317:12 a=bustage-fix CLOSED TREE
2019-09-24 23:15:00 +03:00
ce6f028211
Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
...
Depends on D46741
Differential Revision: https://phabricator.services.mozilla.com/D46742
--HG--
extra : moz-landing-system : lando
2019-09-24 12:13:51 +00:00
29c34b4b28
Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb
...
Depends on D46739
Differential Revision: https://phabricator.services.mozilla.com/D46740
--HG--
extra : moz-landing-system : lando
2019-09-24 12:12:18 +00:00
e7cf747b38
Bug 1580771 - Set test_main.html to always fail on fission r=neha
...
Differential Revision: https://phabricator.services.mozilla.com/D46278
--HG--
extra : moz-landing-system : lando
2019-09-19 13:26:22 +00:00
c2e992ed6e
Bug 1570681 - Enforce eval restrictions in system contexts and the parent process r=ckerschb
...
We log to MOZ_LOG, report an error to the console, send telemetry, and in debug builds - crash
Differential Revision: https://phabricator.services.mozilla.com/D45055
--HG--
extra : moz-landing-system : lando
2019-09-19 02:32:41 +00:00
9621f537b0
Bug 1570681 - Move Eval testing logic from nsContentSecurityManager to nsContentSecurityUtils r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D45484
--HG--
extra : moz-landing-system : lando
2019-09-18 19:36:31 +00:00
9be69aefcb
Bug 1580750 - Enable more fission tests r=JuniorHsu
...
Differential Revision: https://phabricator.services.mozilla.com/D46175
--HG--
extra : moz-landing-system : lando
2019-09-17 19:35:00 +00:00
ecfde38ed8
Bug 1580710: Expose functionality on the CSP Object to allow skipping the inline style checks. r=bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D45631
--HG--
extra : moz-landing-system : lando
2019-09-16 23:47:19 +00:00
0d2253119a
Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D37488
--HG--
extra : moz-landing-system : lando
2019-09-13 03:31:57 +00:00
f261e424d2
Bug 1580377: Re-disable test_reloadInFreshProcess under Fission. r=mccr8
...
Differential Revision: https://phabricator.services.mozilla.com/D45670
--HG--
extra : moz-landing-system : lando
2019-09-12 14:17:49 +00:00
7af5f952e6
Bug 1560110 - Remove skip-ifs for tests. r=kmag
...
Differential Revision: https://phabricator.services.mozilla.com/D45379
--HG--
extra : moz-landing-system : lando
2019-09-11 08:51:09 +00:00
934da4e096
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-10 22:33:51 +00:00
165096efe5
Bug 1579820 - Handle window.open() from remote subframes. r=nika
...
The CommonCreateWindow code requires having a BrowserHost for the tab that's
creating the window, which it tries to get from the requestor's BrowserParent.
For remote BrowserParents, though, there is no BrowserHost, so we need to get
it from the top-level embedder instead.
Differential Revision: https://phabricator.services.mozilla.com/D45172
--HG--
extra : moz-landing-system : lando
2019-09-10 09:04:17 +00:00
507cd448aa
Bug 1566386: Assert that every about: page on Android ships with a CSP. r=snorp
...
Differential Revision: https://phabricator.services.mozilla.com/D45193
--HG--
extra : moz-landing-system : lando
2019-09-10 06:26:14 +00:00
ab78b9be04
Bug 1579088 - Correct the expecting result for img in test_strict_dynamic_default_src.html; r=ckerschb
...
The description and expected result of some tests aren't matched.
Differential Revision: https://phabricator.services.mozilla.com/D44843
--HG--
extra : moz-landing-system : lando
2019-09-09 17:44:37 +00:00
1c24dc8c08
Bug 1579088 - Do not use img.complete check whether the img is loaded; r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D44842
--HG--
extra : moz-landing-system : lando
2019-09-09 17:44:36 +00:00
7a34c52f34
Bug 1579373 - Disabled geolocation permission for crossorigin iframe by default and add tests r=baku
...
Differential Revision: https://phabricator.services.mozilla.com/D45174
--HG--
extra : moz-landing-system : lando
2019-09-09 20:00:56 +00:00
b5a051c48e
Bug 1497584: Apply Meta CSP to about:preferences. r=Gijs
...
Differential Revision: https://phabricator.services.mozilla.com/D44474
--HG--
extra : moz-landing-system : lando
2019-09-06 11:59:19 +00:00
4144eb70e4
Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D44617
--HG--
extra : moz-landing-system : lando
2019-09-05 14:22:09 +00:00
3f262058ba
Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js
2019-09-05 14:47:53 +03:00
4e4f4a0bf6
Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D44617
--HG--
extra : moz-landing-system : lando
2019-09-05 09:44:13 +00:00
ec62854d68
Backed out changeset 890bcaee9b7d (bug 1529068) for causing massive tier2 failures on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE
2019-09-05 09:47:35 +03:00
9f3a3e9669
Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal
...
Differential Revision: https://phabricator.services.mozilla.com/D44648
--HG--
extra : moz-landing-system : lando
2019-09-04 22:12:39 +00:00
2202fa3333
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-04 20:29:37 +00:00
f96e9cd73f
Backed out changeset 887d125d7f59 (bug 1578709) for failing at test_bug427744.html on a CLOSED TREE.
2019-09-04 21:34:11 +03:00
2dd3b18187
Backed out changeset 99b313550fb8 (bug 1529068) for eslint failure on test_navigate_to.html. CLOSED TREE
2019-09-04 21:15:18 +03:00
33379674f8
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-04 17:44:14 +00:00
bb899238e7
Bug 1578709 - Only set flash only pref for those tests that need it, r=mconley,ahal
...
Differential Revision: https://phabricator.services.mozilla.com/D44648
--HG--
extra : moz-landing-system : lando
2019-09-04 17:28:02 +00:00
4f940eeb9a
Bug 1578529 - Remove an Eval-Assert exception we don't need and accidently included r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D44527
--HG--
extra : moz-landing-system : lando
2019-09-04 11:51:59 +00:00
e579f452c1
Bug 1556489 - P8. Add CSPService::ConsultCSPForRedirect. r=mayhemer,ckerschb
...
We extract the code from CSPService::AsyncOnChannelRedirect so that we can use it in a follow-up change.
Differential Revision: https://phabricator.services.mozilla.com/D40965
2019-09-03 10:19:12 +10:00
6a4c76882f
Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb
...
***
- Another test setup
Differential Revision: https://phabricator.services.mozilla.com/D36916
--HG--
extra : moz-landing-system : lando
2019-09-02 14:49:27 +00:00
709c7ccf0c
Bug 1577746 - Automatically enable more ESLint rules for dom/. r=baku
...
This enables:
- mozilla/no-useless-parameters
- mozilla/no-useless-run-test
- no-extra-boolean-cast
- no-unneeded-ternary
Depends on D44150
Differential Revision: https://phabricator.services.mozilla.com/D44151
--HG--
extra : moz-landing-system : lando
2019-09-02 11:23:26 +00:00
acd70816c6
Bug 1577746 - Enable ESLint rule dot-notation for dom/. r=baku
...
Depends on D44149
Differential Revision: https://phabricator.services.mozilla.com/D44150
--HG--
extra : moz-landing-system : lando
2019-09-02 11:23:05 +00:00
351d147e2f
Bug 1577746 - Enable ESLint rule object-shorthand for dom/. r=baku
...
Differential Revision: https://phabricator.services.mozilla.com/D44149
--HG--
extra : moz-landing-system : lando
2019-09-02 11:22:27 +00:00
625509f19c
Bug 1399803 - Consider all IPv4 loopback addresses as secure context; r=bzbarsky,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D43633
--HG--
extra : moz-landing-system : lando
2019-08-30 07:57:34 +00:00
6c326548a4
Bug 1577363 - Set dom/security/test/general/mochitest.ini as passing with fission. r=Ehsan
...
It got set as failing in bug 1576814 but passes after bug 1576316 added back fission-incompatible code.
Differential Revision: https://phabricator.services.mozilla.com/D44113
--HG--
extra : moz-landing-system : lando
2019-08-30 13:52:04 +00:00
178d154900
Backed out changeset 92848bd0c1e0 (bug 1561964) for dom/security android mochitest failures
2019-08-30 04:05:45 +03:00
426bf8391a
Bug 1561964 - Re-enable all tests in dom/security/test on Android. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D37488
--HG--
extra : moz-landing-system : lando
2019-08-29 16:04:14 +00:00
36bed861bf
Bug 1576814 - These tests are currently failing for fission r=kmag
...
Depends on D43571
Differential Revision: https://phabricator.services.mozilla.com/D43572
--HG--
extra : moz-landing-system : lando
2019-08-27 23:42:25 +00:00
0fac17f172
Bug 1576039 - Adding more Time to Prevent Timeouts r=pbz
...
Differential Revision: https://phabricator.services.mozilla.com/D43454
--HG--
extra : moz-landing-system : lando
2019-08-26 16:41:16 +00:00
2d0fff3267
Backed out changeset 4bedbc45e231 (bug 1505412) for failures in test_bug1505412.html CLOSED TREE
2019-08-22 19:52:49 +03:00
140ba11647
Bug 1536058 - Add a Test for cache isolation r=ckerschb,Ehsan
...
***
Adding Ehsans nits
***
Differential Revision: https://phabricator.services.mozilla.com/D40613
--HG--
extra : moz-landing-system : lando
2019-08-22 15:21:09 +00:00
5c3cba344d
Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D36916
--HG--
extra : moz-landing-system : lando
2019-08-22 15:23:17 +00:00
ee73cb534e
Bug 1575343, part 2 - Avoid string copies when getting calling location in nsCSPContext. r=smaug
...
This code grabs the URI, then tries to overwrite it with information
from GetCallingLocation, then possibly overwrites it again with the
original information, then converts the string.
My patch reorders things so that we try GetCallingLocation() first, so
we only set the values once. In the case where GetCallingLocation()
succeeds it avoids a string copy from 8 to 16 bit.
Differential Revision: https://phabricator.services.mozilla.com/D42728
--HG--
extra : moz-landing-system : lando
2019-08-20 22:53:53 +00:00
62bd52a17f
Bug 1575343, part 1 - Avoid a gratuitous string copy by calling the nsAString overload of GetCallingLocation. r=smaug
...
The nsAString overload of GetCallingLocation directly converts the
original source file name string into an nsAString. A number of
callers that want the source file name in an nsAString are calling the
nsACString overload of GetCallingLocation, then calling
NS_ConvertUTF8toUTF16. This results in an extra intermediate copy of
the original string data.
Differential Revision: https://phabricator.services.mozilla.com/D42727
--HG--
extra : moz-landing-system : lando
2019-08-20 22:53:49 +00:00
cf20303f06
Bug 1528697 - Remove ReferrerPolicy.h and add utils to ReferrerInfo r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D41956
--HG--
extra : moz-landing-system : lando
2019-08-21 12:09:06 +00:00
bbd6f51a56
Bug 1528697 - Add cenum referrerpolicy in ReferrerInfo.idl r=ckerschb,Gijs
...
Differential Revision: https://phabricator.services.mozilla.com/D41955
--HG--
extra : moz-landing-system : lando
2019-08-21 13:28:23 +00:00
32ab8293ff
Bug 1528697 - Expose ReferrerPolicy.webidl and use referrerpolicy enum r=smaug
...
ReferrerPolicy gets tossed back and forth as a uint32_t and
ReferrerPolicy enum in header file. Expose ReferrerPolicyValues from
webidl file and use consistently in native code.
Differential Revision: https://phabricator.services.mozilla.com/D41954
--HG--
extra : moz-landing-system : lando
2019-08-21 13:24:45 +00:00
fe6a6a4285
Bug 1567940 Apply ReferrerInfo to Download and fix Go to Download Page button r=Gijs,dimi
...
In the old way, if referrer is ommited we will not be able to go to
download page. In that case, we should use originalReferrer in
ReferrerInfo object
Differential Revision: https://phabricator.services.mozilla.com/D39875
--HG--
extra : moz-landing-system : lando
2019-08-20 16:22:44 +00:00
952e8654d9
Backed out changeset 983ff93a11ad (bug 1505412) for debug-test-verify-e10s failure at dom/security/test/csp/test_bug1505412.html. On a CLOSED TREE
2019-08-16 13:19:32 +03:00
645ecf6d90
Bug 1505412 - Skip CSP-Nonce check for CSP-Ro+Redirected Channels r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D36916
--HG--
extra : moz-landing-system : lando
2019-08-15 15:51:33 +00:00
745a1d73ea
Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE
2019-08-15 01:06:23 +03:00
097aa52411
Bug 1573622 - Do not enforce eval() assertions if userchrome.css is enabled r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D41814
--HG--
extra : moz-landing-system : lando
2019-08-14 14:29:57 +00:00
d9aecc626c
Bug 1570658 - Add a Flag for Navigation-Nosniff r=ckerschb
...
***
Revert Changes to Test
Differential Revision: https://phabricator.services.mozilla.com/D40618
--HG--
extra : moz-landing-system : lando
2019-08-14 07:07:33 +00:00
f5df74c740
Bug 1573145: Create ContentSecurityUtils.h/cpp and move AssertAboutPageHasCSP into it. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D41537
--HG--
extra : moz-landing-system : lando
2019-08-14 10:15:09 +00:00
e92e3d02f6
Bug 1560699 - Download FTP resources instead of rendering them. r=michal
...
Differential Revision: https://phabricator.services.mozilla.com/D39702
--HG--
extra : moz-landing-system : lando
2019-08-11 20:46:06 +00:00
c706a636a8
Bug 1559489, part 4 - Remote-to-local window transplanting. r=tcampbell,bzbarsky
...
This patch cleans up remote outer window proxies when we navigate back
into the process.
It adds a flag to mDanglingRemoteOuterProxies that is set in between
BrowsingContext::SetDocShell(), where we can tell that the browsing
context is going from being remote to being local, to
nsGlobalWindowOuter::SetNewDocument(), where the local outer window
proxy is actually created. Once the outer window is created, the
remote window proxies can be cleaned up in
CleanUpDanglingRemoteOuterWindowProxies().
The clean up is done by a process that is similar to object
transplanting, except that instead of looking in the cross-compartment
wrapper table for each compartment to find objects to be turned into
CCWs to the new object, it looks in the remote proxy map for each
compartment. SpiderMonkey doesn't know about the proxy maps, so this
has to be done by a new callback object CompartmentTransplantCallback.
Now that this cleanup is being done, it shouldn't be possible to wrap
a remote outer window proxy when the browsing context is local, so
MaybeWrapWindowProxy() can be simplified. I had to drop the assert
here that the browsing context has a window proxy because during clean
up we call wrap on a local outer window proxy before the BC gets the
window proxy set on it. I had the assert because my original plan was
to implicitly fix remote proxies during wrapping, but that is no
longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D38343
--HG--
extra : moz-landing-system : lando
2019-08-13 19:09:59 +00:00
abdca609f0
Bug 1567059 - Add test for CSP and Bookmarklet interaction r=ckerschb,bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D40652
--HG--
extra : moz-landing-system : lando
2019-08-06 19:44:05 +00:00
c515db9854
Bug 1573134: Inline evalAllowList within AssertEvalNotRestricted. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D41529
--HG--
extra : moz-landing-system : lando
2019-08-13 11:59:11 +00:00
f134fff740
Bug 1571698 - Annotate tests that also crash on opt builds. r=kmag
...
Differential Revision: https://phabricator.services.mozilla.com/D41459
--HG--
extra : moz-landing-system : lando
2019-08-10 00:45:51 +00:00
e53a880b1c
Bug 1569262 - Rename nsIDocShellTreeItem::GetRootTreeItem to GetInProcessRootTreeItem for Fission marking. r=nika
...
Differential Revision: https://phabricator.services.mozilla.com/D41064
--HG--
extra : moz-landing-system : lando
2019-08-07 19:24:00 +00:00
95fbdde774
Bug 1572153 - Fix recording of Telemetry Events for Eval Usage r=chutten
...
Differential Revision: https://phabricator.services.mozilla.com/D41045
--HG--
extra : moz-landing-system : lando
2019-08-07 16:55:22 +00:00
c561f0a0ae
Bug 1376309 - Allow localhost ws:// connections from secure origins. r=jkt
...
We already allow HTTPS origins to use to plain HTTP active content when using
loopback URLs such as http://127.0.0.1 . Lets extend this to WebSocket
connections as well to match Chrome.
Differential Revision: https://phabricator.services.mozilla.com/D38290
--HG--
extra : moz-landing-system : lando
2019-08-07 00:19:59 +00:00
8f56db01f7
Backed out changeset d0aae34d9b95 (bug 1529068) for failing form-redirected-blocked.sub.html on a CLOSED TREE
...
--HG--
extra : rebase_source : 4d7a73e1f40de001031c61fba240c57961a902d8
2019-08-07 01:39:29 +03:00
455d7a7789
Bug 1529068 - navigate-to r=ckerschb,mccr8
...
Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-08-06 18:27:45 +00:00
Sebastian Streich
Christoph Kerschbaumer
Bogdan Tara
Razvan Maries
Tom Ritter
Sylvestre Ledru
Jonathan Kingston
Oana Pop Rus
Geoff Brown
Anny Gakhokidze
Noemi Erli
Alex Catarineu
Jonas Allmann
Matt Woodrow
Cosmin Sabou
Mihai Alexandru Michis
Andreea Pavel
Valentin Gosu
Agi Sferro
Kris Maglione
Andreas Farre
Benjamin
Edgar Chen
Thomas Nguyen
Dorel Luca
Gijs Kruitbosch
Gurzau Raul
Csoregi Natalia
Mark Banner
Ehsan Akhgari
Sebastian Hengst
Paul Bone
Andrew McCreight
Daniel Varga
Jan Andre Ikenmeyer
Kannan Vijayan
Birunthan Mohanathas