Граф коммитов

102 Коммитов

Автор SHA1 Сообщение Дата
Andrea Marchesini 884d9efc73 Bug 1369316 - Get rid of nsIPrincipal.unknownAppId, r=bholley 2017-06-02 11:05:28 +02:00
Andrea Marchesini cead0b042c Bug 1369310 - Get rid of nsIPrincipal.appStatus, r=bholley 2017-06-02 11:05:28 +02:00
Andrea Marchesini 3c0ea7282d Bug 1347817 - Principal must always have a valid origin - part 4 - origin passed as argument when a principal is created, r=bholley 2017-03-29 08:24:01 +02:00
Andrea Marchesini 6ad34a8c5e Bug 1347817 - Principal must always have a valid origin - part 3 - move origin to BasePrincipal, r=bholley 2017-03-29 08:22:26 +02:00
Andrea Marchesini 8d4516d1d9 Bug 1347817 - Principal must always have a valid origin - part 2 - move OriginAttributes to the BasePrincipal, r=bholley 2017-03-29 08:21:03 +02:00
Andrea Marchesini d0aca06da7 Bug 1347817 - Principal must always have a valid origin - part 1 - renaming GetOriginInternal to GetOriginNoSuffixInternal, r=qdot 2017-03-29 08:19:41 +02:00
Sebastian Hengst 65459a7f0a Backed out changeset a70b549ac35d (bug 1347817) for failing test_websocket-transport.html on OSX 10.10 debug. r=backout 2017-03-29 11:18:41 +02:00
Sebastian Hengst 2d288e10b9 Backed out changeset c0e8522353bd (bug 1347817) 2017-03-29 11:17:22 +02:00
Sebastian Hengst 32c96bb13a Backed out changeset d71d95c73542 (bug 1347817) 2017-03-29 11:17:18 +02:00
Sebastian Hengst f61a4826a3 Backed out changeset 059bcee1ccda (bug 1347817) 2017-03-29 11:17:13 +02:00
Andrea Marchesini 0c636438cd Bug 1347817 - Principal must always have a valid origin - part 4 - origin passed as argument when a principal is created, r=bholley 2017-03-29 08:24:01 +02:00
Andrea Marchesini 9ff7505132 Bug 1347817 - Principal must always have a valid origin - part 3 - move origin to BasePrincipal, r=bholley 2017-03-29 08:22:26 +02:00
Andrea Marchesini 6328758fcf Bug 1347817 - Principal must always have a valid origin - part 2 - move OriginAttributes to the BasePrincipal, r=bholley 2017-03-29 08:21:03 +02:00
Andrea Marchesini d775e1a0a0 Bug 1347817 - Principal must always have a valid origin - part 1 - renaming GetOriginInternal to GetOriginNoSuffixInternal, r=qdot 2017-03-29 08:19:41 +02:00
Andrea Marchesini 8d7c2746ea Bug 1349512 - Move OriginAttributes class in separate files, r=qdot
--HG--
rename : caps/BasePrincipal.cpp => caps/OriginAttributes.cpp
rename : caps/BasePrincipal.h => caps/OriginAttributes.h
2017-03-22 18:45:40 +01:00
Andrea Marchesini 68207654f2 Bug 1343933 - Renaming Principal classes - part 1 - ExpandedPrincipal, r=qdot
--HG--
rename : caps/nsExpandedPrincipal.cpp => caps/ExpandedPrincipal.cpp
rename : caps/nsExpandedPrincipal.h => caps/ExpandedPrincipal.h
2017-03-22 11:38:17 +01:00
Frederik Braun 390a075c26 Bug 1073952: inherit CSP into iframe sandbox srcdoc r=ckerschb,Tomcat
MozReview-Commit-ID: 3fhWCGwgG4A

--HG--
extra : rebase_source : 7e84fafe0ef69b7f6695de825fc254ee0e4209ba
2017-01-30 14:09:37 +01:00
Yoshi Huang 996e0349b3 Bug 1300671 - set firstPartyDomain on about: pages. r=smaug
When we load about:blank in a remote tab, it will have
LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL flag set, which will make
NullPrinicipal as its document principal. So we add
NULL_PRINCIPAL_FIRST_PARTY_DOMAIN as its firstPartyDomain.

So when we load data:, or javascript: URI in a remote tab, it will inherit the
principal from about:blank, hence also inherit the origin attributes.

There are also some about: pages will use codebase principal, so we also
set ABOUT_URI_FIRST_PARTY_DOMAIN as firstPartyDomain on their
principals.
2017-03-14 16:22:02 +08:00
Andrea Marchesini e9195daa8d Bug 1345168 - Get rid of OriginAttributes::Inherit, r=tjr 2017-03-08 07:41:51 +01:00
Ehsan Akhgari 9b370e9857 Bug 1344974 - Part 2: Make the non-virtual helpers for principal equality/subsumption checks inline; r=bholley 2017-03-07 00:29:27 -05:00
Ehsan Akhgari 0f5f27679b Bug 1344974 - Part 1: Factor out more non-virtual helpers for principal equality/subsumption checks; r=bholley 2017-03-07 00:22:21 -05:00
Ehsan Akhgari 513af88e99 Bug 1340710 - Part 8: Add a fast path for nsIPrincipal::EqualsConsideringDomain() and nsIPrincipal::SubsumesConsideringDomain(); r=bholley 2017-03-06 22:30:54 -05:00
Ehsan Akhgari e6073c48a5 Bug 1340710 - Part 7: Add a fast path for nsIPrincipal::Equals() and nsIPrincipal::EqualsConsideringDomain(); r=bholley 2017-03-06 22:27:59 -05:00
Ehsan Akhgari 3169d6c35c Bug 1340710 - Part 6: Store BasePrincipal::{mOriginNoSuffix,mOriginSuffix} as a pair of atoms; r=bholley
This has the nice side effect of making nsIPrincipal::GetOrigin() a bit faster
by avoiding computing the origin each time.
2017-03-06 22:27:53 -05:00
Ehsan Akhgari 8f6e8510f6 Bug 1340710 - Part 2: De-virtualize BasePrincipal::Kind(); r=bholley 2017-03-06 22:27:37 -05:00
Kris Maglione ee306e28c0 Bug 1314361 - Part 6: Remove the addonId origin attribute. r=bholley 2016-11-08 17:11:32 -08:00
Kris Maglione 7c5ab514b7 Bug 1314361 - Part 5: Remove origin attribute comparison helpers for ignoring addonId. r=bholley 2016-11-04 14:32:26 -07:00
Kris Maglione 7f01119247 Bug 1314361 - Part 1: Generate nsIPrincipal.addonId from AddonPolicyService rather than origin attributes. r=billm 2016-11-05 22:38:17 -07:00
Olli Pettay f3a30cf48d Bug 1339213 - Inline IsRestrictOpenerAccessForFPI, r=tihuang 2017-02-14 13:45:35 +02:00
Shane Caraveo c7c7bd4f51 Bug 1308640 bypass TP when addon has explicit permission to url, r=bz,kmag,mrbkap
MozReview-Commit-ID: BIhoUY2Ug8k

--HG--
extra : rebase_source : 29cc48becfa958ba8f50d254fa6f30fd1820aef9
2017-02-09 21:08:06 -08:00
Daniel Holbert c280ee0009 Bug 1259348 part 1: Remove CSSUnprefixingService.js and associated code (since it's been supplanted by built-in webkit-prefixed-CSS support). r=mats
MozReview-Commit-ID: CXCJJWhHc8G

--HG--
extra : rebase_source : a09745ce568c9afde78065d9e837da958e7b252e
2017-02-03 14:56:13 -08:00
Tim Huang 4e31b183a6 Bug 1319773 - Part 2: Add a pref 'privacy.firstparty.isolate.restrict_opener_access' which controls the access of window.opener for different first party domain. r=baku
--HG--
extra : rebase_source : 052dfb3554ba050af85247bcf2587ade26710aac
2017-01-23 10:50:22 +08:00
Tim Huang 3e5d172c95 Bug 1319773 - Part 1: Add a SubsumesConsideringDomainIgnoringFPD in BasePrincipal. r=baku
--HG--
extra : rebase_source : db853a600e666cd11a140153536427c1f4e5882c
2017-01-18 20:17:19 +08:00
Andrea Marchesini 359ae91eac Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby 2017-01-12 17:38:48 +01:00
dimi bcd217b3c0 Bug 1320402 - Move url-classifier off of using appIds. r=ehsan, gcp
MozReview-Commit-ID: IqnAVrv2c9W
2017-01-03 14:21:58 +08:00
Yoshi Huang 2b7e1dceb6 Bug 1324115 - Part 1: add a C++ helper in nsIPrincipal. r=smaug 2016-12-21 14:59:20 +08:00
Andrea Marchesini f7f5990527 Bug 1317927 - Media caching needs to use origin attributes, r=cpearce, r=jesup 2016-12-07 07:07:09 -10:00
Andrea Marchesini d5b0cbe35a Bug 1315905 - Cleanup Necko http security check - part 1, r=valentin 2016-11-17 14:52:16 +01:00
Tim Huang 950b86072e Bug 1313627 - Get the firstPartyDomain from the nodePrincipal of the document in nsDocShell::CanAccessItem() if the first party isolation is on. r=smaug 2016-11-10 14:20:38 +08:00
Valentin Gosu 656872593e Bug 1315302 - Remove signedPkg from origin attributes r=baku
MozReview-Commit-ID: L1xvRgeO6De

--HG--
extra : rebase_source : dee943054af499b6e3f0aca2801fa9414f5567be
2016-11-06 16:15:36 +01:00
Kris Maglione 8b10d432c1 Bug 1308920: Part 1 - Add an EqualsIgnoringAddonId method to BasePrincipal. r=bholley
This is meant as a temporary stopgap until we can stop using origin attributes
to store add-on IDs.

MozReview-Commit-ID: DHstOTyu7pR

--HG--
extra : rebase_source : adb8fbfaadf6e914b5aa15c2693a35056669506c
2016-11-02 10:04:13 -07:00
Dave Huseby ce82855c42 Bug 1189086 - Eliminate nsIPrincipal::jarPrefix. r=dveditz 2016-10-24 13:52:00 +02:00
Jonathan Hao 8a70bfa5fc Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions. r=baku
--HG--
extra : rebase_source : da81c21da92810d808ebe865a456cc9d04058ce3
2016-09-20 16:35:21 +08:00
Yoshi Huang 10b437080c Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug 2016-09-06 10:25:58 +08:00
Yoshi Huang 85a594681d Bug 1260931 - Part 1: add firstPartyDomain. r=smaug
Add an origin attribute called 'firstPartyDomain'.
This value will be extracted from the URL bar.

And the purpose of this attribute is used to isolate the data-jars.
Please see the tor documentation.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

The idea is like a superset of 'reject third party cookies', but not
only apply for cookies, it also applies to all data-jars like localStorage,
indexedDB and so on.

So basically an iframe will have its own data-jar, and this data-jar is
isolated by the URL from URL bar, for instance, an iframe
https://facebook.com inside https://cnn.com won't share data-jar with
the iframe (https://facebook.com) in https://bbc.com
2016-09-06 10:25:48 +08:00
Sebastian Hengst 60d03b201e Backed out changeset 935ffd53f193 (bug 1260931) for failing xpcshell test test_packaged_app_service.js. r=backout 2016-09-05 21:16:10 +02:00
Sebastian Hengst c9519f7c29 Backed out changeset b9afda2804fd (bug 1260931) 2016-09-05 21:15:29 +02:00
Yoshi Huang 6cca1d0c54 Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug 2016-09-06 01:50:30 +08:00
Yoshi Huang 6c3b62e2fb Bug 1260931 - Part 1: add firstPartyDomain. r=smaug
Add an origin attribute called 'firstPartyDomain'.
This value will be extracted from the URL bar.

And the purpose of this attribute is used to isolate the data-jars.
Please see the tor documentation.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

The idea is like a superset of 'reject third party cookies', but not
only apply for cookies, it also applies to all data-jars like localStorage,
indexedDB and so on.

So basically an iframe will have its own data-jar, and this data-jar is
isolated by the URL from URL bar, for instance, an iframe
https://facebook.com inside https://cnn.com won't share data-jar with
the iframe (https://facebook.com) in https://bbc.com
2016-09-06 01:50:15 +08:00
Yoshi Huang 69ed1a79e4 Bug 1244340 - Part 2: add setOriginAttributes in nsIXMLHttpRequest. r=sicking
Add a ChromeOnly method called 'setOriginAttributes' on the XMLHttpRequest,
so that we can override the origin attributes for those XHRs running by XUL
(which will use System Principal).
2016-08-26 18:59:00 +08:00