mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
801 846 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

320 Коммитов

Автор SHA1 Сообщение Дата
Tom Ritter be3d5275d4 Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-29 13:45:57 +00:00
Iulian Moraru 5b54549da9 Backed out changeset 6b0d5ebbdea5 (bug 1772378) for causing multiple xpcshell failures. 2022-06-28 01:47:11 +03:00
Tom Ritter fc33a9662d Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-27 19:28:05 +00:00
Csoregi Natalia 9d7e731ba5 Backed out changeset 6085e9770cde (bug 1772378) for causing xpcshell crashes. CLOSED TREE 2022-06-27 21:47:32 +03:00
Tom Ritter eb33210657 Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-27 17:34:12 +00:00
Mike Conley 32c1db2b09 Bug 1354248 - Part 4: Make PageIconProtocolHandler use RemoteStreamGetter. r=necko-reviewers,nika,mak,ckerschb,kershaw 
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.

This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.

Differential Revision: https://phabricator.services.mozilla.com/D147335
 2022-06-03 15:17:34 +00:00
Rob Wu c0e20dd0b0 Bug 1770468 - Report-only wasm-unsafe-eval in MV2 r=mixedpuppy,freddyb,ckerschb 
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.

Differential Revision: https://phabricator.services.mozilla.com/D147105
 2022-05-24 13:56:22 +00:00
Tom Schuster 4525afaf9f Bug 1740263 - Implement the CSP checking callback for WASM. r=dom-worker-reviewers,smaug,freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D141979
 2022-05-19 14:13:50 +00:00
Iulian Moraru 4d59317ca4 Backed out 6 changesets (bug 1740263) for causing bp-hybrid bustages on nsScriptSecurityManager. CLOSED TREE 
Backed out changeset 2f5ec6ad0f81 (bug 1740263)
Backed out changeset a1e7766cdb94 (bug 1740263)
Backed out changeset 3978ccb95455 (bug 1740263)
Backed out changeset e34ba774b3f8 (bug 1740263)
Backed out changeset 8365b10be28e (bug 1740263)
Backed out changeset d923462c9cd0 (bug 1740263)
 2022-05-19 03:28:08 +03:00
Tom Schuster 5c808859fa Bug 1740263 - Implement the CSP checking callback for WASM. r=dom-worker-reviewers,smaug,freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D141979
 2022-05-18 21:39:29 +00:00
Andrew McCreight f7be2ba306 Bug 1731645 - Fix non-unified build errors in caps/. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D126135
 2021-09-21 15:42:01 +00:00
Paul Zuehlcke a466d4aa0a Bug 1687314 - Improve behavior of GetChannelResultStoragePrincipal and StoragePrincipalHelper::Create when handling NullPrincipal. r=timhuang 
Differential Revision: https://phabricator.services.mozilla.com/D122381
 2021-08-17 12:51:22 +00:00
Nika Layzell e620d25a35 Bug 1715167 - Part 6: Use the unsandboxed result principal as precursor for sandbox principals, r=ckerschb,ngogge 
This change stores a generated nsID directly on the LoadInfo, rather
than the full SandboxedLoadingPrincipal. This allows for the sandboxed
principal to be constructed from GetChannelResultPrincipal using the
unsandboxed result principal as a precursor, rather than the loading
principal.

The nsID is reset by HttpChannelBase whenever a non-internal redirect
occurs to reduce the chance of multiple null result principals during a
redirect with the same nsID, but different precursors.

Depends on D119692

Differential Revision: https://phabricator.services.mozilla.com/D119693
 2021-07-15 21:09:15 +00:00
Nika Layzell 6ef5d5d817 Bug 1715167 - Part 3: Track precursor origins for URI_INHERITS_SECURITY_CONTEXT responses, r=ckerschb,ngogge 
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given
a content principal by CreateContentPrincipal. This patch changes the
algorithm for creating result principals for network requests such that
the null principal created in this situation has a precursor principal
tracked on it.

Depends on D119689

Differential Revision: https://phabricator.services.mozilla.com/D119690
 2021-07-15 21:09:14 +00:00
Alexandru Michis 88d34a31f5 Backed out changeset 19de2822bc0c (bug 1711168) for causing Bug 1719063. 
CLOSED TREE
 2021-07-08 22:56:34 +03:00
Christoph Kerschbaumer 15f7d2932c Bug 1654488: Remove pref in CheckLoadURIWIthFlags which allows all UI resources to load r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D118817
 2021-06-25 17:28:59 +00:00
Shane Caraveo 7a0db3609f Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2021-06-23 21:52:38 +00:00
Nika Layzell a8265c4766 Bug 1711078 - Part 2: Mark immutable fields in principal types as const, r=ckerschb 
This is a step towards separating the mutable state on principals from const
state which can be made threadsafe. The remaining mutable fields will either
need to be moved off of nsIPrincipal or made threadsafe to destroy (e.g. using
nsMainThreadPtrHandle) and stored behind a mutex.

Serialization is handled for most types using a separate Deserializer class,
like how it was handled with `nsIURI` mutators. SystemPrincipal wasn't changed
as the `Read` method is a no-op for that class.

Differential Revision: https://phabricator.services.mozilla.com/D115092
 2021-05-17 20:50:09 +00:00
Shane Caraveo c4d682be93 Bug 1697334 implement matches property in web_accessible_resources r=zombie,ckerschb,necko-reviewers,smaug 
This patch implements support for the manifest V3 matches property
which limits what hosts may load an extensions web_accessible_resources.

Differential Revision: https://phabricator.services.mozilla.com/D107746
 2021-05-14 03:15:15 +00:00
Tom Schuster 801c5575e6 Bug 1696229 - Don't report wrong errors for expanded principals in CheckLoadURIWithPrincipal. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D107101
 2021-03-08 20:57:08 +00:00
Alexis Beingessner 07f2f659c6 Bug 1686616 - make StringBundle use Components instead of Services. r=kmag 
Differential Revision: https://phabricator.services.mozilla.com/D105531
 2021-02-18 13:26:32 +00:00
Christoph Kerschbaumer 6cdf7289fa Bug 1690942: Ensure CheckLoadURIWithPrincipalFromJS does not crash when receiving nullptr principal r=dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D104161
 2021-02-11 13:02:20 +00:00
Kris Maglione b92138146b Bug 1685801: Part 12 - Remove BrowserUtils.urlSecurityCheck. r=mccr8 
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.

Differential Revision: https://phabricator.services.mozilla.com/D101492
 2021-01-28 20:58:48 +00:00
Mihai Alexandru Michis 040e2ea5d0 Backed out 12 changesets (bug 1685801) for causing bc failures in browser_ctrlTab.js 
CLOSED TREE

Backed out changeset 021924b62f13 (bug 1685801)
Backed out changeset 38cc10101c1f (bug 1685801)
Backed out changeset 9ab9574ac72a (bug 1685801)
Backed out changeset 1a7f259cc2ec (bug 1685801)
Backed out changeset b267b19a7f6e (bug 1685801)
Backed out changeset 7dfcf0257487 (bug 1685801)
Backed out changeset ee0d0169b079 (bug 1685801)
Backed out changeset 0c358ee51951 (bug 1685801)
Backed out changeset 338ab91af557 (bug 1685801)
Backed out changeset a49415007aaf (bug 1685801)
Backed out changeset b91098299143 (bug 1685801)
Backed out changeset edf6209861a8 (bug 1685801)
 2021-01-28 22:55:11 +02:00
Kris Maglione 205b99c744 Bug 1685801: Part 12 - Remove BrowserUtils.urlSecurityCheck. r=mccr8 
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.

Differential Revision: https://phabricator.services.mozilla.com/D101492
 2021-01-28 05:25:15 +00:00
Butkovits Atila 7decdccbdc Backed out 12 changesets (bug 1685801) for causing failures on browser_fission_maxOrigins.js. CLOSED TREE 
Backed out changeset 0d7153110519 (bug 1685801)
Backed out changeset 5175062925c7 (bug 1685801)
Backed out changeset 2c1250e786f0 (bug 1685801)
Backed out changeset 0ce3c773ba74 (bug 1685801)
Backed out changeset 9d51c6e24dee (bug 1685801)
Backed out changeset 3f4dc6349441 (bug 1685801)
Backed out changeset a80de9abb9f8 (bug 1685801)
Backed out changeset 30786893a5e7 (bug 1685801)
Backed out changeset 8007b12d6e32 (bug 1685801)
Backed out changeset fa814f4b7125 (bug 1685801)
Backed out changeset 14e4e47ee99f (bug 1685801)
Backed out changeset d9f1feba9454 (bug 1685801)
 2021-01-28 07:15:59 +02:00
Kris Maglione fa906b07e7 Bug 1685801: Part 12 - Remove BrowserUtils.urlSecurityCheck. r=mccr8 
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.

Differential Revision: https://phabricator.services.mozilla.com/D101492
 2021-01-28 03:33:09 +00:00
Shane Caraveo 6a2b434485 Bug 1594234 remove extensions.content_script_csp preferences in favor of extensions.manifestV3.enabled r=robwu 
Differential Revision: https://phabricator.services.mozilla.com/D101212
 2021-01-19 19:43:09 +00:00
Marco Bonardo 1019bbf009 Bug 1626016 - Remove createFixupURI and move postData inside URIFixupInfo. r=Gijs,geckoview-reviewers,preferences-reviewers,snorp 
Differential Revision: https://phabricator.services.mozilla.com/D93189
 2020-10-13 10:20:16 +00:00
Simon Giesecke de7bab0f06 Bug 1650145 - Replace all value uses of Empty[C]String by 0-length _ns literals. r=froydnj,geckoview-reviewers,agi 
Differential Revision: https://phabricator.services.mozilla.com/D82325
 2020-09-23 15:17:15 +00:00
Christoph Kerschbaumer ed4fe6b936 Bug 1145314: Lock down CheckLoadURIFlags by dropping the check that lets any URI_IS_UI_RESOURCE URL link to any other URL with that flag. r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D80601
 2020-09-15 07:30:26 +00:00
Christoph Kerschbaumer c6241df6d4 Bug 1661672: Remove use of security.view-source.reachable-from-inner-protocol r=Gijs,emilio 
Differential Revision: https://phabricator.services.mozilla.com/D89163
 2020-09-07 13:51:44 +00:00
Frederik Braun a7153982e8 Bug 1366973: Rename security flags to not contain DATA anymore r=geckoview-reviewers,ckerschb,snorp 
Differential Revision: https://phabricator.services.mozilla.com/D83490
 2020-07-15 11:20:45 +00:00
Nika Layzell 22a65a237e Bug 1650163 - Part 1: Switch native remoteType values to nsCString, r=farre,geckoview-reviewers,agi 
Differential Revision: https://phabricator.services.mozilla.com/D82104
 2020-07-08 20:15:59 +00:00
Mihai Alexandru Michis 1ba2a3f6f6 Backed out 3 changesets (bug 1650163) for causing bustages in nsContentSecurityManager.cpp 
CLOSED TREE

Backed out changeset 51d7c644a1e6 (bug 1650163)
Backed out changeset 3d2b6908447a (bug 1650163)
Backed out changeset 79141707d47b (bug 1650163)
 2020-07-08 21:18:44 +03:00
Nika Layzell c850a94434 Bug 1650163 - Part 1: Switch native remoteType values to nsCString, r=farre,geckoview-reviewers,agi 
Differential Revision: https://phabricator.services.mozilla.com/D82104
 2020-07-08 14:54:48 +00:00
Narcis Beleuzu 8359f16846 Backed out 7 changesets (bug 1650163, bug 1649477) for bustages on JSActor.cpp . CLOSED TREE 
Backed out changeset 4a21afb65254 (bug 1650163)
Backed out changeset c41753a56f5a (bug 1650163)
Backed out changeset 5fb444c35764 (bug 1650163)
Backed out changeset 830aa93d2b0c (bug 1649477)
Backed out changeset eca6e9dce450 (bug 1649477)
Backed out changeset 5b217aa88289 (bug 1649477)
Backed out changeset 8959d02b840f (bug 1649477)
 2020-07-08 04:09:27 +03:00
Nika Layzell df351180c3 Bug 1650163 - Part 1: Switch native remoteType values to nsCString, r=farre 
Differential Revision: https://phabricator.services.mozilla.com/D82104
 2020-07-06 20:30:58 +00:00
Sebastian Hengst 7847e18297 Backed out 3 changesets (bug 1145314) on request from ckerschb for regressions (e.g. bug 1650951) 
Backed out changeset 664cc562ddf3 (bug 1145314)
Backed out changeset 9640a9d093c7 (bug 1145314)
Backed out changeset 5492ac0e42f7 (bug 1145314)
 2020-07-07 09:32:27 +02:00
Christoph Kerschbaumer 356a1baeae Bug 1145314: Lock down CheckLoadURIFlags by dropping the check that lets any URI_IS_UI_RESOURCE URL link to any other URL with that flag. r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D80601
 2020-07-03 08:11:59 +00:00
Narcis Beleuzu 9d8472510e Backed out 2 changesets (bug 1145314) for mochitest failures on test_bug995943.xhtml . CLOSED TREE 
Backed out changeset 0500cb344e6f (bug 1145314)
Backed out changeset f524ffe669ca (bug 1145314)
 2020-07-02 20:50:46 +03:00
Christoph Kerschbaumer ffe49199bb Bug 1145314: Lock down CheckLoadURIFlags by dropping the check that lets any URI_IS_UI_RESOURCE URL link to any other URL with that flag. r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D80601
 2020-07-02 09:41:11 +00:00
Csoregi Natalia 355f38ec2f Backed out 2 changesets (bug 1145314) for node debugger failure. CLOSED TREE 
Backed out changeset 550f9596f16b (bug 1145314)
Backed out changeset 93dbc3fe146a (bug 1145314)
 2020-07-02 12:37:06 +03:00
Christoph Kerschbaumer 378ee2cb3c Bug 1145314: Lock down CheckLoadURIFlags by dropping the check that lets any URI_IS_UI_RESOURCE URL link to any other URL with that flag. r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D80601
 2020-07-02 08:17:17 +00:00
Simon Giesecke cd8b8939b9 Bug 1648010 - Replace uses of NS_LITERAL_STRING/NS_LITERAL_CSTRING macros by _ns literals. r=geckoview-reviewers,jgilbert,agi,hsivonen,froydnj 
Differential Revision: https://phabricator.services.mozilla.com/D80860
 2020-07-01 08:29:29 +00:00
Christoph Kerschbaumer 05f19f4cc6 Bug 1648093: Rename hasFlags variables to something more descriptive within nsScriptSecurityManager. r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D80886
 2020-06-24 16:57:18 +00:00
Andrea Marchesini 22d905d24e Bug 1639833 - IntrisincStoragePrincipal should always be partitioned - part 2 - Expose PartitionedPrincipal, r=dimi 
Differential Revision: https://phabricator.services.mozilla.com/D76915
 2020-06-03 06:09:52 +00:00
Csoregi Natalia 2d5cafc841 Backed out 5 changesets (bug 1639833) for failures on browser_blockingIndexedDbInWorkers.js. CLOSED TREE 
Backed out changeset 6b4f76d65540 (bug 1639833)
Backed out changeset c77acba1aacb (bug 1639833)
Backed out changeset 30c97666919e (bug 1639833)
Backed out changeset d769b313441a (bug 1639833)
Backed out changeset ed41b41d1b03 (bug 1639833)
 2020-06-02 15:02:31 +03:00
Andrea Marchesini e31c7313ca Bug 1639833 - IntrisincStoragePrincipal should always be partitioned - part 2 - Expose PartitionedPrincipal, r=dimi 
Differential Revision: https://phabricator.services.mozilla.com/D76915
 2020-06-02 08:28:05 +00:00
Noemi Erli f08b043cf6 Backed out 5 changesets (bug 1639833) for causing sessionstorage related failures CLOSED TREE 
Backed out changeset b36af8d9db34 (bug 1639833)
Backed out changeset 712c11904dbe (bug 1639833)
Backed out changeset 14f1e4783582 (bug 1639833)
Backed out changeset b7f14c4cfe5d (bug 1639833)
Backed out changeset b4b25034dd83 (bug 1639833)
 2020-06-01 19:31:50 +03:00