mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
618 768 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

5 Коммитов

Автор SHA1 Сообщение Дата
Kris Maglione 219ed0cc06 Bug 1454813: Part 2b - Rename SpawnTask.js to AddTask.js. r=florian 
The old name no longer makes sense, since it no longer exports an spawn_task
symbol, and add_task is what we really care about.

MozReview-Commit-ID: IE7B8Czv8DH

--HG--
rename : testing/mochitest/tests/SimpleTest/SpawnTask.js => testing/mochitest/tests/SimpleTest/AddTask.js
extra : rebase_source : 03bca5aa69a7625a49b4455a6c96ce4c59de3a5a
 2018-04-18 11:43:45 -07:00
Tim Taubert 43fb829da9 Bug 1444605 - Fix perma-orange browser_active_document.js r=johannh 
Reviewers: johannh

Reviewed By: johannh

Bug #: 1444605

Differential Revision: https://phabricator.services.mozilla.com/D706

--HG--
extra : amend_source : f84c2e30200b9afe42defa8eeca1dcbe828061b1
 2018-03-12 11:51:05 +01:00
Tim Taubert afe259f21f Bug 1409202 - Web Authentication - Restrict to selected tabs in the active window r=jcj 
Summary:
This patch restricts any calls to navigator.credentials.* methods to selected
tabs. Any active WebAuthn request will be aborted when the parent chrome
window loses focus, or the <browser> is backgrounded.

Reviewers: jcj

Reviewed By: jcj

Bug #: 1409202

Differential Revision: https://phabricator.services.mozilla.com/D688

--HG--
extra : amend_source : 112378a1ab2e883d7603e8a28ff3f8e944d57b5f
 2018-03-10 06:43:20 +01:00
Tim Taubert e7bbf534a6 Bug 1439805 - Implement CredentialsContainer.preventSilentAccess() r=jcj,smaug 
Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1439805

Differential Revision: https://phabricator.services.mozilla.com/D629
 2018-02-22 14:36:08 +01:00
J.C. Jones bce88244c0 Bug 1407789 - Prohibit cross-site iframes for Credential Management r=baku,keeler,ttaubert 
Credential Management defines a parameter `sameOriginWithAncestors` which is
set true if the responsible document is not either in a top-level browsing
context, or is in a nested context whose heirarchy is all loaded from the
same origin as the top-level context [1][2]. The individual credential types
of CredMan can use this flag to make decisions on whether to error or not.

Our Credential Management implementation right now is a shim to Web
Authentication, which says that if `sameOriginWithAncestors` is false, return
`"NotAllowedError"`.

This ensures that

  https://webauthn.bin.coffee/iframe.html

works, but the cross-origin

  https://u2f.bin.coffee/iframe-webauthn.html

does not.

[1] https://w3c.github.io/webappsec-credential-management/#algorithm-request
[2] https://w3c.github.io/webappsec-credential-management/#algorithm-create
[3] https://w3c.github.io/webauthn/#createCredential
[4] https://w3c.github.io/webauthn/#getAssertion

MozReview-Commit-ID: KIyakgl0kGv

--HG--
extra : rebase_source : dace4f4d73823913bff759fce8255da8e18ad5e3
 2017-10-12 18:18:39 -07:00