Граф коммитов

1891 Коммитов

Автор SHA1 Сообщение Дата
Christoph Kerschbaumer 60e3239dee Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-25 07:25:05 +02:00
shindli 0b6d93ef4d Backed out changeset 510e95767aeb (bug 1490874) for security failures in browser/components/payments/test/mochitest/test_basic_card_form.html CLOSED TREE 2018-09-24 11:43:30 +03:00
Christoph Kerschbaumer 0df81cd9f4 Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-24 09:34:04 +02:00
Jan de Mooij 4a02cf562c Bug 1491342 - Ignore document.domain in ShouldWaiveXray. r=bholley
We want to get rid of JS_GetCompartmentPrincipals. The origin stored in CompartmentPrivate does not account for document.domain changes because that's a per-realm thing.

Fortunately we should not have waivers in any cases that involve document.domain.

Differential Revision: https://phabricator.services.mozilla.com/D6035

--HG--
extra : moz-landing-system : lando
2018-09-21 07:13:15 +00:00
Andrea Marchesini d654a2915d Bug 1422456 - Origin for about: URL should not contain query or ref parts, r=smaug 2018-09-14 20:07:22 +02:00
Jan de Mooij cb90b553cd Bug 1487032 - Store origin/site info in CompartmentPrivate. r=bholley
This will let us answer the following questions (in a performant way):

1) What's the compartment's origin? Necessary to implement compartment-per-origin.
2) What's the origin's site? Necessary for the new Wrap() algorithm.
3) Has any realm in the compartment set document.domain? Necessary for the new Wrap() algorithm.

Differential Revision: https://phabricator.services.mozilla.com/D5423

--HG--
extra : moz-landing-system : lando
2018-09-11 09:01:14 +00:00
Jan de Mooij 9a0c648a30 Bug 1489196 - Don't call SetDomain in ContentPrincipal::Read. r=bholley
This fixes two issues:

1) We no longer SetHasExplicitDomain() when the domain is null.
2) We avoid the unnecessary (because new principal) wrapper recomputation.

Differential Revision: https://phabricator.services.mozilla.com/D5160

--HG--
extra : moz-landing-system : lando
2018-09-06 16:40:56 +00:00
Nika Layzell 933f7fe4d4 Bug 1485177 - Add |siteOrigin| information to nsIPrincipal r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-05 03:22:16 +00:00
Tiberius Oros 2fe7330f2d Backed out changeset 33c7b0ea5caa (bug 1485177) for assertion failure at builds/worker/workspace/build/src/caps/ContentPrincipal.cpp on a CLOSED TREE 2018-09-01 05:06:55 +03:00
Nika Layzell 452350d97c Bug 1485177 - Add |siteOrigin| information to nsIPrincipal, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-01 00:52:00 +00:00
Timothy Guan-tin Chien bfd7aeb85d Bug 1431255 - Part III, Create per-origin sandboxes from XPCJSRuntime and load UA widgets scripts r=bholley,jaws,sfink
This patch creates the basic structure on how the widget scripts can be loaded
and be pointed to the Shadow Root, from the UAWidgetsChild.jsm.

The UAWidgetsClass class asks for a sandbox from Cu.getUAWidgetScope(), which
calls into XPCJSRuntime::GetUAWidgetScope(). It creates and keeps the
sandboxes, in a GCHashMap keyed to the origin, so we could reuse it if needed.

MozReview-Commit-ID: J6W4PDQWMcN

--HG--
extra : rebase_source : a62b0a22195f09cdb508df72c954e20d18c7bf68
2018-06-27 11:34:07 -07:00
Boris Zbarsky 754087a992 Bug 1446940 part 5. Stop getting docshells from windows via getInterface in dom/editor/etc code. r=kmag 2018-08-01 13:07:11 -04:00
Jorg K ba1be252a0 Bug 1478441 - Introduce nsIURIWithSpecialOrigin needed for Thunderbird. r=baku 2018-07-31 11:27:00 +03:00
Boris Zbarsky 75abc43e0d Bug 1476145 part 8. Stop using getInterface(nsIDOMWindowUtils) in various test code. r=kmag 2018-07-24 19:47:43 -04:00
Andrea Marchesini f6768a8ff6 Bug 1228139 - Remove nsIURIWithPrincipal - part 3 - main part, r=bz
nsIURIWithPrincipal is currently used to retrieve the nsIPrincipal from a
BlobURL object.  BlobURLProtocolHandler has a hashtable containing, for each
blobURL, a BlobImpl and its nsIPrincipal. This patch introduces
BlobURLProtocolHandler::GetBlobURLPrincipal() that retrieves the nsIPrincipal
from this hashtable.

This patch fixes also a bug in how the revocation of blobURLs is broadcasted to
other processes. This should be done immediately because each process creates
its own timer to revoke them after 5 seconds.

An important change is related to NS_SecurityCompareURIs() where, if 1 (or
both) of the 2 URIs to compare, is a revoked BlobURL, we will QI its URL to
nsIStandardURL and fail out at that point.
2018-07-24 22:15:57 +02:00
Andrea Marchesini 212fc6788b Bug 1228139 - Remove nsIURIWithPrincipal - part 1 - Use of NullPrincipal when nsIURIWithPrincipal.getPrincipal() returns a nullptr, r=bz 2018-07-24 22:15:17 +02:00
Valentin Gosu 7937c7c4cc Bug 1476928 - Remove nsIURI.CloneIgnoringRef and nsIURI.CloneWithNewRef r=JuniorHsu
The patch introduces NS_GetURIWithNewRef and NS_GetURIWithNewRef which perform the same function.

Differential Revision: https://phabricator.services.mozilla.com/D2239

--HG--
extra : moz-landing-system : lando
2018-07-23 11:28:47 +00:00
Andrea Marchesini 4e97b69ebf Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 3 - ContentPrincipal, r=ckerschb 2018-07-17 21:38:48 +02:00
Andrea Marchesini 58f78c6f5d Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 2 - SystemPrincipal, r=ckerschb 2018-07-17 21:38:19 +02:00
Andrea Marchesini a053cf1c15 Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 1 - NullPrincipal, r=ckerschb 2018-07-17 21:37:48 +02:00
Kris Maglione caa1a1228b Bug 1473631: Part 10 - Replace pref observers with callbacks in ScriptSecurityManager. r=njn
MozReview-Commit-ID: COEgATfeEj

--HG--
extra : rebase_source : 8cdd70210041b0140ef951b3899dc324e0a9d74c
2018-07-05 14:53:14 -07:00
Bogdan Tara a8850882a7 Merge autoland to mozilla-central. a=merge 2018-07-17 00:58:15 +03:00
Andrea Marchesini ceea0172b0 Bug 1473587 - CSP Violation events should have the correct sample for inline contexts, r=jorendorff, r=ckerschb 2018-07-16 17:58:04 +02:00
Tim Huang c0118a2d73 Bug 1473247 - Part 1: Fixing the issue that the IP addresses won't be set for first party domains. r=arthuredelstein,baku
Right now, the firstPartyDomain won't be set when using IP addresses as
first party domains. It is because of that the TLD service won't accept
IP addresses as valid hosts. The patch fixes this problem by detecting
that if the host is a IP address. If it is, we will still set the
firstPartyDoamin with the IP address.

Differential Revision: https://phabricator.services.mozilla.com/D1977

--HG--
extra : moz-landing-system : lando
2018-07-13 19:53:15 +00:00
Olli Pettay de99e4460b Bug 1439153 - Make WebExtensions work with Shadow DOM/WebComponents, r=kmag
--HG--
extra : rebase_source : 83638cba42eea1523d32d06a2eb14df20cbab404
2018-07-14 05:26:15 +03:00
imjching 0c7582c716 Bug 1416066 - Enable caching for scripts with codebase URLs of about:home, about:newtab, and about:welcome. r=kmag
MozReview-Commit-ID: HC3cNVxWLe6

--HG--
extra : rebase_source : eab95e34618bf1ac856b44db89800b615c6503b8
2018-07-03 21:24:52 -04:00
Andrea Marchesini 5fff1762ad Bug 1418236 - Correct EventTarget for CSP violation events, r=ckerschb 2018-07-10 17:40:21 +02:00
Andrea Marchesini 14d462eeb3 Bug 1418246 - Return valid columnNumber value in CSP violation events, r=ckerschb 2018-07-05 08:21:04 +02:00
Tim Huang f5dcf5b4b6 Bug 1470156 - Part 2: Fixing the crashing problem when using an invalid character in a firstPartyDomain. r=baku
This patch adds a sanitization of firstPartyDomain when calling the
OriginAttributes::CreateSuffix() and remove the release assert there.
The cookies API for the web extension can use a arbitrary string for the
firstPartyDomain. So, we should sanitize the firstPartyDomain before
we creating a suffix. The release assert is not required anymore since
the firstPartyDomain is sanitized

Depends on D1845.

Differential Revision: https://phabricator.services.mozilla.com/D1856

--HG--
extra : moz-landing-system : lando
2018-07-03 13:47:45 +00:00
Kris Maglione 26c59776be Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : source : d28d3a80e781ae10cbc97775415827ec93193c56
2018-06-26 00:19:46 -07:00
shindli 13098ab1ef Backed out 3 changesets (bug 1470023, bug 1469719, bug 1470965) for | toolkit/components/perfmonitoring/tests/browser/browser_compartments.js on a CLOSED TREE
Backed out changeset bab121b4dd84 (bug 1469719)
Backed out changeset d28d3a80e781 (bug 1470965)
Backed out changeset 1adc0372343e (bug 1470023)
2018-06-26 22:57:54 +03:00
Kris Maglione ab6b58eddf Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : rebase_source : e2caed633f39896df6c065abcb18791b582d8f59
2018-06-26 00:19:46 -07:00
Valentin Gosu a8e3a8c349 Bug 1448330 - Make nsIURI.clone a private method r=mayhemer
MozReview-Commit-ID: 1efpeaEPaXP

--HG--
extra : rebase_source : e660f1e5bcae9b7119bc5b37713691069272b375
2018-06-14 13:05:43 +02:00
Joel Maher 50b91c0a14 Bug 1405428 - skip-if = verify on mochitests which do not pass test-verify. r=gbrown 2018-06-10 05:01:47 -04:00
Emilio Cobos Álvarez fffb25b74f Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj
This was done automatically replacing:

  s/mozilla::Move/std::move/
  s/ Move(/ std::move(/
  s/(Move(/(std::move(/

Removing the 'using mozilla::Move;' lines.

And then with a few manual fixups, see the bug for the split series..

MozReview-Commit-ID: Jxze3adipUh
2018-06-01 10:45:27 +02:00
Jan de Mooij 08cef83f24 Bug 1464374 part 4 - Remove unused nsScriptSecurityManager::doGetObjectPrincipal. r=bz 2018-05-31 11:28:49 +02:00
Boris Zbarsky b134958200 Bug 1452666. Implement nsISerializable on expanded principals. r=kmag 2018-05-24 02:43:14 -04:00
Tom Schuster 937d9326cd Bug 1453916 - Allow canvas extraction from webextension content-script even with resistFingerprinting turned on. r=kmag,bz
--HG--
extra : rebase_source : d67c589e8819407bb5acc4378d029288dd9295be
2018-05-14 20:49:32 +02:00
Gijs Kruitbosch faf68417dc Bug 1461407 - make about:home unlinkable again and improve behavior of serialized principals across changes to URLs, r=bz,Mardak,mikedeboer
Making about:home unlinkable changes its URL structure. Prior to this change,
it is a nested URL. After this change, it no longer is.

We store serialized versions of principals in some cases. These include
details about whether the URI is nested etc. This is problematic for the
about:home change because the change in nesting changes the origin of the
page, so the origin  would mismatch between the principal and its URL.
To avoid this, we always re-create URIs for about: URIs when deserializing
them from strings, ensuring we don't create bogus principals.

MozReview-Commit-ID: 87zVUFgbusn

--HG--
extra : rebase_source : a7ad0dc3b1ea39521517da648f234d35d9a1729f
2018-05-14 22:04:49 +01:00
Adrian Wielgosik 074d88de5a Bug 1460940 - Convert nsIPrincipal to use nsIDocument. r=bz
MozReview-Commit-ID: z1TGWtS1KG

--HG--
extra : rebase_source : e5291c40eb017c1e3fd69333ac108dda852fb8cd
2018-05-11 19:46:15 +02:00
Brian Grinstead a61cbe6dae Bug 1460685 - Backed out changeset 09ee763947c3 (bug 1352513);r=Gijs
The security.allow_chrome_frames_inside_content pref was added to support
XUL extension compat after the hiddenWindow special case was removed in
Bug 1145470. Since we don't need to support that use-case anymore, this
changeset backs out the change that relanded the special case with the pref.
MozReview-Commit-ID: 4keMEIQvt1Y

--HG--
extra : rebase_source : 1a9c54c9807eaed2645d0ea03b5064ed7472d7a4
2018-05-11 16:26:07 -07:00
Valentin Gosu bd4365d7e7 Bug 1448058 - Remove nsIMutable from URI implementations r=mayhemer
* Also removes NS_TryToMakeImmutable, NS_TryToSetImmutable, URIIsImmutable
* NS_EnsureSafeToReturn, nsINetUtil.toImmutableURI

MozReview-Commit-ID: 5eFtFm2CQt7

--HG--
extra : rebase_source : 1f3d23ec646883e76844d42113bc1c71c01a1ad7
2018-05-09 18:21:24 +02:00
Andrea Marchesini 5b65a3ab01 Bug 1374745 - nsScriptSecurityManager should not use a string bundle before profile selection, r=ckerschb 2018-05-08 15:52:53 +02:00
Chris Peterson 71422dcaa9 Bug 1457813 - Part 2: Replace non-asserting NS_PRECONDITIONs with MOZ_ASSERTs. r=froydnj
s/NS_PRECONDITION/MOZ_ASSERT/ and reindent

MozReview-Commit-ID: KuUsnVe2h8L

--HG--
extra : source : c14655ab3df2c9b1465dd8102b9d25683359a37b
2018-04-28 12:50:58 -07:00
Kris Maglione fc4672bb17 Bug 1456035: Follow-up: Delete redundant test_extensionURL.html, which fails with wrapper errors. r=me f=aswan CLOSED TREE
MozReview-Commit-ID: F5LmwfizygB

--HG--
extra : amend_source : 478bc62294f7a311f960a0b3e888261473254d15
2018-04-25 17:01:36 -07:00
Andrea Marchesini 6bcc1f6196 Bug 1328964 - part 2 - WorkletThread r=baku
Initial version r=smaug.
Rebased to c616a6fd5e4b by Jan-Ivar Bruaroey <jib@mozilla.com> r=karlt.
Rebased to 83de58ddda20 by Karl Tomlinson <karlt+@karlt.net> r=baku.

MozReview-Commit-ID: Lo8TWtN8qyz

--HG--
extra : rebase_source : ffcb7b835ea49cda3e25dfa94a91b3725fdbfb29
2018-04-12 15:14:48 +12:00
Tomislav Jovanovic 9e09943ad5 Bug 1441336 - Use addon permissions for PerformanceTiming properties r=bz,kmag
We need to side-step existing cross-origin checks in Performance Timing code
when the caller is a web extension content script that otherwise has permission
to access the cross-origin resource.

MozReview-Commit-ID: 8IgtqZgPWgY

--HG--
extra : rebase_source : e8152c5d8ab32096d1ff7f97311c1b43b57c3694
2018-04-04 16:54:26 +02:00
Boris Zbarsky 6c499a3613 Bug 1448414. Remove the DOM_OBJECT classinfo bit. r=kmag 2018-03-28 22:46:23 -04:00
Coroiu Cristina 29fa060fbe Backed out changeset 9e41e9c653f2 (bug 1448414) for mochitest failures Permission denied to create wrapper for object of class XPCComponents_Interfaces on a CLOSED TREE 2018-03-29 12:21:00 +03:00
Boris Zbarsky 7513177d1c Bug 1449211. Stop special-casing XUL command dispatchers and tree selections in content XBL scopes. r=kmag 2018-03-28 22:46:23 -04:00