934da4e096
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-10 22:33:51 +00:00
ec62854d68
Backed out changeset 890bcaee9b7d (bug 1529068) for causing massive tier2 failures on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE
2019-09-05 09:47:35 +03:00
2202fa3333
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-04 20:29:37 +00:00
2dd3b18187
Backed out changeset 99b313550fb8 (bug 1529068) for eslint failure on test_navigate_to.html. CLOSED TREE
2019-09-04 21:15:18 +03:00
33379674f8
Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8
...
https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-09-04 17:44:14 +00:00
8f56db01f7
Backed out changeset d0aae34d9b95 (bug 1529068) for failing form-redirected-blocked.sub.html on a CLOSED TREE
...
--HG--
extra : rebase_source : 4d7a73e1f40de001031c61fba240c57961a902d8
2019-08-07 01:39:29 +03:00
455d7a7789
Bug 1529068 - navigate-to r=ckerschb,mccr8
...
Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to
Differential Revision: https://phabricator.services.mozilla.com/D37139
--HG--
extra : moz-landing-system : lando
2019-08-06 18:27:45 +00:00
ad40847192
Bug 1567877: Apply Meta CSP to about:devtools-toolbox. r=jdescottes,Ehsan
...
Differential Revision: https://phabricator.services.mozilla.com/D39328
--HG--
extra : moz-landing-system : lando
2019-07-30 07:14:09 +00:00
9de72a3ac6
Bug 1557793 part 2. Stop using [array] in nsIStringBundle. r=Pike
...
Differential Revision: https://phabricator.services.mozilla.com/D34196
--HG--
extra : moz-landing-system : lando
2019-06-11 15:51:51 +00:00
b633427366
Bug 965637: Move CSP from Principal into Client, part 1: backend changes. r=mccr8
...
Differential Revision: https://phabricator.services.mozilla.com/D27654
--HG--
extra : moz-landing-system : lando
2019-05-21 23:14:27 +00:00
82fb5d3ddf
Bug 1386214 - Remove require-sri from the CSP-Module r=ckerschb,qdot
...
Differential Revision: https://phabricator.services.mozilla.com/D24880
--HG--
extra : moz-landing-system : lando
2019-03-26 21:58:48 +00:00
265e672179
Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
...
# ignore-this-changeset
--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
dbb1bf7e31
Bug 1438945 - Part 6: CSP via IPC. r=ckerschb
...
--HG--
extra : rebase_source : 8ea27a931619ec0bf75035039c9b4d66d23d7e70
2018-11-19 15:18:21 -08:00
f8cc48bd62
Bug 1508180 - Use uppercase names for high-order macros in dom/ r=mccr8
...
Differential Revision: https://phabricator.services.mozilla.com/D12232
--HG--
extra : moz-landing-system : lando
2018-11-19 17:31:17 +00:00
adac33969a
Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku
2018-07-20 19:57:21 +02:00
b5a482c899
Backed out 3 changesets (bug 1475073, bug 1304645, bug 1474537) for failing wpt and mochitest on a CLOSED TREE
...
Backed out changeset 4fbeea69b10d (bug 1475073)
Backed out changeset d3ac68d9ead9 (bug 1304645)
Backed out changeset 113b601a3b59 (bug 1474537)
2018-07-20 14:00:09 +03:00
1de27c0297
Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku
2018-07-20 10:42:46 +02:00
9042bfbc94
Bug 1473218 - Implement report-sample support for CSP directives, r=ckerschb
2018-07-06 08:01:49 +02:00
b5118e1ddf
Bug 1302449 - Remove the "referrer" directive in CSP, r=ckerschb
2018-05-09 13:15:08 +02:00
0d79353b7d
Bug 1439425 - Ignore empty CSP directives. r=ckerschb
...
MozReview-Commit-ID: 67Ach2vCs8A
--HG--
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_empty_directive.html
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_empty_directive.html^headers^
rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_empty_directive.html
extra : rebase_source : 1270d3d1aa8d53389e8708d29d2e363e52c02029
2018-03-06 18:48:26 -08:00
5784769019
Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug
2018-03-13 06:40:38 +01:00
d1124b72c7
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
2018-01-16 22:59:00 +02:00
77efdcf21a
Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge
...
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
2018-01-16 13:02:32 +02:00
eaddf31393
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
2018-01-15 23:30:00 +02:00
37efe4d0e6
Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj
...
MozReview-Commit-ID: DCPTnyBooIe
--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
2017-11-05 19:37:28 -08:00
2fd8493f7f
Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley
2017-10-30 18:45:36 +01:00
44d1b50592
Backed out changeset 70ccfda99dbc::ca6ae38c0432 (bug 1302667) for frequently failing mochitest in security/test/csp/test_worker_src.html r=backout a=backout on a CLOSED TREE
...
Backed out changeset ca6ae38c0432 (bug 1302667)
Backed out changeset ff86e185e09d (bug 1302667)
Backed out changeset 8ec6b8bf8c6c (bug 1302667)
Backed out changeset 21c73f9d8fac (bug 1302667)
Backed out changeset e982481dbf2c (bug 1302667)
Backed out changeset 70ccfda99dbc (bug 1302667)
2017-10-30 14:19:29 +02:00
58b63c1576
Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley
2017-10-30 09:10:36 +01:00
159f6b5627
Bug 1406794 - Provide the CSP keywords in both UTF8 and UTF16 forms. r=ckerschb
...
This avoids the need for numerous 8-to-16-bit and 16-to-8-bit string
conversions.
The patch also introduces a higher-order macro, FOR_EACH_CSP_KEYWORD, which
defines all the stuff about the keywords in a single place and makes the code
nicer.
--HG--
extra : rebase_source : b0f655546aa397749bb18dc7d6d27fbc12fe8fca
2017-10-06 16:16:52 +11:00
79a239cba5
Bug 1387684 - CSP: Special case 'self' for unique opaque origins. r=dveditz
2017-08-23 10:05:12 +02:00
f941156987
Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
...
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.
The patch also removes a couple of unused declarations from
nsIStringBundle.idl.
Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.
--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
c86dc10505
Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
...
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:
- a 16-bit C string literal, which is then converted to an 8-bit string in
order for the lookup to occur;
- an 8-bit C string literal converted to a 16-bit string, which is then
converted back to an 8-bit string in order for the lookup to occur.
This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.
The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.
Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.
The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)
--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00
4e9cf83ee8
Bug 1378712 - Remove all trailing whitespaces r=Ehsan
...
MozReview-Commit-ID: Kdz2xtTF9EG
--HG--
extra : rebase_source : 7235b3802f25bab29a8c6ba40a181a722f3df0ce
2017-07-06 14:00:35 +02:00
4956d67907
Bug 1367531: CSP should only check host (not including path) when performing frame ancestors checks. r=dveditz
2017-06-06 09:12:13 +02:00
f18a8897be
Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz
2017-04-27 09:59:16 +02:00
c267f70f91
Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb
2016-11-08 12:55:23 +01:00
f41283f981
Bug 1298680 - Use uint64_t consistently for windowID within CSP. r=freddyb
2016-09-19 12:57:20 +02:00
f9eeeb2620
Bug 1229639 - Part 1: Match CSP host source with percent-decoded URI. r=ckerschb
...
MozReview-Commit-ID: CSGeoSR2qw8
--HG--
extra : rebase_source : f64cb0b9cab61ec09faa29139f72d28272fbbedb
2016-09-06 18:29:26 +08:00
df1432e805
Bug 1290560 - Update CSPParser to handle 'sandbox', 'require-sri' and 'report-uri' with no valid srcs correctly. r=dveditz
2016-08-19 18:41:45 +02:00
6516ad9dae
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb, r=khuey
...
MozReview-Commit-ID: 13ndERn6rrL
--HG--
extra : rebase_source : e0ec31f9d322b1385994eb7d66bd885c91d75df3
2016-06-30 12:31:59 +08:00
ec18fc5ff7
Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug
...
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
2016-06-29 07:48:44 -07:00
404a0bbb99
Bug 1265318: add require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: 200PAvKtBME
2016-05-31 11:14:00 +02:00
927b1a0b3a
Backed out changeset 7469725d7461 (bug 959388)
2016-05-23 11:36:12 +02:00
32e38271c9
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey
...
MozReview-Commit-ID: LUl5LyO94m3
--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
2016-05-19 11:57:32 +08:00
582caa399f
Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb
...
MozReview-Commit-ID: I1w9QrWJeEo
--HG--
extra : histedit_source : 1258cfc50d32c10f0de90ba1e863e21ae3ebf0f8
2016-04-24 14:56:22 -04:00
f3feb0cfd3
Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb
...
MozReview-Commit-ID: G8b86UvSv0y
--HG--
extra : rebase_source : c7857e88af0d94dd1162dccfe12aae6567945f2c
2016-04-23 20:42:43 -07:00
39f2d53360
Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap)
2016-01-13 20:58:16 -08:00
67f4155fe6
Bug 1045891 - CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
a8939590de
Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
...
The bulk of this commit was generated by running:
run-clang-tidy.py \
-checks='-*,llvm-namespace-comment' \
-header-filter=^/.../mozilla-central/.* \
-fix
2015-07-13 08:25:42 -07:00
d338b7f9d9
Bug 1139297 - Implement CSP upgrade-insecure-requests directive - csp changes (r=sstamm)
...
--HG--
extra : rebase_source : 34377eb11cf33beef768bd11883c048c37351a8d
2015-07-10 09:13:54 -07:00
Benjamin
Dorel Luca
Csoregi Natalia
Andreea Pavel
Christoph Kerschbaumer
Boris Zbarsky
Sebastian Streich
Sylvestre Ledru
Andrea Marchesini
Ted Campbell
Jonathan Kingston
Chung-Sheng Fu
Chris Peterson
Coroiu Cristina
Nicholas Nethercote
Henry Chang
Thomas Nguyen
Paul Roberts
Frederik Braun
Carsten "Tomcat" Book
Kris Maglione
Christoph Kerschbaumer
Kate McKinley
Birunthan Mohanathas