Граф коммитов

133 Коммитов

Автор SHA1 Сообщение Дата
Jonas Sicking 893023f46a Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap 2010-02-02 02:29:15 -08:00
Sid Stamm 7252ce7760 Bug 515437 CSP connection code, r=jst,dveditz sr=jst 2010-01-22 13:38:21 -08:00
Daniel Veditz 153553d9b6 Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit 2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E) f2cab6a506 bug 515433, bug 515437: Content Security Policy (CSP) core 2010-01-13 14:18:24 -08:00
Blake Kaplan 7050590b13 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Johnny Stenback ac0964e5c0 Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org 2009-06-30 15:55:16 -07:00
Blake Kaplan d897bc426d Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
jonas@sicking.cc ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
jonas@sicking.cc ec7a19c8b9 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
jonas@sicking.cc 9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu 94a044f0b1 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
reed@reedloden.com 57ac4a582f Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org 7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc 42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
jst@mozilla.org f0f4a78cce Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
jonas@sicking.cc 4c1a3910ac bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu 647cbff151 Make security manager API more useful from script. Make more things
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
hg@mozilla.com 05e5d33a57 Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu d9f9d475bb When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu 8a1b6c5e34 Make the redirect check get principals the same way we get them elsewhere.
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
bzbarsky%mit.edu 730516b0a1 Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 0a3a624149 Make it possible for protocol handlers to configure how CheckLoadURI should
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de 74a2a1d30c Bug 351876 Move nsICryptoHash into necko
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu 50e969de0c Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
bzbarsky%mit.edu c44462a922 Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu 52c46b8f53 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu 18fc300f0b Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu 97bb5a58a9 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 03:26:03 +00:00
dougt%meer.net 7c0ee6b9d3 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 2005-08-26 06:46:21 +00:00
timeless%mozdev.org 9560fb68fc Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu 10d1c576d9 Expose the subject name for the cert and an nsISupports pointer to the cert on
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
brendan%mozilla.org deb9f0c764 Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
dougt%meer.net 4c7f9052d3 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org 8ca0c03467 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
jshin%mailaps.org d30a1bda05 bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu 4ede76717e Add a version of CheckLoadURI that takes a source principal instead of a source
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
gerv%gerv.net 9d2ee4928c Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk 6394a7f9f8 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 2003-12-19 21:51:37 +00:00
brendan%mozilla.org 7809adca33 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 2003-11-03 04:26:55 +00:00
caillon%returnzero.com 66caced69a Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org 4038563cd9 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon%returnzero.com f8e8aed8a7 Backing out the patch to bug 83536.
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com 91b7c60bee Bug 83536.
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
mstoltz%netscape.com ddc015e3b7 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
harishd%netscape.com 85570db892 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 2003-06-12 20:18:34 +00:00
seawood%netscape.com 97649bab86 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 21:18:27 +00:00
dougt%meer.net a069087dd4 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:56:38 +00:00
dougt%meer.net e3a6a4edfc Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:51:34 +00:00
caillon%returnzero.com 6d92f9bd32 184257 - Updating pref callers. r=timeless sr=bzbarsky 2003-01-08 08:40:41 +00:00