Граф коммитов

569 Коммитов

Автор SHA1 Сообщение Дата
Christoph Kerschbaumer e4f38c8d7c Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian 2017-05-15 21:49:50 +02:00
Birunthan Mohanathas 5e41427024 Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley
According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:
- 349501cdaa
- https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy

Note that we only whitelist '127.0.0.1' and '::1' to match Chrome 53 and
later. See:
- 130ee686fa

It is unclear if HTTPS origins should be able to use workers and WebSocket
connections through a loopback HTTP address. They are not supported in Chrome
(whether this is intentional or not is uncertain) so lets just ignore them for
now.

See also: https://github.com/w3c/web-platform-tests/pull/5304
2017-05-10 20:50:00 +03:00
Christoph Kerschbaumer 917075833b Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug 2017-05-10 18:40:57 +02:00
Christoph Kerschbaumer b9a841105c Bug 1355801: Nonce should not apply to images tests. r=dveditz 2017-05-10 08:53:27 +02:00
Christoph Kerschbaumer e5865a7980 Bug 1355801: Nonce should only apply to script and style. r=dveditz 2017-05-10 08:52:24 +02:00
Christoph Kerschbaumer 58bdcd15b5 Bug 1345615: Disable websocket tests on android. r=test-fix 2017-04-27 17:28:13 +02:00
Dragana Damjanovic 9a3cfa6017 Bug 1334776 - Store header names into nsHttpHeaderArray. r=mcmanus 2017-04-27 16:48:36 +02:00
Christoph Kerschbaumer 62c0c912c8 Bug 1345615: Test websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:35 +02:00
Christoph Kerschbaumer f18a8897be Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
Cykesiopka 7c0b9e9d34 Bug 1356522 - Remove unnecessary nsICryptoHash output CRLF filtering in nsCSPUtils.cpp. r=ckerschb
This filtering is no longer necessary now that the fix for Bug 1338897 has landed and has gotten rid of the CRLF behaviour.

MozReview-Commit-ID: 9OKmrtQN3Cq

--HG--
extra : transplant_source : %C2%CD%AC%F6j%F5%D0%00%7E%AC%D2j%ACW%83%60%3B%F0%ED%CC
2017-04-17 17:34:18 +08:00
Florian Queze 37ff4fc7cc Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws. 2017-04-14 21:51:38 +02:00
Sebastian Hengst a07223d699 Backed out changeset 322fde2d53bf (bug 1356569) so bug 1355161 can be backed out. r=backout 2017-04-14 23:39:22 +02:00
Florian Queze 95d4d20c17 Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws. 2017-04-14 21:51:38 +02:00
Dan Banner cdf987089d Bug 1107904 - Remove packed.js and references to it as it is unused. r=standard8
MozReview-Commit-ID: K5TLF92pHq4

--HG--
extra : rebase_source : 295bf325a07fa8ec4c55a8babf5418588308dca6
2017-04-12 11:10:00 +01:00
Joel Maher 694ea4ea3b Bug 1183300 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disable on win7. r=ckerschb,gbrown
MozReview-Commit-ID: AslnFrYGOVw
2017-04-09 05:43:47 -04:00
Kate McKinley d082c41757 Bug 1322044 - Only mark a subdomain cached when includeSubDomains is true r=ckerschb,keeler
MozReview-Commit-ID: 3lFkuLauyGg

--HG--
extra : rebase_source : c356f1d4bef73b634eed6ca4d8078281ebc3ce3c
2017-02-13 13:36:01 +09:00
Thomas Nguyen afaba58d52 Bug 1339004 - Do DocGroup labeling in dom/security. r=ckerschb,smaug
MozReview-Commit-ID: 3QoH8P4J85I

--HG--
extra : rebase_source : 6f62454001fc02380f8aea99a56eff38de0e9fb6
2017-03-29 10:20:32 +08:00
Andrea Marchesini 2c716cd273 Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan 2017-03-29 15:28:46 +02:00
Sebastian Hengst eadf7b5c6e Backed out changeset 4af10700c64c (bug 1347817) 2017-03-29 11:17:04 +02:00
Andrea Marchesini 4b77f4a4b9 Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan 2017-03-29 08:27:17 +02:00
Christoph Kerschbaumer f49ee1fdca Bug 1316305 - Explicilty call .close() for websocket in test. r=baku 2017-03-22 13:04:02 +01:00
Andrea Marchesini 507c00cb9f Bug 1343933 - Renaming Principal classes - part 4 - ContentPrincipal, r=qdot
--HG--
rename : caps/nsPrincipal.cpp => caps/ContentPrincipal.cpp
rename : caps/nsPrincipal.h => caps/ContentPrincipal.h
2017-03-22 11:39:31 +01:00
Frederik Braun 56207a1b8b Bug 1073952: tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,Tomcat
MozReview-Commit-ID: 5Q8XIJPrRPk

--HG--
extra : rebase_source : 391431d3585173d096ab58747a854542dfd3adca
2017-01-30 14:12:15 +01:00
Frederik Braun 17c2bf2604 Bug 1224225: Tests for punycode/unicode in CSP source matching code r=ckerschb,KWierso
MozReview-Commit-ID: 21Mr9ekUvnk

--HG--
extra : rebase_source : be5d673efaa31e322fea5da5ff4e7e6fa749daca
2017-03-15 13:22:55 +01:00
Frederik Braun cef461241c Bug 1224225: Use GetAsciiHost in CSP source matching code r=ckerschb,KWierso
MozReview-Commit-ID: B7SwUEMiVwc

--HG--
extra : rebase_source : d5dbec9f6aac4a627c35fb93f85f8e922fa695dd
2017-03-15 13:22:06 +01:00
Carsten "Tomcat" Book dba578960e merge mozilla-inbound to mozilla-central a=merge 2017-03-14 14:23:03 +01:00
Christoph Kerschbaumer 658552e990 Bug 1316305 - Add debug information for test_upgrade_insecure_requests. r=jmaher 2017-03-13 12:00:46 +01:00
David Major dc67bfc9a3 Bug 1344629 - Part 6: Rewrite unnecessary uses of nsLiteralString. r=dbaron
There's an antipattern where nsLiteralString is used as an unnecessary intermediary in converting from CharT* to CharT*,
e.g. CallAFunctionThatTakesACharPointer(NS_LITERAL_CSTRING("foo").get());
or
NS_NAMED_LITERAL_STRING(foo, "abc");
CallAFunctionThatTakesACharPointer(foo.get());

This patch rewrites the callsites that can be trivially changed to use char*/char16_t*.

I'd somewhat like to remove nsTLiteralString::get() altogether, but in code that's less straightforward than these examples, get() is useful enough to keep.

MozReview-Commit-ID: Kh1rUziVllo

--HG--
extra : rebase_source : c21a65694d6e1c42fd88f73632f7ac8f38d005ae
2017-03-14 15:26:27 +13:00
Iris Hsiao 5cece96e1c Backed out 12 changesets (bug 1344629) for stylo build bustage
Backed out changeset cf4273d3ac30 (bug 1344629)
Backed out changeset a96390e044e0 (bug 1344629)
Backed out changeset d9b330f9bc24 (bug 1344629)
Backed out changeset 2b460fe020af (bug 1344629)
Backed out changeset 0ada91b0452e (bug 1344629)
Backed out changeset 083304fcd6bd (bug 1344629)
Backed out changeset 53d7d1ce2c97 (bug 1344629)
Backed out changeset 55eee7078ae4 (bug 1344629)
Backed out changeset 7d3c06b3eca9 (bug 1344629)
Backed out changeset e5df14c3db61 (bug 1344629)
Backed out changeset 636095ff2815 (bug 1344629)
Backed out changeset 0be052ad24c1 (bug 1344629)
2017-03-14 11:52:24 +08:00
David Major 40f4821701 Bug 1344629 - Part 6: Rewrite unnecessary uses of nsLiteralString. r=dbaron
There's an antipattern where nsLiteralString is used as an unnecessary intermediary in converting from CharT* to CharT*,
e.g. CallAFunctionThatTakesACharPointer(NS_LITERAL_CSTRING("foo").get());
or
NS_NAMED_LITERAL_STRING(foo, "abc");
CallAFunctionThatTakesACharPointer(foo.get());

This patch rewrites the callsites that can be trivially changed to use char*/char16_t*.

I'd somewhat like to remove nsTLiteralString::get() altogether, but in code that's less straightforward than these examples, get() is useful enough to keep.

MozReview-Commit-ID: Kh1rUziVllo

--HG--
extra : rebase_source : c21a65694d6e1c42fd88f73632f7ac8f38d005ae
2017-03-14 15:26:27 +13:00
Andrea Marchesini e9195daa8d Bug 1345168 - Get rid of OriginAttributes::Inherit, r=tjr 2017-03-08 07:41:51 +01:00
Wei-Cheng Pan 510ba75c20 Bug 1310127 - Part 17: Use MOZ_MUST_USE in netwerk/protocol/http r=smaug
MozReview-Commit-ID: 5gvVZtsa3yS

--HG--
extra : rebase_source : 5e1ab2fc06ae58f18abb8909ac93f9512abbe220
2016-12-20 11:49:32 +08:00
Ursula Sarracini 6b1858e254 Bug 1340181 - Hide Activity Stream URL in URLbar r=fkiefer,mconley
MozReview-Commit-ID: F0P5tn2wyG

--HG--
extra : rebase_source : a9f766913b8340e12a4f526dc741e8ed752e6acf
2017-02-22 13:18:09 -05:00
Masatoshi Kimura 7be7b11a1c Bug 1342144 - Remove version parameter from the type attribute of script elements. r=jmaher
This patch is generated by the following sed script:
find . ! -wholename '*/.hg*' -type f \( -iname '*.html' -o -iname '*.xhtml' -o -iname '*.xul' -o -iname '*.js' \) -exec sed -i -e 's/\(\(text\|application\)\/javascript\);version=1.[0-9]/\1/g' {} \;

MozReview-Commit-ID: AzhtdwJwVNg

--HG--
extra : rebase_source : e8f90249454c0779d926f87777f457352961748d
2017-02-23 06:10:07 +09:00
Joel Maher 51bcce91f3 Bug 1316305 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disabled on osx. r=gbrown
MozReview-Commit-ID: FyX1wqxhyT7
2017-02-24 12:33:21 -05:00
Kate McKinley c69d150710 Bug 1339669 - Update security.mixed_content.hsts_priming_cache_timeout default r=mayhemer
MozReview-Commit-ID: CNFrPUyrdO8

--HG--
extra : rebase_source : 858da20cf65369ede5908b07921dfba501956b84
2017-02-16 10:48:59 +09:00
Jonathan Hao c23b7c4dcc Bug 1323644 - Isolate the HSTS and HPKP storage by first party domain (DOM/DocShell) r=baku,ckerschb
MozReview-Commit-ID: AZUfZffsLxu

--HG--
extra : rebase_source : bcd831e5ba7e92dd142747dccacba5cd34da016e
2017-02-14 10:29:24 +08:00
Xidorn Quan 3e72a08b95 Bug 1339394 - Don't serialize transparent color to transparent keyword when not necessary. r=heycam,jaws
MozReview-Commit-ID: 59cmaCoFJMR

--HG--
extra : rebase_source : 3b927d3c056b66e98f457de1726cf9d459eb8708
2017-02-16 10:26:13 +11:00
Tom Tromey 5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
Ben Kelly 0e176007bb Bug 1322111 P1 Add TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS content policy type. r=ckerschb 2017-02-15 09:55:58 -05:00
Carsten "Tomcat" Book 4bb208b812 Backed out changeset 4a964c3f1759 (bug 1339394) for suspicion of causing failures on OS X browser_selectpopup.js tests 2017-02-15 14:43:57 +01:00
Xidorn Quan 8a139d9ab8 Bug 1339394 - Don't serialize transparent color to transparent keyword when not necessary. r=heycam
MozReview-Commit-ID: 59cmaCoFJMR

--HG--
extra : source : 6c2a110bb5f4c7d4b1efd81a5cf03878291f7591
extra : amend_source : e2cdd8e042f99c53dceb69e02b422d62cdc01e1f
2017-02-15 20:47:26 +11:00
Ben Kelly 564ce2618f Bug 1338304 P1 Make nsCSPService cancel the channel if a redirect is blocked by CSP. r=ckerschb 2017-02-14 10:06:38 -05:00
Tooru Fujisawa 6582faf6eb Bug 1338251 - Remove remaining legacy generator from dom/security/test/hsts/. r=smaug 2017-02-11 01:53:23 +09:00
Tim Huang 756cf900c9 Bug 1336802 - Part 2: Updating the whole code base to make sure nsILoadInfo get null check. r=smaug
--HG--
extra : rebase_source : 22149fd540fd02119afe9fe5c9a815d01cf959c1
2017-02-07 11:49:34 +08:00
Carsten "Tomcat" Book bb03ec5d0c Merge mozilla-central to autoland 2017-02-08 11:32:21 +01:00
Kate McKinley af9b4969e3 Bug 1334838 - Avoid matching same host with a non-test URI a=testonly r=ckerschb
MozReview-Commit-ID: 7Ok7FXFtMoH

--HG--
extra : rebase_source : 99e6beac73e043e9d6174277ab9458fe8d7556c7
2017-02-08 11:28:29 +08:00
Franziskus Kiefer 456a4733d7 Bug 1336654 - update expired certs and signatures for content signature tests, r=mgoodwin
--HG--
extra : rebase_source : ec6a62f2f8d651f6e2cc8d4dade93d9647d03a10
2017-02-06 10:07:49 +01:00
Wes Kocher f9c7eaa259 Bug 1336654 - Skip the suddenly permafailing tests to reopen the tree a=me CLOSED TREE
MozReview-Commit-ID: 1KLjbaojvYc
2017-02-03 17:17:51 -08:00
Andrea Marchesini 43b97e9ea3 Bug 1288768 - Better error reporting for network errors in workers - WPT, r=bz 2017-01-28 15:40:08 +01:00