a895bd31ae
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 2, r=qdot
2016-11-17 19:36:21 +01:00
cf2ad8072f
Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 1, r=qdot
2016-11-17 19:36:01 +01:00
dcbe139332
Bug 1317115 turn off HSTS priming to suppress perma-orange a=test-only
...
MozReview-Commit-ID: I1bNquP4yT7
2016-11-15 10:52:45 +09:00
5565f4d518
Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
...
Default is 3 seconds
MozReview-Commit-ID: 47hoaTEL9hV
2016-11-08 17:49:39 +09:00
8562d3859b
Backed out changeset a8be4ebc85cf (bug 1313595) for permaorange unexpected assertion in test_referrerdirective.html, a=backout
...
MozReview-Commit-ID: GxBqDrHHg7z
2016-11-14 18:30:58 -08:00
b8eeda422c
Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
...
Default is 3 seconds
MozReview-Commit-ID: 47hoaTEL9hV
--HG--
extra : rebase_source : 6954dc92966122b15c60f19f5e91086fcd859728
2016-11-08 17:49:39 +09:00
5ef79ef9a4
Bug 1313596 - Increase HSTS Priming default cache timeout. r=mayhemer
...
MozReview-Commit-ID: 6sHuB4wIEu4
--HG--
extra : rebase_source : 9672c18384efe24f6cb5e1aa455217e37a97db90
2016-11-10 00:30:00 -05:00
115286c614
Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout
2016-11-09 11:31:38 +01:00
134e80abde
Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb
2016-11-07 19:22:53 +05:30
41c087935b
Merge m-c to inbound, a=merge
2016-11-08 14:08:34 -08:00
eb1fcc9de6
Bug 1299483 - CSP: Implement 'strict-dynamic', test default-src. r=dveditz
2016-11-08 13:34:36 +01:00
54b5ba8aa1
Bug 1299483 - CSP: Implement 'strict-dynamic', parser inserted mochitests. r=dveditz,freddyb
2016-11-08 13:33:58 +01:00
7148985f09
Bug 1299483 - CSP: Implement 'strict-dynamic', mochitests. r=dveditz,freddyb
2016-11-08 13:33:27 +01:00
d9efe93bac
Bug 1299483 - CSP: Implement 'strict-dynamic', parser tests. r=dveditz,freddyb
2016-11-08 13:32:17 +01:00
611dfdf9b7
Bug 1299483 - CSP: Implement 'strict-dynamic', parser changes. r=dveditz,freddyb
2016-11-08 13:08:33 +01:00
c267f70f91
Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb
2016-11-08 12:55:23 +01:00
27b9e899b0
Bug 1311599 - Disable hsts tests on linux32-debug only. r=kmckinley
...
MozReview-Commit-ID: 2V5Xrfpwy3a
--HG--
extra : rebase_source : c02f00ac03368b5ce52598c23964e39f892e6007
2016-11-07 14:51:45 -05:00
e13c48fba9
Bug 1315170 - gtestify dom/security/test/TestCSPParser.cpp. r=francois.
...
--HG--
rename : dom/security/test/TestCSPParser.cpp => dom/security/test/gtest/TestCSPParser.cpp
extra : rebase_source : 52b30a4c063ce2d330108fa4b8382ff8e4adf1b0
2016-11-04 17:02:26 +11:00
a7bc94158c
Merge m-i to m-c, a=merge
...
MozReview-Commit-ID: H4VKCYDq5cD
--HG--
rename : xpcom/tests/TestAutoRef.cpp => xpcom/tests/gtest/TestAutoRef.cpp
rename : xpcom/tests/TestCOMArray.cpp => xpcom/tests/gtest/TestCOMArray.cpp
rename : xpcom/tests/TestCOMPtr.cpp => xpcom/tests/gtest/TestCOMPtr.cpp
rename : xpcom/tests/TestCOMPtrEq.cpp => xpcom/tests/gtest/TestCOMPtrEq.cpp
rename : xpcom/tests/TestFile.cpp => xpcom/tests/gtest/TestFile.cpp
rename : xpcom/tests/TestHashtables.cpp => xpcom/tests/gtest/TestHashtables.cpp
rename : xpcom/tests/TestID.cpp => xpcom/tests/gtest/TestID.cpp
2016-11-05 13:36:25 -07:00
4b45959d12
Bug 1310297 - Remove test annotations using b2g, mulet or gonk: dom/security. r=RyanVM
...
MozReview-Commit-ID: 8G41CCQ1P01
--HG--
extra : rebase_source : d8f02480bc506c06e13d0d47fa123df6f8b2f18d
2016-11-05 11:29:17 +01:00
e8f0bc4a89
Bug 1312272 - Test that marquee event handlers are subject to CSP. r=smaug
...
MozReview-Commit-ID: 4KYon5u0ocf
--HG--
extra : histedit_source : 6de85932af364aba1960f16a51d20d32b8ec6b7c
2016-11-04 22:54:19 -04:00
579a6043ca
Bug 1312680 - Test that require-sri-for blocks style loads via @import r=francois
...
MozReview-Commit-ID: A8DPWH2S3sD
2016-11-03 03:18:00 +01:00
921f2dc51d
Merge mozilla-central to mozilla-inbound
...
--HG--
extra : amend_source : 754a1f5236bea4ec4fcaac985945aa89f6c29769
2016-10-20 16:50:23 +02:00
26490f6904
Bug 1310955 - Fix nsSiteSecurityService cache retrieval r=ckerschb,keeler
...
MozReview-Commit-ID: 55DpKrqcL1x
--HG--
extra : rebase_source : 5e068cc70c45dd1844a0e59559875cde659f202a
2016-10-18 20:09:15 +09:00
6c91017f20
Merge m-i to m-c, a=merge
...
MozReview-Commit-ID: FA9OZyjP59N
2016-10-18 19:36:18 -07:00
f13c011369
Bug 1310895 - Remove support for app default and manifest CSP enforcement; r=baku
2016-10-18 09:40:41 -04:00
5b82359aa3
Bug 1305993 - Break tests up to avoid timeouts r=philor
...
MozReview-Commit-ID: 8y2gwNjnEnT
--HG--
extra : rebase_source : c24354dd7c60064b38bbbad067806d3c0a52c690
2016-10-07 17:19:38 +09:00
066a3827af
Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb
2016-10-14 20:07:32 +02:00
24324313f6
Backed out changeset f443b21ba9de (bug 1307321) for unexpected passing of scripthash-unicode-normalization.sub.html. r=backout
2016-10-14 17:51:22 +02:00
0341cd9771
Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb
2016-10-14 15:23:24 +02:00
9de6bbbaec
Bug 1261019 - Part 3: Remove Navigator.mozApps and code depending on it; r=myk,jryans,fabrice,mcmanus,peterv
2016-10-13 13:18:41 -04:00
793b227795
Bug 1309818 - Fixing some warning when compiling dom/*, r=smaug
2016-10-13 14:33:07 +02:00
f4e92ab657
Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-10-13 15:44:00 +08:00
372ec56ff4
Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
2016-10-13 15:43:54 +08:00
2142de26c1
Backed out 8 changesets (bug 1277803) for browser-chrome test failures a=backout
...
Backed out changeset 477890efdb88 (bug 1277803)
Backed out changeset 49da326bfe68 (bug 1277803)
Backed out changeset 2d17a40a9077 (bug 1277803)
Backed out changeset b1cb0a195ca1 (bug 1277803)
Backed out changeset c7d82459d152 (bug 1277803)
Backed out changeset 3be9a06248af (bug 1277803)
Backed out changeset 8d119ca96999 (bug 1277803)
Backed out changeset be767a6f7ecd (bug 1277803)
2016-10-12 14:26:00 -07:00
226661a0bc
Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-10-12 17:32:11 +08:00
0ceca5575d
Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
2016-10-12 17:32:03 +08:00
ea829544cd
Bug 1308951 - Add a pref to whitelist specific domains as SecureContexts r=ckerschb,jcj
...
MozReview-Commit-ID: AxihCLsBNRw
--HG--
extra : rebase_source : bd2800c65af839ef67f4ca9a841f08884ac9c539
2016-10-10 11:32:24 -04:00
06ba09a073
Bug 1264137 - Part 3: perform ContentPolicy check if the load is happening on this docshell. r=bz, smaug
2016-10-07 17:40:21 +08:00
e6ab0adc40
Backed out changeset d283c59402ce (bug 1277803)
...
CLOSED TREE
2016-10-07 11:24:08 +08:00
596b8e86ce
Backed out changeset 76788d4f83ce (bug 1277803)
...
CLOSED TREE
2016-10-07 11:23:40 +08:00
1925944f12
Bug 1277803 - Part 5: Add a test to verify the loadingPrincipal of favicon loads. r=ckerschb
2016-09-13 00:33:00 -04:00
85a1cb6b99
Bug 1277803 - Part 1: Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
2016-09-07 00:38:00 -04:00
395abf823f
Bug 1288104 part 2 - Instrument SRICheckDataVerifier to load/save the computed hash from the bytecode cache. r=francois
2016-10-20 09:44:33 +00:00
ae7fb1e8d0
Bug 1279139 - require-sri-for needs to govern scriptloading for workers. r=baku
...
MozReview-Commit-ID: 3m21kbiV5qK
--HG--
extra : rebase_source : 30c784392e96c1b28c55d38959cc529093b9b568
2016-10-04 02:36:00 +02:00
b0951acfc5
Bug 1302539 - X-Content-Type-Options: nosniff should not apply to images (temporarily). r=dveditz
2016-09-30 09:38:44 +02:00
cf7304c3c6
Bug 1306007 - Part 1: Remove srcset/picture feature control preference; r=jdm,smaug
...
MozReview-Commit-ID: BsyTHeqiGZL
--HG--
extra : rebase_source : 2add2510dbe16c641fe997a8349c1a36009bec20
2016-04-16 18:07:56 -04:00
40e1a53f35
Bug 1303682 - Add deprecation warning before removing 'referrer' directive from CSP. r=ckerschb
2016-09-28 20:17:18 +05:30
c190891418
Bug 1303121 - Do not fire one last progress event on XHR errors, to match a spec change. r=annevk
...
--HG--
extra : rebase_source : 9a59934cfe8fc7f2ee8ef7788813f97e2355ce2a
2016-09-28 13:05:32 -04:00
c57d400961
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 11:27:00 -04:00
f196d451ef
Bug 1304302 part 7 - Break cycle reference between SRIMetadata.h and SRICheck.h. r=smaug
...
MozReview-Commit-ID: 8UpAEXURuSg
--HG--
extra : source : 50604098e9e374611b02d82d765fa0b230d71373
2016-09-26 22:03:25 +10:00
767e1e9b11
merge mozilla-inbound to mozilla-central a=merge
2016-09-26 18:34:20 +08:00
694c12c743
Bug 1242019 - Truncate data URIs in CSP log messages. r=ckerschb
...
MozReview-Commit-ID: DaiGESRI1rb
--HG--
extra : transplant_source : %EC%7B%3F%20O%3A%A7g%BAl%82%BC-Xg%23%84%E2%3C%EE
2016-09-12 14:30:43 -07:00
ed0b5f06ee
Bug 1271796 use raw bytes to calculate SRI hash r=francois
...
MozReview-Commit-ID: F62t5CnsYlJ
--HG--
extra : rebase_source : 9c2148ffe99a51db5541ec6d9961597b578157ae
2016-09-05 12:55:25 +02:00
9f5afabda0
Bug 1294381 - Delayed process script for test_bug803225.html. r=mrbkap
2016-09-22 09:26:26 +02:00
f41283f981
Bug 1298680 - Use uint64_t consistently for windowID within CSP. r=freddyb
2016-09-19 12:57:20 +02:00
9f2e941749
Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins
2016-09-19 10:18:55 +02:00
fd99ac5cc2
Bug 1277248 - Add test to ensure that require-sri-for does not allow svg:scripts r=ckerschb
...
MozReview-Commit-ID: 1knIYZ93UeY
--HG--
extra : rebase_source : 4c1385382ecdddf80ec45d46d440b37bf4ad47c1
2016-09-13 11:05:37 +02:00
db38e2111a
Bug 1187335 - P6 - Support script/css to set integrity metadata to serviceWorker. r=bkelly. r=francois.
2016-09-07 10:30:21 +08:00
6f314fb375
Bug 1187335 - P3 - modify SRI test to match current behavior. r=bkelly, r=francois.
2016-05-30 12:26:56 +08:00
78670a91d5
Bug 1187335 - P2 - Modify the way to report to console for worker and use LoadTainting to decide CORS or not. r=bkelly. r=francois.
2016-09-08 09:59:40 +08:00
6ea7c1b598
Bug 1229639 - Part 2: Test case. r=ckerschb
...
MozReview-Commit-ID: GbofB6JoFil
--HG--
extra : rebase_source : dc4ac339817a052f687179988e28ec02764bd3e7
2016-09-06 18:30:12 +08:00
f9eeeb2620
Bug 1229639 - Part 1: Match CSP host source with percent-decoded URI. r=ckerschb
...
MozReview-Commit-ID: CSGeoSR2qw8
--HG--
extra : rebase_source : f64cb0b9cab61ec09faa29139f72d28272fbbedb
2016-09-06 18:29:26 +08:00
885c81fd09
Bug 1299267 - Test for wrong mime types. r=ckerschb
2016-09-05 20:02:52 +02:00
b71747b2ac
Bug 1299727 - Rename NS_WARN_IF_FALSE as NS_WARNING_ASSERTION. r=erahm.
...
The new name makes the sense of the condition much clearer. E.g. compare:
NS_WARN_IF_FALSE(!rv.Failed());
with:
NS_WARNING_ASSERTION(!rv.Failed());
The new name also makes it clearer that it only has effect in debug builds,
because that's standard for assertions.
--HG--
extra : rebase_source : 886e57a9e433e0cb6ed635cc075b34b7ebf81853
2016-09-01 15:01:16 +10:00
742fc7eb48
Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley.
...
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:
nsAutoCString spec;
uri->GetSpec(spec);
printf("uri: %s", spec.get());
to be changed to this:
printf("uri: %s", uri->GetSpecOrDefault().get());
This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.
I will fold this into part 1 before landing.
--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
2016-08-26 16:02:31 +10:00
a80531eeb1
Bug 1298505 - CSP: Update StripURIForReporting to rely on NS_SecurityCompareURIs. r=dveditz
...
--HG--
extra : rebase_source : b3cd4f3ebed2ee079d88c896aa08e2e99e5c20a5
2016-08-27 08:30:43 +02:00
9489473322
Bug 1297051 - Test CSPRO should not block mixed content. r=dveditz
2016-08-24 09:24:20 +02:00
653bf080a7
Bug 1297051 - CSPRO should not block mixed content. r=dveditz
2016-08-24 09:24:55 +02:00
4261d2f1f7
Bug 1288361 - Test block script with wrong MIME type. r=dveditz
2016-08-22 08:56:32 +02:00
19b246a586
Bug 1290560 - Update TestCSPParser to include 'sandbox', 'require-sri' and 'report-uri' with no valid srcs. r=dveditz
2016-08-19 18:45:04 +02:00
df1432e805
Bug 1290560 - Update CSPParser to handle 'sandbox', 'require-sri' and 'report-uri' with no valid srcs correctly. r=dveditz
2016-08-19 18:41:45 +02:00
ca40b738e4
Bug 1294620 - Use infallible XPIDL attribute getters more. r=erahm.
...
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.
The patch also removes a handful of redundant checks on infallible setters.
--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
2016-08-12 15:19:29 +10:00
3b0485fcdb
Bug 1294645 - Don't use NS_CALLBACK for callbacks in nsI{Input,Output,UnicharInput},Stream.idl. r=froydnj.
...
Slightly less than half (93 / 210) of the NS_METHOD instances in the codebase
are because of the use of NS_CALLBACK in
nsI{Input,Output,UnicharInput},Stream.idl. The use of __stdcall on Win32 isn't
important for these callbacks because they are only used as arguments to
[noscript] methods.
This patch converts them to vanilla |nsresult| functions. It increases the size
of xul.dll by about ~600 bytes, which is about 0.001%.
--HG--
extra : rebase_source : c15d85298e0975fd030cd8f8f8e54501f453959b
2016-08-12 17:36:22 +10:00
8e946df619
Bug 1293001 - Part 2: Change the BinaryName of nsIContentSecurityPolicy::getPolicy from GetPolicy (which overloaded another virtual method), to GetPolicyString, r=froydnj
...
MozReview-Commit-ID: 4XWRar3Uuw
2016-08-11 15:49:40 -04:00
e7f10a07fd
Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
...
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.
As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.
--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00
95d1c98761
Bug 918703 - Part 2: Correct progress event logic so events are sent in the correct order and with the correct values according to spec. r=baku
...
--HG--
extra : rebase_source : da5305fdfb1b28404199733f68cb65803a087e38
2016-08-05 23:47:40 -04:00
f6bc83a18a
Bug 1285894 - Fixing test_bug803225.html for e10s-multi. r=mrbkap
2016-08-01 12:26:38 +02:00
886e7cd571
Bug 1289085: CSP - Test referrer with no valid src. r=dveditz
2016-07-29 22:53:59 +02:00
ec59af86d9
Bug 1289085: CSP - Bail early if referrer directive has no valid src. r=dveditz
2016-07-31 07:57:22 +02:00
6a1fb99d2b
Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz
2016-07-30 00:24:56 -04:00
caea40742f
Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures
2016-07-27 13:14:07 +08:00
c6650db185
Bug 1246540 HSTS Priming Proof of Concept
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
a7c8429fc4
Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures
2016-07-27 11:15:52 +08:00
567ebcf321
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
dcae5b0335
Merge mozilla-central to fx-team
2016-07-26 11:58:36 +02:00
a3904e8a8a
Merge mozilla-central to mozilla-inbound
2016-07-25 15:59:01 +02:00
b9a6c687fa
merge mozilla-inbound to mozilla-central a=merge
2016-07-25 15:50:41 +02:00
249fa77287
Bug 1263793 - update SAN, r=mgoodwin,ulfr
...
MozReview-Commit-ID: HtMKl2gP1xi
--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
0a5622c093
Backed out changeset 640247e978ba (bug 1246540) for bustage
2016-07-24 15:59:31 +02:00
547500d5a7
Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
...
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00
0e04940e1a
Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi
...
MozReview-Commit-ID: BvR7Xb0AE9N
--HG--
extra : rebase_source : dfe2d600b15a6cffd49be454b3394106c3ff9bb3
extra : histedit_source : 8b03564ebced1305ce79652d904e7bb95a92a2e8
2016-06-02 17:14:27 +02:00
022d9af2b3
Bug 1285003 - Test insecure http port :80 allows secure https port :443. r=dveditz
2016-07-22 11:32:21 +02:00
3a9a5e2c83
Bug 1285003 - CSP: Insecure http port :80 should also allow secure https port :443. r=dveditz
2016-07-22 11:32:41 +02:00
c7846e126c
Backed out changeset 16aa7041c009 (bug 1287107) for causing xpcshell and mac tests
2016-07-22 11:30:23 +02:00
f5b619fb28
Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
...
MozReview-Commit-ID: 9uVUrmuVFXQ
--HG--
extra : rebase_source : d0c19fcda5c72ecdce3b0d0bbbafa5a7954d7a4c
2016-03-03 09:58:47 -08:00
5538d692d3
Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
...
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
dd5231632f
Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
...
MozReview-Commit-ID: ABXYYseKImq
--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
2016-05-19 10:59:48 +02:00
b175c9fdd5
Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo
2016-07-20 22:03:25 -07:00
e2d9911273
Backed out changeset 21d8bb5af7b4 (bug 1263793) for leaks in various jobs CLOSED TREE
2016-07-20 11:16:37 -07:00
9b9c643025
Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
...
MozReview-Commit-ID: CHUPgBr8WaC
--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
2016-05-19 10:59:48 +02:00
f2c908b15d
Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz
2016-07-20 12:33:29 +02:00
23f7b47719
Bug 1273430 - Test CSP upgrade-insecure-requests for doc.write(iframe). r=tanvi
2016-07-20 09:26:16 +02:00
7846da76d6
Bug 1287107 - Making transition alive with gaia as chrome:// r=bholley,fabrice
...
MozReview-Commit-ID: 9uVUrmuVFXQ
--HG--
extra : rebase_source : 20f6f0235667530c21aca4889b5d33e39c2d1a48
2016-03-03 09:58:47 -08:00
c9783f64cb
Backed out 4 changesets (bug 471020) for frequent Windows w(2) failures CLOSED TREE a=merge
...
Backed out changeset d9675ab3d203 (bug 471020)
Backed out changeset 3ee328c56de0 (bug 471020)
Backed out changeset 000576e264bd (bug 471020)
Backed out changeset ffe60708c457 (bug 471020)
2016-07-18 16:07:28 -07:00
6166c48409
Bug 471020 - Test X-Content-Type-Options: nosniff. r=dveditz
2016-07-18 14:47:35 +02:00
97e696739a
Bug 1286376 - Do not call finish multiple times within test_contentpolicytype_targeted_link_iframe.html. r=smaug
2016-07-13 09:04:30 +02:00
941244dcc8
Bug 1286024 - Replace no document in SetRequestContext warning with a log. r=ckerschb
...
MozReview-Commit-ID: IitqAt0iLQF
--HG--
extra : rebase_source : 72c6bd3b894d8a36f65bfd43ddd8f294de1f2d22
2016-07-12 17:46:23 +08:00
442eb5511e
Merge mozilla-central to mozilla-inbound
2016-07-12 11:06:19 +02:00
0cd1f7698a
Bug 1234813 - Tests for: sendBeacon should not throw if blocked by Content Policy. r=barnes
2016-07-12 07:26:37 +02:00
68b180b34f
Bug 1255240 - Test content policy types within content policies for targeted links in iframes. r=smaug
2016-07-11 20:58:57 +02:00
84f2bb5302
Bug 1277557 - Test require-sri-for in meta tag r=francois
2016-07-08 07:26:34 +02:00
11de73857c
Bug 1269241 - Add SRI tests for UTF-8 stylesheets. r=ckerschb,r=jkt
2016-07-07 14:44:51 -07:00
22b8fe594a
Bug 1253771 - Add previous state info to mixed content callback. r=tanvi r=florian
...
MozReview-Commit-ID: 5msNz97psok
--HG--
extra : rebase_source : 640f86c3cc0b9b5a842a0c104cb269915b727b4b
extra : histedit_source : 6ca75dac152d5135089f9053eb91440058b124e4
2016-04-27 10:38:26 +02:00
6516ad9dae
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb, r=khuey
...
MozReview-Commit-ID: 13ndERn6rrL
--HG--
extra : rebase_source : e0ec31f9d322b1385994eb7d66bd885c91d75df3
2016-06-30 12:31:59 +08:00
bd8bba9788
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: IhEAA89VyTr
--HG--
extra : rebase_source : 63d522eab0477706636aa2e9086f1b0cdc30889d
2016-06-30 12:32:03 +08:00
edd71bdffd
Bug 671389 - Extend CSP tests for iframe sandbox with CSP sandbox directive tests r=grobinson
...
--HG--
extra : rebase_source : 4a37c0828701909f32870c0079b75b5c55144381
2016-06-28 14:06:06 -07:00
6e2b739762
Bug 671389 - Tests for CSP sandbox directive. r=grobinson, r=smaug
...
--HG--
extra : rebase_source : 8906837f0a8f0afdb3ba3db5463265ef62220f92
2016-06-28 14:03:45 -07:00
ec18fc5ff7
Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug
...
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
2016-06-29 07:48:44 -07:00
9e62aecdfc
Bug 1278272 - Convert test_csp_upgrade_insecure_request_header.js to channel.asyncOpen2() r=jkt
2016-06-29 13:08:47 +02:00
1a5fda4297
Bug 1240193 - Skip TYPE_DOCUMENT assertions for loads initiated by JS tests (r=tanvi)
2016-06-29 12:59:45 +02:00
daa6f72c59
Bug 1279420 - Adding in security.csp.experimentalEnabled pref check to require-sri-for directive in CSP. r=ckerschb
...
MozReview-Commit-ID: 799ZZoW0YiG
--HG--
extra : transplant_source : %CAC%12%16%C6a%10AP%BEc%85%BA%93Z%7Cq%D43%8D
2016-06-20 19:49:38 +01:00
24fbc29c99
Bug 1188642 - Use channel->ascynOpen2 in dom/base/nsObjectLoadingContent.cpp r=smaug
2016-06-28 09:37:55 +02:00
25f6f710d7
Bug 1100181 - CSP: Enforce connect-src when submitting pings. r=arroway
2016-06-24 15:25:11 +02:00
76f6cc7739
Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen
...
--HG--
extra : rebase_source : 92bd320351de91b72304c2fc386f1ae295837a9e
2016-06-22 14:13:03 +02:00
1b81dcec35
Bug 1271198 - Convert Websockets to use AsyncOpen2(). r=jduell
2016-05-17 12:04:11 +02:00
4b7ad0e2c5
Bug 1223838 - Fix wrong policy associated with empty string. r=fkiefer,hsivonen
...
MozReview-Commit-ID: 7kFH39cegmH
2016-05-30 15:17:45 +08:00
83ab2f2e39
Bug 1148732 - (CVE-2015-4483) feed: protocol + POST method => mixed scripting. r=tanvi
2016-05-23 12:11:02 +08:00
e4fbe1d9ac
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
404a0bbb99
Bug 1265318: add require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: 200PAvKtBME
2016-05-31 11:14:00 +02:00
e8df1f59be
Bug 1265318: tests for require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: Ji14cwB8D3P
2016-05-31 08:30:00 +02:00
525c086187
Bug 1259871 - Replace getSimpleCodebasePrincipal with createCodebasePrincipal. r=sicking
...
MozReview-Commit-ID: Frx0CjBzuve
--HG--
extra : histedit_source : 036eb321d9ccb20e0e071ba588b0a1249eb34bdd
2016-05-24 18:01:34 +08:00
4a29890033
Backed out changeset c970fb57fedd (bug 1247459) for failing its own test on Windows. r=backout
2016-05-31 08:36:02 +02:00
fc06857f8e
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
8a208322fb
Bug 1269254 - Skip CheckLoadURIWithPrincipal checks within ContentSecurityManager on loadingPrincipal if security flag indicates allow cross origin loads (r=sicking)
2016-05-29 20:40:16 +02:00
031a59734b
Bug 1196013 - Use channel->ascynOpen2 in toolkit/components/places. r=billm r=sicking r=mak
2016-05-23 23:57:31 +02:00
2cd574f25f
Bug 1274376 - more mozilla::net namespaces r=dragana
...
--HG--
extra : rebase_source : 914d48f23a4a5db052a789b9e21c1ff922533d35
2016-05-18 22:02:57 -04:00
927b1a0b3a
Backed out changeset 7469725d7461 (bug 959388)
2016-05-23 11:36:12 +02:00
9214312096
Backed out changeset 9feb9c89d33a (bug 959388)
2016-05-23 11:36:10 +02:00
61fe1800b8
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: Ahx419BHWrS
--HG--
extra : rebase_source : 2016c1e68f990a8ba9cd471e18778c87b08546e1
2016-05-19 11:59:54 +08:00
32e38271c9
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey
...
MozReview-Commit-ID: LUl5LyO94m3
--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
2016-05-19 11:57:32 +08:00
52a84afc5c
Bug 1273418 - CSP: Test evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:36:02 +02:00
3713fd6352
Bug 1273418 - CSP: Evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:35:45 +02:00
468fcc6924
Backed out changeset 2292661153e3 (bug 1271198) for web-platform failures. r=backout on a CLOSED TREE
2016-05-19 17:06:04 +02:00
bbc661631e
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 15:42:01 +02:00
d6e3286232
Backed out changeset 854a8df494d3 (bug 1271198) for many assertions at nsHttpChannel.cpp:5204. r=backout on a CLOSED TREE
2016-05-19 14:23:51 +02:00
0e2d46a840
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 11:54:02 +02:00
1e81548029
bug 1271436 - use nsIDocShellTreeItem::GetDocument() more r=smaug
2016-05-17 18:16:07 -04:00
8a9e2d2bd4
Bug 1272513 - Part 2: Remove redundant -Wshadow CXXFLAGS from moz.build files. r=glandium
2016-05-14 00:54:55 -07:00
dc7cba21ef
Bug 1251152 - Part 3: Test case. r=franziskus
2016-05-05 11:11:34 +08:00
Andrea Marchesini
Kate McKinley
Phil Ringnalda
Sebastian Hengst
Tanuja Sawant
Wes Kocher
Christoph Kerschbaumer
Joel Maher
Nicholas Nethercote
Frederik Braun
Carsten "Tomcat" Book
Ehsan Akhgari
Steven Englehardt
Tim Huang
Richard Barnes
Yoshi Huang
Iris Hsiao
Nicolas B. Pierron
Edgar Chen
Samriddhi Jain
Thomas Wisniewski
Xidorn Quan
Gabor Krizsanits
Tom Tung
Henry Chang
Tom Schuster
Michael Layzell
Franziskus Kiefer
Johann Hofmann
Fabrice Desré
Tom Tromey
Chris Peterson
Thomas Nguyen
Christoph Kerschbaumer
Francois Marier
Paul Roberts
Jonathan Kingston
Dimi Lee
Stephanie Ouillon
Jonathan Hao
Patrick McManus
Trevor Saunders