e333553994
Bug 1579094 - Allow not having a Port for RessourceURI if the Scheme has no Default Port r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D60521
--HG--
extra : moz-landing-system : lando
2020-02-10 18:23:29 +00:00
52a6d76d90
Bug 1376310 - Ensure a nsIDocShell after checking IsOriginPotentiallyTrustworthy r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D60742
--HG--
extra : moz-landing-system : lando
2020-02-10 14:51:10 +00:00
71231ac083
Bug 1612707 - Disable various slow tests under TSan. r=froydnj
...
Differential Revision: https://phabricator.services.mozilla.com/D61562
--HG--
extra : moz-landing-system : lando
2020-02-04 14:34:07 +00:00
64ac7e058b
Bug 1610978 - Fix a clang 10 warning in DebugSecFlagType r=ckerschb
...
Clang 10 warns about the loop variable creating a copy.
Differential Revision: https://phabricator.services.mozilla.com/D60751
--HG--
extra : moz-landing-system : lando
2020-02-04 08:38:14 +00:00
e17d117cab
Bug 1611238 - Enforce eval restrictions in the Parent Process/System Context r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D60880
--HG--
extra : moz-landing-system : lando
2020-01-24 14:04:27 +00:00
94031cbf06
Bug 1526731 - do not mixed-content-block image loads from webbrowserpersist, r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D60694
--HG--
extra : moz-landing-system : lando
2020-01-22 23:00:21 +00:00
be31335d9f
Bug 1609474 - Handle if extensions.webextensions.remote changes during runtime for the purposes of Eval/JS Load Telemetry r=robwu,ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D60034
--HG--
extra : moz-landing-system : lando
2020-01-22 18:13:26 +00:00
357ee3d14c
Bug 1609877: Convert prefs for domsecurity to use static prefs. r=tjr
...
Differential Revision: https://phabricator.services.mozilla.com/D60403
--HG--
extra : moz-landing-system : lando
2020-01-22 11:04:17 +00:00
41ffa16326
Backed out changeset dbaa31392a53 (bug 1609877) for build bustages on DOMSecurityMonitor.cpp. CLOSED TREE
2020-01-20 22:08:07 +02:00
b7a9b6218a
Bug 1609877: Convert prefs for domsecurity to use static prefs. r=tjr
...
Differential Revision: https://phabricator.services.mozilla.com/D60403
--HG--
extra : moz-landing-system : lando
2020-01-20 18:10:38 +00:00
4b1d0172e9
Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr
...
Differential Revision: https://phabricator.services.mozilla.com/D58962
--HG--
extra : moz-landing-system : lando
2020-01-17 17:29:47 +00:00
4e0356f4f1
Backed out changeset caa23b535218 (bug 1607483) for mochitest failures on test_input.html. CLOSED TREE
2020-01-17 14:45:45 +02:00
fd03c6b7d1
Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr
...
Differential Revision: https://phabricator.services.mozilla.com/D58962
--HG--
extra : moz-landing-system : lando
2020-01-17 10:17:07 +00:00
66c93198a3
Bug 1597257: Monitor use of javascript: URIs in system privileged contexts and about: pages. r=bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D59858
--HG--
extra : moz-landing-system : lando
2020-01-16 16:06:42 +00:00
14244a91ca
Bug 1608876 Refactor FramingChecker.cpp r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D59745
--HG--
extra : moz-landing-system : lando
2020-01-16 13:13:10 +00:00
dc86748b77
Bug 1599438 - Store sandbox flags on the LoadInfo when creating a channel for a docshell, so that we don't read a stale value from the BrowsingContext later. r=bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D59263
--HG--
extra : moz-landing-system : lando
2020-01-15 08:02:57 +00:00
c59ca04e7b
Backed out changeset b3538b7016aa (bug 1599438) for bustages on TestHttpFuzzing.cpp . CLOSED TREE
2020-01-15 06:03:55 +02:00
dd0d183cb4
Bug 1599438 - Store sandbox flags on the LoadInfo when creating a channel for a docshell, so that we don't read a stale value from the BrowsingContext later. r=bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D59263
--HG--
extra : moz-landing-system : lando
2020-01-15 02:05:57 +00:00
15d6a86b62
Backed out changeset 3d924e2a2e54 (bug 1607483) for assertion failures on nsContentSecurityManager.cpp . CLOSED TREE
2020-01-14 22:28:32 +02:00
5104f1b8cb
Bug 1608930 - Allow script loads with the filename about:sync-log r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D59781
--HG--
extra : moz-landing-system : lando
2020-01-14 18:16:20 +00:00
003b30393d
Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr
...
Differential Revision: https://phabricator.services.mozilla.com/D58962
--HG--
extra : moz-landing-system : lando
2020-01-14 17:42:18 +00:00
b2cfa59626
Bug 1607615 - Allow CORS preflights with a default of 5 seconds for expiry if Access-Control-Max-Age hasn't been sent; r=mayhemer
...
The default expiry value is chosen based on what Chromium uses:
https://source.chromium.org/chromium/chromium/src/+/master:services/network/public/cpp/cors/preflight_result.cc;l=27;drc=529117e5ed802c91a5cf192a72b4097d27fcb928?originalUrl=https:%2F%2Fcs.chromium.org%2F
Differential Revision: https://phabricator.services.mozilla.com/D59032
--HG--
extra : moz-landing-system : lando
2020-01-14 17:13:11 +00:00
076eaa47d2
Bug 1596360: Monitor the fragment parser in chrome code and in about: pages and assert that no new calls e.g. to innerHTML and friends can be introduced. r=jkt,Gijs
...
Differential Revision: https://phabricator.services.mozilla.com/D53163
--HG--
extra : moz-landing-system : lando
2020-01-12 19:50:13 +00:00
ccb320c394
Backed out changeset b80ab0927b40 (bug 1596360) for dt failures in DOMSecurityMonitor.cpp on a CLOSED TREE
2020-01-10 16:04:27 +02:00
c114029715
Bug 1596360: Monitor the fragment parser in chrome code and in about: pages and assert that no new calls e.g. to innerHTML and friends can be introduced. r=jkt,Gijs
...
Differential Revision: https://phabricator.services.mozilla.com/D53163
--HG--
extra : moz-landing-system : lando
2020-01-10 13:08:26 +00:00
c521758c5e
Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
...
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D58175
--HG--
extra : moz-landing-system : lando
2020-01-09 21:50:11 +00:00
8335b185aa
Bug 1585533: Add debug statements to fix intermittent test failure on fission for test_upgrade_insecure_reporting.html. r=jkt
...
Differential Revision: https://phabricator.services.mozilla.com/D59099
--HG--
extra : moz-landing-system : lando
2020-01-08 13:38:56 +00:00
9cac4d2786
Bug 1605854 - Remove uneval/toSource from CORS tests. r=baku
...
Differential Revision: https://phabricator.services.mozilla.com/D58374
--HG--
extra : moz-landing-system : lando
2020-01-07 15:57:28 +00:00
a4d2079b26
Backed out changeset ea16475d26ba (bug 1605854) for mochitest failures at test_fetch_cors_sw_reroute.html. CLOSED TREE
2020-01-07 16:36:45 +02:00
188c9b376a
Bug 1605854 - Remove uneval/toSource from CORS tests. r=baku
...
Differential Revision: https://phabricator.services.mozilla.com/D58374
--HG--
extra : moz-landing-system : lando
2020-01-07 07:24:43 +00:00
c6ab4134b8
Bug 1605191 - Make nsIPrincipal attributes camelcase. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D58537
--HG--
extra : moz-landing-system : lando
2020-01-07 09:53:21 +00:00
e173f99b5b
Bug 1600326 - P3 use lazy pref getter in MixedContentBlocker, r=bzbarsky
...
This is an optimization to avoid getting the preference value for each http load when COOP is enabled, because that needs to check secure context state for all loads.
Depends on D57579
Differential Revision: https://phabricator.services.mozilla.com/D57580
--HG--
extra : moz-landing-system : lando
2019-12-31 04:11:04 +00:00
f4f8e6b1d9
Bug 1605123 - Fix CSP keyword invalidation assertion crash. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D57803
--HG--
extra : moz-landing-system : lando
2019-12-19 15:19:04 +00:00
70c715dd87
Bug 1603709 - Add 'report-sample' to CSP exemptions to invalidation when using 'strict-dynamic' r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D57491
--HG--
extra : moz-landing-system : lando
2019-12-17 17:39:37 +00:00
6639140a09
Bug 1603806. Add a blocking reason when loads with the SEC_REQUIRE_SAME_ORIGIN_* security flags are blocked due to not being same-origin. r=ckerschb,ochameau
...
Differential Revision: https://phabricator.services.mozilla.com/D57147
--HG--
extra : moz-landing-system : lando
2019-12-16 09:36:45 +00:00
0b1a146519
Bug 1596918: Part 4c - Fix callers which depend on document lifecycle changes. r=mccr8
...
ContentTask tasks have a different lifetime than SpecialPowers tasks, with the
former being tied to the lifetime of a message manager and the latter tied to
the lifetime of a window global. That means that existing ContentTask callers
which expect to be able to register load listeners before the creation of a
window global, or which expect to persist after a page has navigated, won't
work as SpecialPowers tasks.
Since those sorts of tasks are not really resilient in the face of Fission,
they should really be written to work differently, but this patch mostly just
reverts them to using ContentTask for the time being.
Differential Revision: https://phabricator.services.mozilla.com/D53744
--HG--
extra : moz-landing-system : lando
2019-12-13 20:36:36 +00:00
9853440599
Bug 1596918: Part 3b - Run code formatters on files changed by previous patch. r=mccr8,remote-protocol-reviewers,ato
...
Differential Revision: https://phabricator.services.mozilla.com/D53741
--HG--
extra : moz-landing-system : lando
2019-12-13 20:36:24 +00:00
94e3b0bd8d
Bug 1596918: Part 3a - Scripted rewrite of most ContentTask.spawn calls to SpecialPowers.spawn calls. r=mccr8,remote-protocol-reviewers,ato
...
This is generally pretty straightforward, and rewrites nearly all calls. It
skips the ones that it can detect using frame script globals like
`sendAsyncMessage`, though.
Differential Revision: https://phabricator.services.mozilla.com/D53740
--HG--
extra : moz-landing-system : lando
2019-12-13 20:36:16 +00:00
ee1cc488f2
Bug 1602483 part 2. Add a window id argument to CheckLoadURIWithPrincipal. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D56428
--HG--
rename : devtools/client/webconsole/test/browser/browser_webconsole_same_origin_errors.js => devtools/client/webconsole/test/browser/browser_webconsole_checkloaduri_errors.js
rename : devtools/client/webconsole/test/browser/test-same-origin-required-load.html => devtools/client/webconsole/test/browser/test-checkloaduri-failure.html
extra : moz-landing-system : lando
2019-12-12 16:41:19 +00:00
cbc90e1aca
Bug 1602090 part 2. Create separate CheckMayLoad and CheckMayLoadWithReporting APIs. r=ckerschb
...
CheckMayLoadAndReport takes a window ID. This allows us to report
errors from it to the web console as needed. Most consumers know statically
whether they want reporting or not, so there's no reason to force the ones that
don't to provide window ids.
Differential Revision: https://phabricator.services.mozilla.com/D56388
--HG--
extra : moz-landing-system : lando
2019-12-13 06:24:12 +00:00
142f16f7de
Bug 1599256: Fix web compatibility issues by reverting changes and going back to loading about:blank and firing the onload event in case XFO blocks an iframe. r=jkt,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D56166
--HG--
extra : moz-landing-system : lando
2019-12-13 07:07:49 +00:00
be0238569b
Bug 1601090, rename .xul files to .xhtml in toolkit/mozapps r=mossop
...
Differential Revision: https://phabricator.services.mozilla.com/D55837
--HG--
rename : toolkit/mozapps/downloads/content/unknownContentType.xul => toolkit/mozapps/downloads/content/unknownContentType.xhtml
rename : toolkit/mozapps/extensions/content/blocklist.xul => toolkit/mozapps/extensions/content/blocklist.xhtml
rename : toolkit/mozapps/extensions/content/extensions.xul => toolkit/mozapps/extensions/content/extensions.xhtml
rename : toolkit/mozapps/handling/content/dialog.xul => toolkit/mozapps/handling/content/dialog.xhtml
rename : toolkit/mozapps/update/content/updateElevation.xul => toolkit/mozapps/update/content/updateElevation.xhtml
extra : moz-landing-system : lando
2019-12-12 16:30:59 +00:00
6c95adafed
Backed out 4 changesets (bug 1602483, bug 1602090) for causing perma leackchecks CLOSED TREE
...
Backed out changeset 6b057ba06b4a (bug 1602483)
Backed out changeset 9be3269d781d (bug 1602483)
Backed out changeset e3e2c1d7478e (bug 1602090)
Backed out changeset fdc4a588912e (bug 1602090)
2019-12-12 18:37:01 +02:00
4425adb1cc
Bug 1602483 part 2. Add a window id argument to CheckLoadURIWithPrincipal. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D56428
--HG--
rename : devtools/client/webconsole/test/browser/browser_webconsole_same_origin_errors.js => devtools/client/webconsole/test/browser/browser_webconsole_checkloaduri_errors.js
rename : devtools/client/webconsole/test/browser/test-same-origin-required-load.html => devtools/client/webconsole/test/browser/test-checkloaduri-failure.html
extra : moz-landing-system : lando
2019-12-12 13:05:12 +00:00
e0acf6e9fc
Bug 1602090 part 2. Create separate CheckMayLoad and CheckMayLoadWithReporting APIs. r=ckerschb
...
CheckMayLoadAndReport takes a window ID. This allows us to report
errors from it to the web console as needed. Most consumers know statically
whether they want reporting or not, so there's no reason to force the ones that
don't to provide window ids.
Differential Revision: https://phabricator.services.mozilla.com/D56388
--HG--
extra : moz-landing-system : lando
2019-12-12 13:03:42 +00:00
907d461fa8
Backed out changeset b8f22dc26ee7 (bug 1599256) for causing test_ignore_xfo.html to permafail CLOSED TREE
2019-12-12 15:56:47 +02:00
314cb88c14
Bug 1599256: Fix web compatibility issues by reverting changes and going back to loading about:blank and firing the onload event in case XFO blocks an iframe. r=jkt,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D56166
--HG--
extra : moz-landing-system : lando
2019-12-12 12:16:02 +00:00
62a130ba0a
Bug 1602882 - Move array operations to a new js/Array.h header. r=sfink,bzbarsky
...
Differential Revision: https://phabricator.services.mozilla.com/D56595
--HG--
extra : moz-landing-system : lando
2019-12-11 06:17:44 +00:00
91924fedc7
Backed out 9 changesets (bug 1596918) for causing mochitest permafailures in toolkit/content/tests/chrome/test_findbar_events.xhtml CLOSED TREE
...
Backed out changeset 45a1c42118f2 (bug 1596918)
Backed out changeset db09910ffa56 (bug 1596918)
Backed out changeset 5c9d9f141c10 (bug 1596918)
Backed out changeset 6a135670d603 (bug 1596918)
Backed out changeset 3a0184e0df72 (bug 1596918)
Backed out changeset 2f0036486823 (bug 1596918)
Backed out changeset a770c6d08d52 (bug 1596918)
Backed out changeset ef062eb7a6ee (bug 1596918)
Backed out changeset a6ea596e98db (bug 1596918)
2019-12-11 03:09:26 +02:00
356e59c6bc
Bug 1596918: Part 4c - Fix callers which depend on document lifecycle changes. r=mccr8
...
ContentTask tasks have a different lifetime than SpecialPowers tasks, with the
former being tied to the lifetime of a message manager and the latter tied to
the lifetime of a window global. That means that existing ContentTask callers
which expect to be able to register load listeners before the creation of a
window global, or which expect to persist after a page has navigated, won't
work as SpecialPowers tasks.
Since those sorts of tasks are not really resilient in the face of Fission,
they should really be written to work differently, but this patch mostly just
reverts them to using ContentTask for the time being.
Differential Revision: https://phabricator.services.mozilla.com/D53744
--HG--
extra : moz-landing-system : lando
2019-12-10 23:07:22 +00:00
Sebastian Streich
Christian Holler
David Major
Tom Ritter
Gijs Kruitbosch
Christoph Kerschbaumer
Razvan Maries
Narcis Beleuzu
Matt Woodrow
Ehsan Akhgari
Oana Pop Rus
Sylvestre Ledru
Tom Schuster
Brindusan Cristian
Jonathan Kingston
Junior Hsu
Boris Zbarsky
Kris Maglione
Emma Malysz
Ciure Andrei
Jeff Walden
shindli