6cb8e9938e
Backed out changeset 16895673c015 (bug 1474842) for causing android geckoview failures. CLOSED TREE
2021-11-04 12:22:21 +02:00
90fcf31b4f
Bug 1474842: MCB: Allow loads if the parent scheme is not https AND if the parent window is not a secure context. r=ckerschb,robwu
...
Differential Revision: https://phabricator.services.mozilla.com/D120622
2021-11-04 08:57:06 +00:00
990245fb6a
Bug 1729897 - CSP Upgrade-insecure-requests is upgrading localhost websocket r=necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D125533
2021-09-15 11:28:13 +00:00
f163bbb0d8
Bug 1702417: Do not subject webrtc media connections to mixed content blocking. r=mixedpuppy,freddyb
...
Differential Revision: https://phabricator.services.mozilla.com/D124201
2021-09-13 18:20:10 +00:00
b67cbe0b60
Bug 1702417: Test case for bug. r=freddyb,mixedpuppy,necko-reviewers
...
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.
Differential Revision: https://phabricator.services.mozilla.com/D124965
2021-09-13 18:20:10 +00:00
06d69eb77d
Bug 1551886: Check the parent scheme for NullPrincipals via the precusor principal. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D119977
2021-07-28 11:23:15 +00:00
6e4e85c04c
Backed out changeset 27644fd8810b (bug 1551886) for causing wpt failures on /mixed-content/. CLOSED TREE
2021-07-22 16:02:47 +03:00
22a59e14de
Bug 1551886: Check the parent scheme for NullPrincipals via the precusor principal. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D119977
2021-07-22 10:18:57 +00:00
b00338e9b9
Backed out changeset ec131014f7fd (bug 1551886) for WPT failures in worker-classic-data.http-rp/opt-in/fetch.https.html. CLOSED TREE
2021-07-21 19:20:36 +03:00
a2a0eb99b1
Bug 1551886: Check the parent scheme for NullPrincipals via the precusor principal. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D119977
2021-07-21 10:57:12 +00:00
58a3ef1c19
Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb
...
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts. The document certainly has no authority
to block those from loading. (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)
Differential Revision: https://phabricator.services.mozilla.com/D111695
2021-06-14 01:22:06 +00:00
ef0a88c6f2
Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
...
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
2021-06-12 01:12:25 +00:00
ed3da455ae
Backed out 7 changesets (bug 1542807) for causing failures at inert-retargeting-iframe.tentative.html. CLOSED TREE
...
Backed out changeset e9ef32fa2f2e (bug 1542807)
Backed out changeset 8fa0cb199975 (bug 1542807)
Backed out changeset 38daf64afe59 (bug 1542807)
Backed out changeset e3aee052c495 (bug 1542807)
Backed out changeset a71056d4c7cc (bug 1542807)
Backed out changeset cf91e7d0a37f (bug 1542807)
Backed out changeset eee949e5fd67 (bug 1542807)
2021-06-12 01:38:25 +03:00
2047e29464
Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb
...
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts. The document certainly has no authority
to block those from loading. (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)
Differential Revision: https://phabricator.services.mozilla.com/D111695
2021-06-11 18:10:39 +00:00
e4394b27a2
Backed out 3 changesets (bug 1715142) for causing build bustages. CLOSED TREE
...
Backed out changeset 7e67994f6a65 (bug 1715142)
Backed out changeset f58d5156f332 (bug 1715142)
Backed out changeset f8a7bd4519c6 (bug 1715142)
2021-06-11 21:20:02 +03:00
f84faf1bf5
Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
...
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
2021-06-11 17:58:19 +00:00
955a3ab572
Backed out 2 changesets (bug 1715142) for causing marionette failures on test_navigation.py and mochitest failures on browser_setIgnoreCertificateErrors.js. CLOSED TREE
...
Backed out changeset 83206685ca0b (bug 1715142)
Backed out changeset ab3060a5f69e (bug 1715142)
2021-06-11 02:45:34 +03:00
f3c620e4c3
Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
...
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
2021-06-10 22:13:32 +00:00
c46e217683
Bug 1708116 - Use NetAddr::InitFromString instead of PR_StringToNetAddr r=necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D113752
2021-05-10 09:26:01 +00:00
31acb9e00c
Backed out 2 changesets (bug 1708116) for causing xpcshell failures in test_udpsocket_offline.js and bc failures in browser_cookies_ipv6.js. CLOSED TREE
...
Backed out changeset 0c9b303226f1 (bug 1708116)
Backed out changeset e3be13d3c045 (bug 1708116)
2021-05-06 16:35:48 +03:00
301361bdfb
Bug 1708116 - Use NetAddr::InitFromString instead of PR_StringToNetAddr r=necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D113752
2021-05-06 10:06:46 +00:00
f7b8c6b3d1
Backed out 2 changesets (bug 1708116) for causing build bustages. CLOSED TREE
...
Backed out changeset d1488e9d64a6 (bug 1708116)
Backed out changeset 44ed91f0b7b4 (bug 1708116)
2021-05-04 18:41:36 +03:00
5ae9a468e0
Bug 1708116 - Use NetAddr::InitFromString instead of PR_StringToNetAddr r=necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D113752
2021-05-04 14:05:59 +00:00
54c1b8dee1
Bug 1687108 - Remove unused content policy types. r=ckerschb,remote-protocol-reviewers,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D102083
2021-01-19 09:42:13 +00:00
a29e207781
Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D101271
2021-01-15 12:07:16 +00:00
0322452233
Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE
2021-01-15 04:04:37 +02:00
b384f14cde
Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D101271
2021-01-15 04:02:41 +02:00
9ed19e2828
Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE
2021-01-15 02:45:34 +02:00
87e50835c4
Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug
...
Differential Revision: https://phabricator.services.mozilla.com/D101271
2021-01-14 20:44:54 +00:00
9f99b10883
Bug 1662138 - Do not rely on Type::SaveAs for MCB download check r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D88865
2021-01-07 12:19:27 +00:00
3424a95ee0
Bug 1682103 - Make nsContentPolicyType a CEnum type. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D99580
2020-12-16 11:36:47 +00:00
9379d0240f
Bug 1679987 - Use nsTokenizedRange where easily possible. r=xpcom-reviewers,nika
...
Differential Revision: https://phabricator.services.mozilla.com/D98308
2020-12-16 19:10:34 +00:00
70d15af587
Bug 1220810 - Hardcode localhost to loopback, r=ckerschb,necko-reviewers,dragana
...
This patch make localhost addresses resolve to a loopback address,
thereby ensuring that we can safely treat http://localhost/ and
http://*.localhost/ as "Potentially Trustworthy". This addresses
various bug reports from developers and aligns with specifications.
See https://groups.google.com/g/mozilla.dev.platform/c/sZdEYTiEBdE
Differential Revision: https://phabricator.services.mozilla.com/D92716
2020-10-22 07:36:15 +00:00
b70b9de731
Backed out changeset a5a35a205a44 (bug 1220810) for causing test_dns_offline and fontface-override-descriptor-getter-setter failures. CLOSED TREE
2020-10-21 13:00:01 +03:00
4e6e6c7714
Bug 1220810 - Hardcode localhost to loopback, r=ckerschb,necko-reviewers,dragana
...
This patch make localhost addresses resolve to a loopback address,
thereby ensuring that we can safely treat `http://localhost/ ` and
`http://*.localhost/ ` as "Potentially Trustworthy". This addresses
various bug reports from developers and aligns with specifications.
See https://groups.google.com/g/mozilla.dev.platform/c/sZdEYTiEBdE
Differential Revision: https://phabricator.services.mozilla.com/D92716
2020-10-21 07:42:23 +00:00
341416588c
Bug 1653026 - Added HTTPS-Only Mode upgrade info to browser UI state. r=mattwoodrow,necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D86566
2020-10-06 00:34:55 +00:00
2a9b39efce
Backed out 2 changesets (bug 1653026) for mochitest failures at WindowGlobalParent.cpp. CLOSED TREE
...
Backed out changeset 54c69c99b241 (bug 1653026)
Backed out changeset e70649f78910 (bug 1653026)
2020-10-03 10:49:04 +03:00
30a6225652
Bug 1653026 - Added HTTPS-Only Mode upgrade info to browser UI state. r=mattwoodrow,necko-reviewers,dragana
...
Differential Revision: https://phabricator.services.mozilla.com/D86566
2020-10-03 01:22:19 +00:00
de7bab0f06
Bug 1650145 - Replace all value uses of Empty[C]String by 0-length _ns literals. r=froydnj,geckoview-reviewers,agi
...
Differential Revision: https://phabricator.services.mozilla.com/D82325
2020-09-23 15:17:15 +00:00
07362aeaa4
Bug 1663657 - Turn IsIpAddr* functions into NetAddr methods r=necko-reviewers,kershaw
...
Differential Revision: https://phabricator.services.mozilla.com/D89552
2020-09-15 10:39:56 +00:00
c8e604eb78
Backed out 4 changesets (bug 1660970, bug 1525854, bug 1663657, bug 1645108) for perma failures on test_trr_additional_section.js. CLOSED TREE
...
Backed out changeset ad6c2e8af09b (bug 1663657)
Backed out changeset 419e26e3f452 (bug 1525854)
Backed out changeset 55bf856faf33 (bug 1660970)
Backed out changeset c543a3a008fa (bug 1645108)
2020-09-15 02:35:05 +03:00
6d149e6e7a
Bug 1663657 - Turn IsIpAddr* functions into NetAddr methods r=necko-reviewers,kershaw
...
Differential Revision: https://phabricator.services.mozilla.com/D89552
2020-09-14 12:06:27 +00:00
0cf5f5e5ac
Bug 1659132 - Make AddrInfo immutable r=dragana,necko-reviewers
...
Also adds constructors for NetAddr to avoid it being uninitialized.
Differential Revision: https://phabricator.services.mozilla.com/D87091
2020-09-01 07:22:14 +00:00
cdf1ae5211
Backed out 2 changesets (bug 1659132) for failures at browser_cleanFlow.js. CLOSED TREE
...
Backed out changeset 7952fd59f59b (bug 1659132)
Backed out changeset fa8ce4af10a0 (bug 1659132)
2020-08-25 13:02:33 +03:00
5b24e1699e
Bug 1659652 - Add logging to nsMixedContentBlocker::ShouldLoad r=freddyb,baku
...
Differential Revision: https://phabricator.services.mozilla.com/D87410
2020-08-25 08:25:46 +00:00
b4b3279a00
Bug 1659132 - Make AddrInfo immutable r=dragana,necko-reviewers
...
Also adds constructors for NetAddr to avoid it being uninitialized.
Differential Revision: https://phabricator.services.mozilla.com/D87091
2020-08-25 08:02:22 +00:00
73a14f1b36
Backed out 2 changesets (bug 1659132) for build bustage. CLOSED TREE
...
Backed out changeset 1caace74f89e (bug 1659132)
Backed out changeset 58fdbfbe05a1 (bug 1659132)
2020-08-25 09:43:01 +03:00
ec0be3efef
Bug 1659132 - Make AddrInfo immutable r=dragana,necko-reviewers
...
Also adds constructors for NetAddr to avoid it being uninitialized.
Differential Revision: https://phabricator.services.mozilla.com/D87091
2020-08-24 12:23:06 +00:00
c2daadfdc6
Bug 1658594: Simplified HTTPS-Only checks for CORS and mixed content r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D86820
2020-08-17 16:35:09 +00:00
96d8ee8908
Backed out changeset 6b495a62f535 (bug 1658594) for causing failures in test_cors_mixedcontent.html
...
CLOSED TREE
2020-08-14 18:43:43 +03:00
criss
Niklas Goegge
Valentin Gosu
Byron Campen
Csoregi Natalia
Dorel Luca
Mats Palmgren
Dana Keeler
Butkovits Atila
Iulian Moraru
Brindusan Cristian
Sandor Molnar
Masatoshi Kimura
Narcis Beleuzu
Sebastian Streich
Simon Giesecke
Frédéric Wang
julianwels
Razvan Maries
Jens Hausdorf
Mihai Alexandru Michis