mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
649 390 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

66 Коммитов

Автор SHA1 Сообщение Дата
Honza Bambas 5f945421d4 Bug 1493599 - Expose reason of security blocking on nsILoadInfo and add new http observer notification for failed asyncOpens, r=Honza,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D23150

--HG--
extra : moz-landing-system : lando
 2019-04-26 10:59:41 +00:00
Christoph Kerschbaumer 54df1cb98c Bug 1528677: Remove nullchecks for loadinfo since we have loadinfo on all channels. r=baku 2019-02-20 13:27:25 +01:00
Christoph Kerschbaumer d65faafb09 Bug 1509738: CSP snapshot nonce at load start time. r=baku 
--HG--
extra : rebase_source : ea232b7a3aeae9c18895e885d1536ca58c8de1bd
extra : amend_source : b0c351f8c0c1a5eb7865a735f8dc5bafb42384f1
 2019-02-13 20:45:29 +01:00
Noemi Erli 0a63dd9be6 Backed out 2 changesets (bug 1509738) for failures in propagate-nonce-external-classic.html 
Backed out changeset fbf4b73c8786 (bug 1509738)
Backed out changeset 53f624bc7c22 (bug 1509738)
 2019-02-13 16:22:44 +02:00
Christoph Kerschbaumer 7859700e5d Bug 1509738 - CSP snapshot nonce at load start time. r=baku 
--HG--
extra : rebase_source : b532f519b79a3bc14ece0c0ee829edd400149e48
extra : amend_source : d4b8fba240a9d28437ee436b94313fd1602426c4
extra : histedit_source : 6af35eb388f6c23d80d8412533fec02abe2d4cff
 2019-02-13 13:46:50 +01:00
Andreea Pavel e09dd2a72d Backed out 2 changesets (bug 1509738) for failing propagate-nonce-external-classic.html on a CLOSED TREE 
Backed out changeset 5cbc3f79a126 (bug 1509738)
Backed out changeset 44a945b21f87 (bug 1509738)
 2019-02-13 02:18:28 +02:00
Christoph Kerschbaumer 6111ccf5fd Bug 1509738: CSP snapshot nonce at load start time r=baku 
Differential Revision: https://phabricator.services.mozilla.com/D19519

--HG--
extra : moz-landing-system : lando
 2019-02-12 18:01:32 +00:00
Andrea Marchesini 3000d51d8b Bug 1518948 - Wrong loadInfo check in CSPService::AsyncOnChannelRedirect, r=ckerschb 2019-01-10 10:52:13 +01:00
Dave Townsend 4e82401311 Bug 1515863, r=valentin,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D15728

--HG--
extra : rebase_source : 2e1c705dd97d458080387896fd7a1f0e88523e06
 2018-04-11 12:52:47 -07:00
Sylvestre Ledru 265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
 2018-11-30 11:46:48 +01:00
Christoph Kerschbaumer ed1f7a623a Bug 1503575 - Remove unused mAppStatusCache from nsCSPService. r=baku 2018-10-31 15:35:27 +01:00
Christoph Kerschbaumer 8b14b77870 Bug 1500083 - Exempt TYPE_XBL loads from CSP. r=dveditz 
--HG--
extra : rebase_source : 0812c9ad5704e7804c8e0c630a35735b65c7469b
 2018-10-22 14:50:58 +02:00
Andrea Marchesini 4439acd683 Bug 1498510 - Move nsICSPEventListener out of CSP object, r=ckerschb 2018-10-23 08:17:13 +02:00
Timothy Guan-tin Chien 9464df5529 Bug 1490793 - Localization DTDs should not be subject to CSP r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D5713

--HG--
extra : moz-landing-system : lando
 2018-09-18 08:17:41 +00:00
Andrea Marchesini 44ce53c72e Bug 1476592 - Remove the cache from nsCSPContext - part 2 - sendViolationReports parameter, r=ckerschb, r=aosmond 2018-08-01 06:35:24 +02:00
Nicholas Nethercote fc1f4bb4ae Bug 1476820 - Convert some VarCache prefs in dom/security/ to use StaticPrefs. r=ckerschb 
Specifically:
- "security.csp.enable"
- "security.csp.experimentalEnabled"
- "security.csp.enableStrictDynamic"
- "security.csp.reporting.script-sample.max-length"
- "security.csp.enable_violation_events"

MozReview-Commit-ID: G1ie4ut9QaK

--HG--
extra : rebase_source : d6b5a0e79eb7046a13a8b4fe957c82c11831c86c
 2018-07-19 10:43:29 +10:00
Andrea Marchesini d3cf48d4ba Bug 1332422 - CSP should not use 'aExtra' to indicate redirects within ContentPolicy, r=ckerschb 
Instead, let's pass a nsIURI object to indicate when we have to check a
redirect CSP loading.
 2018-07-19 13:25:50 +02:00
vinoth d2f222b912 Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects is fixed r=ckerschb 
Reviewers: ckerschb

Reviewed By: ckerschb

Subscribers: ckerschb

Bug #: 1469150

Differential Revision: https://phabricator.services.mozilla.com/D1720

--HG--
extra : rebase_source : 2dd2e731426dad07c834b0826c588e6cd23932d5
extra : amend_source : c93b71f04eaedbfbc4831ddabe041fc3d4face92
 2018-06-22 20:35:14 +03:00
Andrea Marchesini 4dbf30fc68 Bug 1446922 - Remove the leading 'a' from variables within the various ::ShouldLoad() implementations, r=qdot 2018-05-30 21:21:17 +02:00
Christoph Kerschbaumer a929955d1f Bug 1439713 - Change nsIContentPolicy shouldLoad to take an <uri, loadInfo> pair instead of the various args. r=bz 2018-03-29 12:16:23 +02:00
Christoph Kerschbaumer e8f5150467 Bug 1439444: resource and chrome images and styles should not be subject to CSP. r=gijs 2018-03-01 13:45:04 +01:00
Christoph Kerschbaumer 1407489a4b Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
extra : intermediate-source : 91c948c94506089d6f40dc59d13c75ab78ce914d
 2018-01-25 14:20:31 +01:00
Sebastian Hengst a6cab8c4e8 Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js 
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
 2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer 6575d66c41 Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
 2018-01-25 14:20:31 +01:00
Kris Maglione 84fb189b82 Bug 1407056: Part 2 - Override page CSP for loads by expanded principals. r=bz,krizsa 
Per the CSP specification, content injected by extensions is meant to be
exempt from page CSP. This patch takes care of the most common case of content
injected by extension content scripts, which always have expanded principals
which inherit from the page principal.

In a follow-up, we'll probably need to extend the exemption to stylesheet
content loaded by extension codebase principals.

MozReview-Commit-ID: GlY887QAb5V

--HG--
extra : rebase_source : 1371b4e4e7f330b7f7721d4aa169fcb52a7622d0
 2017-10-07 14:53:30 -07:00
Andrea Marchesini 507c00cb9f Bug 1343933 - Renaming Principal classes - part 4 - ContentPrincipal, r=qdot 
--HG--
rename : caps/nsPrincipal.cpp => caps/ContentPrincipal.cpp
rename : caps/nsPrincipal.h => caps/ContentPrincipal.h
 2017-03-22 11:39:31 +01:00
Ben Kelly 564ce2618f Bug 1338304 P1 Make nsCSPService cancel the channel if a redirect is blocked by CSP. r=ckerschb 2017-02-14 10:06:38 -05:00
Christoph Kerschbaumer 0c9692f60f Bug 1330035 - Explicitly use javascript: instead of URI_INHERITS_SECURITY_CONTEXT within subjectToCSP(). r=dveditz 2017-01-12 09:42:23 +01:00
Nicholas Nethercote 742fc7eb48 Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley. 
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:

  nsAutoCString spec;
  uri->GetSpec(spec);
  printf("uri: %s", spec.get());

to be changed to this:

  printf("uri: %s", uri->GetSpecOrDefault().get());

This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.

I will fold this into part 1 before landing.

--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
 2016-08-26 16:02:31 +10:00
Patrick McManus 2cd574f25f Bug 1274376 - more mozilla::net namespaces r=dragana 
--HG--
extra : rebase_source : 914d48f23a4a5db052a789b9e21c1ff922533d35
 2016-05-18 22:02:57 -04:00
Tanvi Vyas 1de9e6ab9d Bug 1259678 - Refactor SubjectToCSP to avoid calling ShouldLoad if CSP doesn't apply to the content type. r=ckerschb 
--HG--
extra : rebase_source : 76f914a9dfab38bd5d21ddca519f47a2a5d68963
 2016-03-24 23:09:00 -04:00
Christoph Kerschbaumer ec146d5159 Bug 908933 - Part1 - CSP: Call ShouldLoad inside ShouldProcess for TYPE_OBJECT. r=ckerschb 
--HG--
extra : rebase_source : ee8875120e45d84413ab8ed3c9553d3d42e88acd
 2014-08-05 11:47:08 -07:00
Christoph Kerschbaumer 18e28eaf42 Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking) 2016-01-19 09:10:50 -08:00
Ethan Tseng caf218fa3e Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb 2015-12-17 12:07:37 +08:00
sajitk 5fb2c53074 Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini 2015-11-23 11:09:25 -08:00
Christoph Kerschbaumer 3bac30dca9 Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking) 2015-11-14 19:29:18 -08:00
Kate McKinley 67f4155fe6 Bug 1045891 - CSP 2 child-src implementation r=ckerschb 2015-10-28 16:32:27 -07:00
Jonas Sicking 4316c13003 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-19 11:14:54 -07:00
Christoph Kerschbaumer 643f27c257 Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz) 2015-10-18 19:59:18 -07:00
Wes Kocher c2b3d9275b Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors 
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
 2015-10-15 14:07:06 -07:00
Jonas Sicking 81a15a3362 Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb 2015-10-15 12:18:20 -07:00
Christoph Kerschbaumer f3e1d73e58 Bug 1048048 - add preload content policy types - csp changes (r=dveditz) 
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
 2015-09-20 14:56:34 -07:00
Wes Kocher cd079d2bf9 Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE 
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
 2015-09-21 09:08:34 -07:00
Christoph Kerschbaumer b2de9adb18 Bug 1048048 - add preload content policy types - csp changes (r=dveditz) 2015-09-20 14:56:34 -07:00
Ehsan Akhgari 554db0e419 Bug 1175114 - Translate the content policy type obtained in CSPService::AsyncOnChannelRedirect to an external one before invoking the content policy implementation; r=smaug 2015-06-16 14:49:56 -04:00
Ehsan Akhgari 72aef1875b Bug 1175122 - Add more assertions to the in-tree content policy implementations to ensure that they receive external content policy types; r=baku 2015-06-16 11:38:53 -04:00
Ehsan Akhgari 8f750a75b2 Bug 1174307 - Add some internal content policy types for the purpose of reflecting them on RequestContext; r=sicking 
These new content policy types will be internal ones that we will map
to external nsContentPolicyTypes before passing them to content policy
implementations.
 2015-06-15 15:40:26 -04:00
Eric Rahm 75c4bebb79 Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj 
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
  PR_LOG_ERROR   -> LogLevel::Error
  PR_LOG_WARNING -> LogLevel::Warning
  PR_LOG_WARN    -> LogLevel::Warning
  PR_LOG_INFO    -> LogLevel::Info
  PR_LOG_DEBUG   -> LogLevel::Debug
  PR_LOG_NOTICE  -> LogLevel::Debug
  PR_LOG_VERBOSE -> LogLevel::Verbose

Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.

Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
 2015-06-03 15:25:57 -07:00
Eric Rahm f50b813989 Bug 1165515 - Part 3: Convert PR_LOG_TEST to MOZ_LOG_TEST. r=froydnj 2015-06-03 15:22:28 -07:00
Carsten "Tomcat" Book 5471309381 Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures 
Backed out changeset d68dcf2ef372 (bug 1165515)
Backed out changeset 7c3b45a47811 (bug 1165515)
Backed out changeset b668b617bef2 (bug 1165515)
Backed out changeset d0916e1283a2 (bug 1165515)
Backed out changeset ac4dc7489942 (bug 1165515)
Backed out changeset e9632ce8bc65 (bug 1165515)
Backed out changeset c16d215cc7e4 (bug 1165515)
Backed out changeset e4d474f3c51a (bug 1165515)
Backed out changeset d87680bf9f7c (bug 1165515)
Backed out changeset b3c0a45ba99e (bug 1165515)
Backed out changeset 9370fa197674 (bug 1165515)
Backed out changeset 50970d668ca1 (bug 1165515)
Backed out changeset ffa4eb6d24b9 (bug 1165515)
Backed out changeset 5fcf1203cc1d (bug 1165515)

--HG--
extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a
 2015-06-02 13:05:56 +02:00