bd8bba9788
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: IhEAA89VyTr
--HG--
extra : rebase_source : 63d522eab0477706636aa2e9086f1b0cdc30889d
2016-06-30 12:32:03 +08:00
edd71bdffd
Bug 671389 - Extend CSP tests for iframe sandbox with CSP sandbox directive tests r=grobinson
...
--HG--
extra : rebase_source : 4a37c0828701909f32870c0079b75b5c55144381
2016-06-28 14:06:06 -07:00
6e2b739762
Bug 671389 - Tests for CSP sandbox directive. r=grobinson, r=smaug
...
--HG--
extra : rebase_source : 8906837f0a8f0afdb3ba3db5463265ef62220f92
2016-06-28 14:03:45 -07:00
ec18fc5ff7
Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug
...
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
2016-06-29 07:48:44 -07:00
9e62aecdfc
Bug 1278272 - Convert test_csp_upgrade_insecure_request_header.js to channel.asyncOpen2() r=jkt
2016-06-29 13:08:47 +02:00
1a5fda4297
Bug 1240193 - Skip TYPE_DOCUMENT assertions for loads initiated by JS tests (r=tanvi)
2016-06-29 12:59:45 +02:00
daa6f72c59
Bug 1279420 - Adding in security.csp.experimentalEnabled pref check to require-sri-for directive in CSP. r=ckerschb
...
MozReview-Commit-ID: 799ZZoW0YiG
--HG--
extra : transplant_source : %CAC%12%16%C6a%10AP%BEc%85%BA%93Z%7Cq%D43%8D
2016-06-20 19:49:38 +01:00
24fbc29c99
Bug 1188642 - Use channel->ascynOpen2 in dom/base/nsObjectLoadingContent.cpp r=smaug
2016-06-28 09:37:55 +02:00
25f6f710d7
Bug 1100181 - CSP: Enforce connect-src when submitting pings. r=arroway
2016-06-24 15:25:11 +02:00
76f6cc7739
Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen
...
--HG--
extra : rebase_source : 92bd320351de91b72304c2fc386f1ae295837a9e
2016-06-22 14:13:03 +02:00
1b81dcec35
Bug 1271198 - Convert Websockets to use AsyncOpen2(). r=jduell
2016-05-17 12:04:11 +02:00
4b7ad0e2c5
Bug 1223838 - Fix wrong policy associated with empty string. r=fkiefer,hsivonen
...
MozReview-Commit-ID: 7kFH39cegmH
2016-05-30 15:17:45 +08:00
83ab2f2e39
Bug 1148732 - (CVE-2015-4483) feed: protocol + POST method => mixed scripting. r=tanvi
2016-05-23 12:11:02 +08:00
e4fbe1d9ac
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
404a0bbb99
Bug 1265318: add require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: 200PAvKtBME
2016-05-31 11:14:00 +02:00
e8df1f59be
Bug 1265318: tests for require-sri-for CSP directive. r=ckerschb
...
MozReview-Commit-ID: Ji14cwB8D3P
2016-05-31 08:30:00 +02:00
525c086187
Bug 1259871 - Replace getSimpleCodebasePrincipal with createCodebasePrincipal. r=sicking
...
MozReview-Commit-ID: Frx0CjBzuve
--HG--
extra : histedit_source : 036eb321d9ccb20e0e071ba588b0a1249eb34bdd
2016-05-24 18:01:34 +08:00
4a29890033
Backed out changeset c970fb57fedd (bug 1247459) for failing its own test on Windows. r=backout
2016-05-31 08:36:02 +02:00
fc06857f8e
Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb
2016-05-17 15:34:53 +02:00
8a208322fb
Bug 1269254 - Skip CheckLoadURIWithPrincipal checks within ContentSecurityManager on loadingPrincipal if security flag indicates allow cross origin loads (r=sicking)
2016-05-29 20:40:16 +02:00
031a59734b
Bug 1196013 - Use channel->ascynOpen2 in toolkit/components/places. r=billm r=sicking r=mak
2016-05-23 23:57:31 +02:00
2cd574f25f
Bug 1274376 - more mozilla::net namespaces r=dragana
...
--HG--
extra : rebase_source : 914d48f23a4a5db052a789b9e21c1ff922533d35
2016-05-18 22:02:57 -04:00
927b1a0b3a
Backed out changeset 7469725d7461 (bug 959388)
2016-05-23 11:36:12 +02:00
9214312096
Backed out changeset 9feb9c89d33a (bug 959388)
2016-05-23 11:36:10 +02:00
61fe1800b8
Bug 959388 - Add csp worker test cases. r=kmckinley
...
MozReview-Commit-ID: Ahx419BHWrS
--HG--
extra : rebase_source : 2016c1e68f990a8ba9cd471e18778c87b08546e1
2016-05-19 11:59:54 +08:00
32e38271c9
Bug 959388 - Deliver CSP from HTTP header. r=ckerschb r=khuey
...
MozReview-Commit-ID: LUl5LyO94m3
--HG--
extra : rebase_source : f2ddfcbf6237b11ebb19adfabf346cf76f4a6ab8
2016-05-19 11:57:32 +08:00
52a84afc5c
Bug 1273418 - CSP: Test evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:36:02 +02:00
3713fd6352
Bug 1273418 - CSP: Evaluate upgrade-insecure-requests before block-all-mixed-content (r=tanvi)
2016-05-21 19:35:45 +02:00
468fcc6924
Backed out changeset 2292661153e3 (bug 1271198) for web-platform failures. r=backout on a CLOSED TREE
2016-05-19 17:06:04 +02:00
bbc661631e
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 15:42:01 +02:00
d6e3286232
Backed out changeset 854a8df494d3 (bug 1271198) for many assertions at nsHttpChannel.cpp:5204. r=backout on a CLOSED TREE
2016-05-19 14:23:51 +02:00
0e2d46a840
Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)
2016-05-19 11:54:02 +02:00
1e81548029
bug 1271436 - use nsIDocShellTreeItem::GetDocument() more r=smaug
2016-05-17 18:16:07 -04:00
8a9e2d2bd4
Bug 1272513 - Part 2: Remove redundant -Wshadow CXXFLAGS from moz.build files. r=glandium
2016-05-14 00:54:55 -07:00
dc7cba21ef
Bug 1251152 - Part 3: Test case. r=franziskus
2016-05-05 11:11:34 +08:00
51e42c28d2
Bug 1268851 - Add SRILogHelper to hold GetSriLog r=baku
...
MozReview-Commit-ID: BqW7LXOFirn
--HG--
extra : rebase_source : cf0d1c8f1f88e05912830cef673e866b7c2756c4
2016-05-03 17:43:33 -07:00
9944442791
Bug 1261634 - Tests for whitespace skipping within meta csp. r=dveditz
2016-04-21 21:19:50 +02:00
a9a95d1918
Bug 1261634 - Update whitespace skipping for meta csp. r=dveditz
2016-04-21 21:15:06 +02:00
f14f1babe8
Bug 1193762 part 8 - Fix things that will break; r=froydnj
...
It looks like VC++ doesn't like comparisons of nsCOMPtr to 0 after this
change, but those are bad style anyway, so I removed them from
TestCOMPtr.cpp instead of trying to make them work.
2016-05-01 21:29:23 +03:00
da0d241d98
Bug 1206961 - Use channel->AsyncOpen2() for imageLoader; Remove security checks from callsites (r=bz)
2016-04-27 19:41:13 +02:00
2bb448cbb2
Bug 1267509 - Make nsContentSecurityManager::IsURIPotentiallyTrustworthy act on an nsIPrincipal. r=bz
...
MozReview-Commit-ID: Zu1zU4Brkx
--HG--
rename : dom/security/test/unit/test_isURIPotentiallyTrustworthy.js => dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
2016-04-26 11:30:43 +01:00
c607e5cac1
Bug 1263286 - Update csp base-uri tests. r=bz
...
--HG--
rename : dom/security/test/csp/file_base-uri.html => dom/security/test/csp/file_base_uri_server.sjs
2016-04-26 12:38:06 +02:00
c73656947b
Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj
2016-04-25 17:23:21 -07:00
582caa399f
Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb
...
MozReview-Commit-ID: I1w9QrWJeEo
--HG--
extra : histedit_source : 1258cfc50d32c10f0de90ba1e863e21ae3ebf0f8
2016-04-24 14:56:22 -04:00
f3feb0cfd3
Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb
...
MozReview-Commit-ID: G8b86UvSv0y
--HG--
extra : rebase_source : c7857e88af0d94dd1162dccfe12aae6567945f2c
2016-04-23 20:42:43 -07:00
d82c07bf27
Bug 1262635 - Don't strip URIs of ftp: when sending reports. r=dveditz
2016-04-17 20:09:18 +02:00
1d82e1412f
Bug 1192840 - Fix CSP report content-type. r=ckerschb
2016-04-14 12:51:31 +02:00
6c12520100
Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb
...
MozReview-Commit-ID: TzpGH63EPF
--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
2016-04-08 14:14:38 +02:00
9c0a7ac154
Bug 1105556 - Add a hidden preference that is checked in debug mode to determine whether the main LoadInfo() constructor should assert that the ContentPolicyType is not TYPE_DOCUMENT.
...
Set the preference in xpcshell tests that create TYPE_DOCUMENT loads in javascript and hence end up using the main constructor. r=sicking, ckerschb
2016-04-13 16:30:36 -07:00
b58752765c
Bug 1105556 - Don't call CheckLoadURIWithPrincipal() in DoCheckLoadURIChecks() for TYPE_DOCUMENT loads where we don't have a loadingPrincipal. Ensure SEC_COOKIES_SAME_ORIGIN isn't set for TYPE_DOCUMENT loads in CheckChannel(). r=ckerschb, sicking
2016-04-13 16:30:28 -07:00
4ee65db5e7
Backed out changeset 0c21f872515b (bug 1192840) for failure in modified test_csp_reports.js. r=backout
2016-04-13 19:32:44 +02:00
ae7f565803
Bug 1192840 - fix tests to expect correct csp report content-type r=ckerschb
...
MozReview-Commit-ID: TzpGH63EPF
--HG--
extra : transplant_source : %1548%CC%97%F5%3Ca%D6_%0Df%96.%5C%F0%B0%3BE%21
2016-04-08 14:14:38 +02:00
387bd9e686
Bug 1258005 - Remove setTimeout to avoid intermittent issue. r=bkelly
2016-04-12 00:39:00 +02:00
e1331785d7
Bug 1241634 - Reflow before clicking in mixedcontentblocker test r=mckinley
...
MozReview-Commit-ID: 5rbeuVjaw0B
--HG--
extra : rebase_source : f0f603c31e0e2ee43f8bbac575de3dab0660e333
2016-03-25 16:52:49 +08:00
f7ad23868a
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan
...
MozReview-Commit-ID: Ceu3sYUcML4
2016-04-07 14:13:09 -07:00
f7a1b3fb60
Bug 1242051 - Add inter-directory test support file dependencies to ini manifests. r=gps
...
Previously, every test and support file would be synced to the objdir
when running any test. Now that only those support files and tests requested
are synced, we note support files required beyond those in a test's
directory in ini manifests.
MozReview-Commit-ID: EmlDz9d4lqt
2016-04-04 14:56:52 -07:00
74153c556f
Bug 1260153 - remove unreachable code in nsMixedContentBlocker. if/else blocks above all return. r=ckerschb
2016-03-28 12:48:00 +02:00
adb02c6c4f
Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
2016-03-01 09:19:28 -08:00
254dd8f12a
Bug 1216365 - nsMixedContentBlocker should use innerMostURI for aContentLocation. r=tanvi
2016-03-28 22:03:26 -07:00
1de9e6ab9d
Bug 1259678 - Refactor SubjectToCSP to avoid calling ShouldLoad if CSP doesn't apply to the content type. r=ckerschb
...
--HG--
extra : rebase_source : 76f914a9dfab38bd5d21ddca519f47a2a5d68963
2016-03-24 23:09:00 -04:00
36d3e09fd4
Bug 1257650 - Skip Security checks if triggeringPrincipal is SystemPrincipal only for subresource loads. r=sicking
...
--HG--
extra : rebase_source : fb8d0827788e70ca87e8cd680e2cdd56941e3c2a
2016-03-18 16:14:03 -07:00
20549b7fe0
Bug 1251043 - Test form submission blocked by CSP. r=francois
2016-03-23 13:38:05 -07:00
fe9aec58c3
Backed out changeset 1d5e6c22fd3a (bug 1250048) for CSP failures/assertions in various tests/chunks CLOSED TREE
...
MozReview-Commit-ID: I21ELiYYqdD
--HG--
extra : amend_source : 83d8554e6046153a3cf16ffefed7d6602e822241
2016-03-21 12:42:36 -07:00
2e3ca60562
Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb
...
--HG--
extra : rebase_source : 1f8a65dcb9ea909588991cd5e8970560c3651426
2016-03-20 23:24:00 -04:00
0db9291841
merge mozilla-inbound to mozilla-central a=merge
2016-03-21 15:30:59 +01:00
752343237e
No bug - fix typo r=me
...
DONTBUILD CLOSED TREE
--HG--
extra : rebase_source : 25f0600425dec249f838ed221dde71d401571eb9
extra : amend_source : 49f7ccab9e47083df9e8b7776acc6de73a880473
2016-03-19 21:28:19 -07:00
1a47cfb77a
Bug 1186072 - Add trailing slash to origin referer header when policy is set. r=sworkman
...
MozReview-Commit-ID: 3PYuODmqpbL
--HG--
extra : source : ac4148f22b2d6f76762dac3fd94a6452da80bdde
2016-02-24 10:51:54 +01:00
f750d8988e
Bug 1235572 - Tests of enforcing SRI on remote about:newtab. r=francois
...
MozReview-Commit-ID: 6epw8D4M0FX
--HG--
extra : transplant_source : %87t%D0%60a%B4%14%24%E6%B9%97Q%CDXr%B69%12%E9%0D
2016-03-16 11:19:20 +08:00
84cb2023d7
Bug 1176824 - Intermittent browser_test_web_manifest.js. r=ckerschb
2016-03-16 16:07:00 +01:00
bf87c6c564
Bug 1252829 - CSP Telemetry. r=ckerschb, p=bsmedberg
...
MozReview-Commit-ID: CiNAxh2ZrHB
--HG--
extra : transplant_source : %B8%00%E0%83%1B%29%BDI%DE%09%CDPN%AE%7B9Tk%8B%99
2016-03-02 13:00:09 +01:00
a35cb7baf1
Bug 1122236 - CSP: block-all-mixed-content - test frame navigation (r=tanvi)
2016-03-15 16:08:07 -07:00
18d0d6e8d6
Bug 1122236 - CSP: block-all-mixed-content tests (r=tanvi)
2016-03-15 16:07:49 -07:00
39f2d53360
Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap)
2016-01-13 20:58:16 -08:00
5f15eed746
Bug 1241634 - Skip test_frameNavigation.html on Windows and OSX for frequent failures. a=test-only
...
--HG--
extra : rebase_source : ba229e6a62c82ad8c59ae89943fd6181df4275a9
2016-03-15 12:50:07 -04:00
2fb9c40ec1
Bug 1250453 - Remove DOMApplicationRegistry.allAppsLaunchable property and related testing API. r=myk
2016-03-14 16:29:11 +00:00
2b22d469bb
Bug 1226928 - content-signature verification tests for about:newtab, r=mconley
2016-03-14 11:57:16 +01:00
bd54ab19d3
Bug 1226928 - signature verification for content-signing, r=keeler,mayhemer
2016-03-14 11:56:35 +01:00
5e6ba24562
Bug 1227813 - CSP: Ignore unsafe-inline within style-src if hash or nonce specified. r=kmckinley
2016-03-11 15:35:39 -08:00
40da91e7a5
Bug 1242775 - Run parent-process code in the parent. r=mccr8
2016-03-10 17:14:35 -08:00
25fbf67b66
Backed out changeset 878c54ec3954 (bug 1250453)
2016-03-10 14:45:59 +01:00
1902f1c620
Bug 1250453 - Remove DOMApplicationRegistry.allAppsLaunchable property and related testing API. r=myk
2016-03-10 11:12:38 +00:00
eb98199ac0
Backed out changeset ac4148f22b2d (bug 1186072) for referrer test failures
...
--HG--
extra : rebase_source : 124130bb041418eb97862a131ae6365df5cfbdc6
2016-03-03 09:23:59 +01:00
55e0623947
Bug 1186072 - add trailing slash to origin referer header when policy is set, r=sworkman
...
MozReview-Commit-ID: 3PYuODmqpbL
--HG--
extra : transplant_source : %E5P%B1%1F%82%08%07%2A%1C%26%AF%C5%C8%29%B1y%97O%877
2016-02-24 10:51:54 +01:00
8414718c57
Bug 1232903 - Skip Security checks if triggeringPrincipal is SystemPrincipal (r=sicking)
2016-03-01 16:11:37 -08:00
41b26f4a9b
Bug 1195172 - Test Fonts governed by CSP (r=bz)
2016-03-01 13:06:26 -08:00
9ab1648f67
Bug 1195172 - Use channel->ascynOpen2 layout/style/FontFaceSet.cpp (r=bz,cam)
2016-03-01 13:06:13 -08:00
7aa5d59bc7
Bug 1251518. Fix js::ErrorReportToString to make a bit more sense, and change worker code to not use it anyway, so it matches the mainthread code. r=bholley,terrence
2016-03-01 13:49:21 -05:00
8a0731fdde
Bug 1251875 - Part 1: Remove the dom.serviceWorkers.interception.enabled pref; r=bkelly
2016-03-01 09:16:38 -05:00
4712647d7d
Backed out 2 changesets (bug 1243586) for dt5 bustage in netmonitor tests
...
Backed out changeset 06a4d2d48fb2 (bug 1243586)
Backed out changeset 846e31fe5eb2 (bug 1243586)
MozReview-Commit-ID: 69kiDIULtm2
2016-02-29 10:39:04 -08:00
f7017a06c3
Bug 1243586 - Test Upgrade-Insecure-Requests HTTP Request Header Field (r=rbarnes)
2016-02-29 08:46:48 -08:00
56bdfe820a
Bug 1244116 - Telemetry for mixed content requests by plugins. r=smaug, p=ally
...
MozReview-Commit-ID: F9rOb1SdPnL
--HG--
extra : rebase_source : 0b2aa83761880fb6e5a18c3a80ac86fe5ca16923
2016-02-16 15:46:36 +01:00
7413f2bf46
Bug 1251369. Use an AutoJSAPI that reports its own exceptions around the main runloop in workers. r=khuey
...
The silly leading ": " on the error messages is due to bug 1251518
2016-02-26 15:23:13 -05:00
eb71a675d8
Bug 908933 - Part2 - CSP tests: ShouldProcess should block TYPE_OBJECT. r=ckerschb
...
--HG--
extra : rebase_source : 6dcf8d477656e4d5cdb9362b1f1ec561aba420a7
2016-01-27 01:35:53 +08:00
ec146d5159
Bug 908933 - Part1 - CSP: Call ShouldLoad inside ShouldProcess for TYPE_OBJECT. r=ckerschb
...
--HG--
extra : rebase_source : ee8875120e45d84413ab8ed3c9553d3d42e88acd
2014-08-05 11:47:08 -07:00
1f7d8b69b3
Bug 1243178: CSP - Skip sending reports for non http schemes. r=dveditz
2016-01-27 15:56:39 -08:00
4be3856258
Bug 1241634: Use is instead of ok in tests. r=me
...
--HG--
extra : rebase_source : 42e2a1dde47957d813f11379bba173f62e8f8d70
2016-02-18 17:32:34 -08:00
694b1fd843
Bug 1247464 - Run CSP report URIs through the URL classifier. r=ckerschb
...
MozReview-Commit-ID: ERoZAbw1nbf
--HG--
extra : rebase_source : 431e443f563138055f9893d9ccf537040659f103
2016-02-11 17:36:13 -08:00
10c0856d69
Backed out changeset b9aecc2e6334 (bug 1234813) for test failures in connect-src-beacon-blocked.sub.html
...
--HG--
extra : rebase_source : 1b9441481b7da04393d5cf12617078376757d447
2016-02-11 11:33:06 +01:00
eac10123df
Bug 1234813 - Tests for: sendBeacon should not throw if blocked by Content Policy. r=rbarnes
2015-12-23 11:45:26 -08:00
0bcca14aa1
Bug 1238954 P2 Fix csp service worker tests to register and unregister separate scopes. r=ehsan
2016-02-09 19:33:40 -08:00
0916871a27
Bug 1241634 - Increase timeout from 5 to 10 seconds. r=tanvi
2016-02-08 18:49:00 +01:00
a6aff185d2
Bug 1238576 - disable mozApps API on desktop/Android; r=ehsan,ochameau,bz,mcmanus,jmaher,marco
2016-02-08 11:24:22 -08:00
44c631e968
Bug 1237726, part 4 - Convert test_bug803225.html to use pushPrefEnv() to set preferences. r=tanvi
...
This gets the test closer to working with e10s.
2016-02-08 09:52:19 -08:00
c6c65b3c73
Bug 1237726, part 3 - Don't load an iframe until we're actually ready to run the test in test_bug803225.html. r=tanvi
...
This needs to wait for onload to do the reloadFrame(), or the
.getElementById() will return null.
2016-02-08 09:52:19 -08:00
4cf4ea2fd9
Bug 1237726, part 2 - Don't start running mixedcontentblocker/test_main.html until the page has finished loading. r=tanvi
...
If the script runs before the page finishes loading, you get an error
about getElementById being null. This doesn't seem to usually happen
with this particular test, but it looks like it can happen at least
sometimes.
2016-02-08 09:52:19 -08:00
164c42ece5
Bug 1237726, part 1 - Set prefs with pushPrefEnv in mixedcontentblocker/test_main.html. r=tanvi
2016-02-08 09:52:19 -08:00
de9089189c
Bug 1195173 - Use channel->ascynOpen2 layout/style/Loader.cpp (r=bz)
2016-02-02 20:35:02 -08:00
dcd9fa1424
Bug 1242899 - consolidate mozApps tests into dom/apps/tests/ dir; r=marco
...
--HG--
rename : dom/tests/mochitest/webapps/apps/bad_content_type.webapp => dom/apps/tests/apps/bad_content_type.webapp
rename : dom/tests/mochitest/webapps/apps/basic.webapp => dom/apps/tests/apps/basic.webapp
rename : dom/tests/mochitest/webapps/apps/basic.webapp^headers^ => dom/apps/tests/apps/basic.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_chrome_mochitests.webapp => dom/apps/tests/apps/installs_allowed_from_chrome_mochitests.webapp
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_chrome_mochitests.webapp^headers^ => dom/apps/tests/apps/installs_allowed_from_chrome_mochitests.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_example.com.webapp => dom/apps/tests/apps/installs_allowed_from_example.com.webapp
rename : dom/tests/mochitest/webapps/apps/installs_allowed_from_example.com.webapp^headers^ => dom/apps/tests/apps/installs_allowed_from_example.com.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href.webapp => dom/apps/tests/apps/invalid_activity_href.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href.webapp^headers^ => dom/apps/tests/apps/invalid_activity_href.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href2.webapp => dom/apps/tests/apps/invalid_activity_href2.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_activity_href2.webapp^headers^ => dom/apps/tests/apps/invalid_activity_href2.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_entry_point.webapp => dom/apps/tests/apps/invalid_entry_point.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_entry_point.webapp^headers^ => dom/apps/tests/apps/invalid_entry_point.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path.webapp => dom/apps/tests/apps/invalid_launch_path.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path.webapp^headers^ => dom/apps/tests/apps/invalid_launch_path.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path2.webapp => dom/apps/tests/apps/invalid_launch_path2.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_launch_path2.webapp^headers^ => dom/apps/tests/apps/invalid_launch_path2.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_locale_entry_point.webapp => dom/apps/tests/apps/invalid_locale_entry_point.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_locale_entry_point.webapp^headers^ => dom/apps/tests/apps/invalid_locale_entry_point.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/invalid_message.webapp => dom/apps/tests/apps/invalid_message.webapp
rename : dom/tests/mochitest/webapps/apps/invalid_message.webapp^headers^ => dom/apps/tests/apps/invalid_message.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/json_syntax_error.webapp => dom/apps/tests/apps/json_syntax_error.webapp
rename : dom/tests/mochitest/webapps/apps/json_syntax_error.webapp^headers^ => dom/apps/tests/apps/json_syntax_error.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/launch_paths.webapp => dom/apps/tests/apps/launch_paths.webapp
rename : dom/tests/mochitest/webapps/apps/launch_paths.webapp^headers^ => dom/apps/tests/apps/launch_paths.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/missing_required_field.webapp => dom/apps/tests/apps/missing_required_field.webapp
rename : dom/tests/mochitest/webapps/apps/missing_required_field.webapp^headers^ => dom/apps/tests/apps/missing_required_field.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/no_delegated_install.webapp => dom/apps/tests/apps/no_delegated_install.webapp
rename : dom/tests/mochitest/webapps/apps/no_delegated_install.webapp^headers^ => dom/apps/tests/apps/no_delegated_install.webapp^headers^
rename : dom/tests/mochitest/webapps/apps/utf8.webapp => dom/apps/tests/apps/utf8.webapp
rename : dom/tests/mochitest/webapps/apps/utf8.webapp^headers^ => dom/apps/tests/apps/utf8.webapp^headers^
rename : dom/tests/mochitest/webapps/cross_origin.html => dom/apps/tests/cross_origin.html
rename : dom/tests/mochitest/webapps/file_bug_779982.html => dom/apps/tests/file_bug_779982.html
rename : dom/tests/mochitest/webapps/head.js => dom/apps/tests/head.js
rename : dom/tests/mochitest/webapps/test_bug_779982.html => dom/apps/tests/test_bug_779982.html
rename : dom/tests/mochitest/webapps/test_list_api.xul => dom/apps/tests/test_list_api.xul
2016-01-31 15:04:54 -08:00
318722bcf1
Bug 1242909, r=ckerschb
...
--HG--
extra : commitid : 4MmsATsPR5X
2016-01-26 11:52:31 +00:00
66aa150bc3
Bug 1007634 - Add a test to show that Worker construction is no longer allowed by CSP script-src directive. r=ckerschb
...
--HG--
extra : amend_source : 0acea47a18c3a40be6e7fe50db1c71bc9dd91b3a
2016-01-21 16:57:00 -05:00
b0483f9b8c
Bug 1213633 - Test childDocument prior to use. r=tanvi
2016-01-04 16:37:14 -08:00
248f7a3dee
merge mozilla-inbound to mozilla-central a=merge
2016-01-20 15:34:34 +01:00
3ae375bf1c
Bug 1217766 - All PDFs trigger the insecure password warning. r=MattN,bz
...
--HG--
extra : commitid : 1aP0he1jDxh
extra : rebase_source : 49375a644ff345fe479b060945f6fe61efe52df7
2016-01-18 14:54:18 +00:00
fecee7be59
Bug 1224694 - Unify and clean up initialization of CSP (r=sicking)
2016-01-14 13:21:31 -08:00
071f422450
Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking)
2016-01-14 12:38:15 -08:00
238b5ed942
Bug 1208946 - Update tests for URI stripping in CSP reports (r=dveditz)
2016-01-14 12:37:15 -08:00
3d4a5ddffa
Bug 1208946 - Strip URIs in CSP reports (r=dveditz)
2016-01-14 12:36:50 -08:00
0e30d8b611
Bug 1237455 P1 Make file_CrossSiteXHR_server.sjs check headers on redirects. r=ehsan
2016-01-19 13:54:14 -08:00
18e28eaf42
Bug 1239397: Send Internal ContentPolicyType to CSP and MixedContent (r=sicking)
2016-01-19 09:10:50 -08:00
7089beabc7
Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage
...
--HG--
extra : commitid : ytS8fc4lFu
2016-01-14 08:04:37 +05:30
c42851930c
Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking)
2016-01-13 15:51:43 -08:00
9c67777407
Bug 1237799, part 2 - Use setTestPluginEnabledState in various tests. r=gfritzsche
...
This make these tests pass with e10s.
Also, add a missing open quote to test_bug827160.html.
2016-01-12 16:50:34 -08:00
1768759efb
Bug 1220564 - Update chrome code uses of genexprs and legacy comprehensions. (r=billm)
2016-01-06 16:02:16 -08:00
caf218fa3e
Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb
2015-12-17 12:07:37 +08:00
93de65860e
Bug 1223743 - Test CSP enforcement for multipart channels (r=sicking)
2015-12-14 10:06:47 -08:00
9811f5c2eb
Bug 1228497 - initialize 3 members in class. r=christophkerschbaumer
2015-12-10 00:33:00 +01:00
0bb4231605
Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb
2015-12-06 18:33:15 -05:00
f7193fdf30
Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly
2015-12-06 18:33:15 -05:00
28de02f687
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-06 18:33:14 -05:00
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00
774236075d
Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout
2015-12-05 16:34:47 +01:00
993136c2c9
Bug 1216687: Add nsILoadInfo flags for cookie policies. r=ckerschb
2015-12-05 01:46:21 -08:00
7fae3fd853
Bug 1226909 part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch(). r=bkelly
2015-12-05 01:46:20 -08:00
ff12f48c5a
Bug 1226909 part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect. r=ckerschb
2015-12-05 01:46:20 -08:00
df33e62850
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-05 01:46:20 -08:00
5576308d8c
Bug 1218029 - Implements progressive Unicode chars decoding in nsScriptLoader. r=djvj
...
--HG--
extra : commitid : 4fqBUFXilM5
2015-11-30 08:54:52 -06:00
aeaf497a64
Bug 1218029 - Adds SRICheckDataVerifier for progressing data handling. r=francois
...
--HG--
extra : commitid : DLkHFWfJFxT
2015-11-30 08:54:40 -06:00
66199890c4
Bug 1218029 - Adds IncrementalStreamLoader interface stubs. r=djvj
...
--HG--
extra : commitid : J0UubFG9gvz
2015-11-30 08:54:11 -06:00
20d9928a1b
Bug 1228116 - Relax Security checks for DTD loads. r=sicking
...
--HG--
extra : rebase_source : 53f2deeb44dd29dbb4d6f50a8435763cb07df8a1
2015-11-25 13:38:05 -08:00
5fb2c53074
Bug 1219478: Replace PRLogModuleInfo usage with LazyLogModule in dom folders except media.r=amerchesini
2015-11-23 11:09:25 -08:00
76fa5db947
Bug 1210302 - Part 4: Add automated tests; r=sicking
2015-11-20 16:32:53 -05:00
143b334dd4
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-20 10:55:54 -08:00
d4843470df
Bug 1226324 - Do not use NS_ENSURCE_SUCCESS(rv, NS_OK) within nsContentSecurityManager. r=tanvi
2015-11-19 14:22:57 -08:00
ba8444d785
Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE
2015-11-19 14:26:33 +05:30
ab10273998
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
2015-11-18 19:23:28 -08:00
36e922b9b7
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 22:41:54 +00:00
9d1f194cbb
Backed out 2 changesets (bug 1218433) for wpt failures CLOSED TREE
...
Backed out changeset 1cc8cc0444c0 (bug 1218433)
Backed out changeset 5418ca0e0378 (bug 1218433)
--HG--
extra : commitid : H1h8VHrzxx8
2015-11-16 11:13:43 -08:00
76aba80dc5
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking, r=Ms2ger
2015-11-16 16:57:29 +00:00
a0cf7d50ad
Backed out 2 changesets (22360424ed15, 325a67608df0) (bug 1218433) for W(1,2) failures. r=backout on a CLOSED TREE
...
Backed out changeset 22360424ed15 (bug 1218433)
Backed out changeset 325a67608df0 (bug 1218433)
2015-11-15 15:56:45 +01:00
3285721a07
Bug 1218433 - Use AsyncOpen2 in dom/workers/ScriptLoader.cpp - part 2 - WPT, r=sicking
2015-11-15 11:57:22 +00:00
c941fd4008
Bug 663570 - Test 5: doc.write(meta csp) (r=sicking)
2015-11-14 19:30:24 -08:00
749afb19d4
Bug 663570 - Test 4: update referrer tests (r=sicking)
2015-11-14 19:30:16 -08:00
74f7445a35
Bug 663570 - Test 3: update upgrade-insecure-requests tests (r=sicking)
2015-11-14 19:30:08 -08:00
55d2e60a7e
Bug 663570 - Test 2: meta and header dual test (r=sicking)
2015-11-14 19:29:58 -08:00
82df3d1b9b
Bug 663570 - Test 1: baseline tests (r=sicking)
2015-11-14 19:29:45 -08:00
3bac30dca9
Bug 663570 - MetaCSP Part 6: CSP preload changes (r=sicking)
2015-11-14 19:29:18 -08:00
96f42dd458
Bug 663570 - MetaCSP Part 1: CSP parser changes (r=sicking)
2015-11-14 19:27:59 -08:00
27c89ea082
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
...
--HG--
rename : dom/workers/test/serviceworkers/test_eval_not_allowed.html^headers^ => dom/workers/test/serviceworkers/test_eval_allowed.html^headers^
2015-11-10 21:16:12 -08:00
2e6d1e7dfb
Backed out changeset d12f758f5f36 (bug 1223647) for android csp test failures
...
--HG--
extra : commitid : GRTvvKDy9Ki
2015-11-11 14:27:52 -08:00
ea6cf63b0f
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
8431cd65cd
Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana
...
--HG--
extra : commitid : 6RrHT77kcOj
extra : rebase_source : b5b498cc266e2c1c97459ace3da3febbb6a34e65
2015-11-10 10:50:46 -08:00
1873ead519
Bug 1219931 - CSP: Don't allow removing a policy (r=sicking)
2015-11-02 08:04:15 -08:00
50588ca7c1
Bug 1188028 - Queue up CSP console messages till windowID is available (r=sicking)
2015-11-11 06:23:57 -08:00
a876eba5c9
Bug 1188028 - Use channel->ascynOpen2 in dom/security/nsCSPContext.cpp (r=sicking)
2015-07-27 11:57:56 -07:00
b98d58e46d
Back out changeset 4d6d9c1e52e4 (bug 1223647) for failures in test_csp.html, csp/test_redirects.html and csp/test_worker_redirect.html
...
--HG--
extra : rebase_source : a4a53053968cfa19e6544dd3e59e36ef23fcf353
2015-11-10 23:10:04 -08:00
426e42e7f9
Bug 1223647: CSP erroneously inherited into dedicated workers. r=ckerschb
2015-11-10 21:16:12 -08:00
00b9a85bd6
Bug 1045891 - Tests for child-src r=ckerschb
2015-11-09 16:42:26 +09:00
67f4155fe6
Bug 1045891 - CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
4d6f05d2f8
merge mozilla-inbound to mozilla-central a=merge
2015-11-09 14:55:30 +01:00
96837db759
Bug 1222478 - Enable more mulet tests. r=gerard-majax
2015-11-06 20:01:45 +01:00
9d98f9a481
Bug 1215235 - Drop support for jar: URIs by default, r=bz
2015-11-04 11:19:02 +00:00
c9e5049446
Bug 1213646: Allow URI_IS_UI_RESOURCE and safe about: URIs when SEC_ALLOW_CHROME is set. r=bz
2015-11-04 00:05:16 -08:00
0d2779ef10
Bug 1222105 - Make test_report.html and test_blocked_uri_in_reports.html work with e10s. r=ckerschb
2015-11-06 16:03:03 -08:00
0238bd1276
Bug 1221365 - Tests for "Is origin potentially trustworthy?" logic. r=ckerschb,bkelly
2015-11-06 11:10:08 -08:00
a0a2b249c4
Bug 1221365 - Move "Is origin potentially trustworthy?" logic outside ServiceWorkerManager.cpp. r=ckerschb,bkelly
2015-11-06 11:10:17 -08:00
f8ad8afb5a
Backed out 4 changesets (bug 1045891) for b2g mochitest 7 failures
...
Backed out changeset c590b18c5885 (bug 1045891104589110458911045891
2015-11-06 09:36:49 -08:00
3b59b81c93
Bug 1045891 - CSP 2 child-src implementation. r=ckerschb
2015-10-28 16:32:27 -07:00
ad73bf4611
Bug 1045891 - Tests for child-src. r=ckerschb
2015-09-30 15:26:25 -07:00
30ff2fd956
Backed out changeset 26e162e72ae1 (bug 1045891)
2015-11-02 10:37:52 +01:00
deb9310786
Backed out changeset 895c42544609 (bug 1045891)
2015-11-02 10:37:51 +01:00
d4da8266d4
Bug 1045891 - CSP 2 child-src implementation r=ckerschb
2015-10-28 16:32:27 -07:00
38bf8db214
Bug 1045891 - Tests for child-src r=ckerschb
2015-09-30 15:26:25 -07:00
5981b92f78
Bug 1219842 - Enable a bunch of mochitest-plain tests under e10s. r=mrbkap
2015-10-31 06:26:44 -07:00
1929f6c7c4
Bug 1218315 - Replace NS_LITERAL_STRING(...).get() with MOZ_UTF16(...) on dom. r=nfroyd
2015-10-28 14:29:57 +09:00
d4eaf0fdf6
Bug 1191645 - Use channel->asycnOpen2 in dom/base/nsSyncLoadService.cpp. r=sicking
2015-10-26 14:22:59 -07:00
ddb2d645e5
Bug 1194526 - Use channel->asycnOpen2 in dom/base/nsScriptLoader.cpp (r=sicking)
2015-10-19 18:33:37 -07:00
d3a92a7fa1
Bug 1195167 part 5: Make FetchDriver use AsyncOpen2. r=bkelly
2015-10-19 18:24:36 -07:00
be2deca017
Bug 1195167 part 1: Let necko handle all protocols. r=bkelly
2015-10-19 18:24:36 -07:00
cc10dd7ad3
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-19 11:14:54 -07:00
4316c13003
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-19 11:14:54 -07:00
643f27c257
Bug 1208559 - Hook up ServicerWorkers with CSP (r=sicking,bkelly,dveditz)
2015-10-18 19:59:18 -07:00
733163ef2b
Bug 1208559 - Tests. r=bholley
2015-10-18 19:37:40 -07:00
01583602a9
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
...
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout. The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.
CLOSED TREE makes big refactorings like this a piece of cake.
# The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
xargs perl -p -i -e '
s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
s/nsRefPtr ?</RefPtr</g; # handle declarations and variables
'
# Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h
# Handle nsRefPtr.h itself, a couple places that define constructors
# from nsRefPtr, and code generators specially. We do this here, rather
# than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
# things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
mfbt/nsRefPtr.h \
xpcom/glue/nsCOMPtr.h \
xpcom/base/OwningNonNull.h \
ipc/ipdl/ipdl/lower.py \
ipc/ipdl/ipdl/builtin.py \
dom/bindings/Codegen.py \
python/lldbutils/lldbutils/utils.py
# In our indiscriminate substitution above, we renamed
# nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'
if [ -d .git ]; then
git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
c2b3d9275b
Backed out 2 changesets (bug 1182571) for being a likely cause of the Android S4 errors
...
Backed out changeset e2b3064dcace (bug 1182571)
Backed out changeset 8153ae231d16 (bug 1182571)
2015-10-15 14:07:06 -07:00
2578b19458
Bug 1182571: Make nsXMLHttpRequest use AsyncOpen2. r=ehsan
2015-10-15 12:18:21 -07:00
81a15a3362
Bug 1182571: Fix nsILoadInfo->GetContentPolicyType API to be less ambigious. Audit and fix all users of it. r=ckerschb
2015-10-15 12:18:20 -07:00
d803731730
Bug 1210413 P2 Test CORS credentials on cross-origin redirects. r=sicking a=dveditz
2015-10-07 14:33:31 -07:00
5adc75d084
Bug 1208629 - Properly support data: and blob: URIs with an integrity atribute. r=ckerschb
2015-10-07 11:27:19 -07:00
08997000eb
Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE
...
Backed out changeset 647025383676 (bug 12029021202902
2015-10-07 14:03:21 +02:00
e7ef778c9d
Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central
...
Backed out changeset cfc1820361f5 (bug 1202902
2015-10-07 12:13:45 +02:00
d06b6030f6
Bug 1202902 - Scripted fix the world.
2015-10-06 14:00:31 -07:00
48e01cb303
Tests for bug 1200869; r=sicking
2015-09-29 23:12:52 -04:00
1b07208138
Tests for bug 1200856; r=sicking
2015-09-29 23:12:51 -04:00
fda3fd3cbf
Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStylesheetCompiler.cpp (r=sicking)
2015-09-28 16:34:47 -07:00
a28aacf667
Bug 1048048 - add preload content policy types - tests (r=dveditz)
...
CLOSED TREE
--HG--
extra : source : 02c6d6aef163530bafee0d39761f18ca3aa1f40c
extra : amend_source : bff4f1c8ed0fe42addb24774b8c6dd89fe2c7905
2014-10-31 13:37:59 -07:00
f3e1d73e58
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
...
--HG--
extra : source : 4f91b10e8be000ee5408461c74099ca96156c0cf
2015-09-20 14:56:34 -07:00
cd079d2bf9
Backed out 7 changesets (bug 1048048) for android crashes in various chunks CLOSED TREE
...
Backed out changeset b5abe23a4ea5 (bug 1048048)
Backed out changeset 4f91b10e8be0 (bug 1048048)
Backed out changeset 450d4a13c90e (bug 1048048)
Backed out changeset 6a727c40eb68 (bug 1048048)
Backed out changeset 88c2333ff745 (bug 1048048)
Backed out changeset 740ab1ecd079 (bug 1048048)
Backed out changeset 02c6d6aef163 (bug 1048048)
2015-09-21 09:08:34 -07:00
b2de9adb18
Bug 1048048 - add preload content policy types - csp changes (r=dveditz)
2015-09-20 14:56:34 -07:00
47de316d52
Bug 1048048 - add preload content policy types - tests (r=dveditz)
2014-10-31 13:37:59 -07:00
6d3847c487
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
...
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
8414be2356
Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
...
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
b01fc3ad90
Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking)
2015-09-18 09:27:15 -07:00
796647f603
Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz)
2015-09-17 22:34:49 -07:00
8001d76219
Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz)
2015-09-17 22:34:16 -07:00
59c135c176
Bug 1198078 - Add support for TYPE_INTERNAL_SERVICE_WORKER; r=ckerschb,tanvi
2015-09-16 19:15:30 -04:00
bfd0628cd5
Bug 1203234 - Re-enable -Wshadow warnings in /dom/security. r=ckerschb
2015-09-14 22:54:22 -07:00
1e5ee64415
Bug 1195162 - Use channel->ascynOpen2 dom/xbl/nsXBLService.cpp (r=sicking)
2015-09-14 18:59:35 -07:00
a4ac3ec0b4
Bug 1199049 - Part 1: Move nsCORSListenerProxy.* to necko; r=jduell
...
--HG--
rename : dom/security/nsCORSListenerProxy.cpp => netwerk/protocol/http/nsCORSListenerProxy.cpp
rename : dom/security/nsCORSListenerProxy.h => netwerk/protocol/http/nsCORSListenerProxy.h
2015-09-12 19:20:52 -04:00
092e4a4b9e
Bug 1188932 - Allow the User-Agent header to be explicitly set by requests, r=bkelly, r=jgraham
2015-09-12 12:46:09 -04:00
60c4905182
Bug 1069762 - CSP: blocked-uri in violation reports should not contain sensitive data - tests (r=sstamm)
2014-10-17 14:22:27 -07:00
cba82e6dbd
Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi
2015-09-09 15:14:27 -04:00
14eac63103
Bug 1202027 - Make SRI require CORS loads for cross-origin resources. r=ckerschb
2015-09-09 00:11:38 -07:00
e510ad6b31
Bug 1202015 - Better document the SRI strings for translators. r=ckerschb
2015-09-09 00:10:25 -07:00
6ac40622c3
Bug 1201229 - Return an empty string for a header when an error occurs; r=dragana
...
This fixes nsIHttpChannel::GetRequestHeader() and
nsIHttpChannel::GetResponseHeader() to always empty out their string
argument even when they fail. This prevents programming mistakes of
passing the same string object to multiple of these calls and using the
string value without checking the nsresult error code, since otherwise
the string value may be unchanged from a previous call.
Note that this doesn't affect JS consumers of these APIs since we only
empty out the string argument in case the method fails, which will be
translated to a JS exception, and the JS code will never get to see the
emptied string.
2015-09-08 20:08:35 -04:00
978f461b95
Bug 1200869 - Empty the header value for code hygiene; r=sicking
2015-09-02 19:53:35 -04:00
a01e0f79fc
Bug 1200856 - Avoid the extra variable to make the string manipulation faster; r=sicking
2015-09-02 19:52:46 -04:00
f44287005f
Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium.
...
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
2015-08-27 20:44:53 -07:00
b930db3a55
Bug 1196592: Make retargeting Fetch to another thread actually work. r=nsm
...
--HG--
extra : rebase_source : 24801ef2546f6aa3d74b9193a104bb35e8103699
2015-08-28 13:49:07 -07:00
a2daed5950
Bug 1198422 - CSP: Test fallback for nonce-src and hash-src (r=devitz)
2015-08-27 09:02:32 -07:00
0500c010b8
Bug 1198422 - CSP: Allow nonce to load if default-src is not specified in second policy (r=dveditz)
2015-08-25 16:11:04 -07:00
1dda7b7d34
Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm
2015-08-25 21:43:40 -04:00
f04275bd0b
Bug 1196740 - Consider redirects when looking for SRI-eligibility. r=ckerschb
...
--HG--
rename : dom/security/test/sri/iframe_style_sameorigin.html => dom/security/test/sri/iframe_style_crossdomain.html
rename : dom/security/test/sri/script_crossdomain4.js => dom/security/test/sri/script_crossdomain5.js
rename : dom/security/test/sri/style1.css => dom/security/test/sri/style_301.css
rename : dom/security/test/sri/test_style_sameorigin.html => dom/security/test/sri/test_style_crossdomain.html
2015-08-25 13:38:39 -07:00
be38f76461
Bug 1096724 - Update csp/test_base-uri to rely on postmessage instead of observers. r=dveditz
2015-08-18 11:42:43 -07:00
ec860a87f6
No bug - Use the correct requestLongerTimeout syntax. a=bustage
2015-08-18 12:53:55 -04:00
210ad6260a
No bug - Request a longer timeout for test_CrossSiteXHR_origin.html due to teetering on the edge of timing out on B2G debug.
2015-08-18 10:39:17 -04:00
a196b8ef35
Bug 1195572 - Enable -Wformat-security in DOM::Security. r=ckerschb
2015-08-17 21:48:07 -07:00
550a74f51e
Bug 1182551 - HTTP top level page with HTTPS mixed passive frame should have STATE_IS_INSECURE. r=ttaubert
2015-08-13 17:13:51 -07:00
aa87627fac
Bug 1182551 - Don't set STATE_IS_BROKEN on HTTP pages when mixed content is allowed by default. r=smaug
2015-08-13 17:13:43 -07:00
dad90516d6
Bug 1192955 - Use channel->ascynOpen2 for PING in docshell/base/nsDocShell.cpp (r=sicking)
2015-08-13 08:53:28 -07:00
2a4ad76933
Bug 992096 - Implement Sub Resource Integrity [2/2]. r=ckerschb
...
Mochitests
2015-08-12 20:19:16 -07:00
34de332db0
Bug 992096 - Implement Sub Resource Integrity [1/2]. r=baku,r=ckerschb
...
Code changes
2015-08-12 20:19:11 -07:00
4b7d4aaed5
Bug 1187165 - Use channel->ascynOpen2 in dom/base/ImportManager (r=sicking)
2015-08-10 10:25:20 -07:00
b7e53859ad
Bug 1182544 - Use channel->ascynOpen2 in dom/xml/XMLDocument.cpp (r=sicking)
2015-08-10 10:19:08 -07:00
9b31f6bcfe
Bug 661604 - Re-enable this test because it works now. rs=wchen and try
2015-08-06 10:35:49 -07:00
5dfe6ac07d
Bug 1188637 - Use channel->ascynOpen2 in dom/base/EventSource.cpp (r=sicking)
2015-08-04 20:06:19 -07:00
221df08158
Bug 1182543 - Use channel->ascynOpen2 in dom/plugins/base/nsPluginHost.cpp (r=sicking)
2015-08-04 20:05:37 -07:00
57a966656a
merge mozilla-inbound to mozilla-central a=merge
2015-08-04 13:01:07 +02:00
87164ced3c
Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug
2015-08-03 15:25:21 -07:00
f7e2152921
Bug 1096724 - Fix intermittent test_base-uri.html failures. r=ryanvm
2015-07-29 14:16:37 -07:00
5d6e8c751f
Bug 1152574 - Do not report aborted XHR requests in web console (r=sicking)
2015-07-20 13:59:19 -07:00
Thomas Nguyen
Paul Roberts
Christoph Kerschbaumer
Jonathan Kingston
Dimi Lee
Stephanie Ouillon
Frederik Braun
Jonathan Hao
Sebastian Hengst
Christoph Kerschbaumer
Patrick McManus
Carsten "Tomcat" Book
Trevor Saunders
Chris Peterson
Henry Chang
Andreas Farre
Aryeh Gregor
Jonathan Watt
Kyle Huey
Kris Maglione
Matt Robenolt
Frederik Braun
Tanvi Vyas
Marcos Caceres
Chris Manchester
Wes Kocher
Benjamin Peterson
Franziskus Kiefer
Ryan VanderMeulen
Marco Castelluccio
Blake Kaplan
Boris Zbarsky
Ehsan Akhgari
Ethan Tseng
Francois Marier
Ben Kelly
Kate McKinley
Myk Melez
Andrew McCreight
Gijs Kruitbosch
Paolo Amadini
Nigel Babu
Shu-yu Guo
Bogdan Postelnicu
Jonas Sicking
Yury Delendik
sajitk
Andrea Marchesini
Kit Cambridge
Phil Ringnalda
Gregor Wagner
Matthew Noorenberghe
Makoto Kato
Nathan Froyd
Michael Layzell
Richard Barnes
Nicholas Nethercote