Граф коммитов

46 Коммитов

Автор SHA1 Сообщение Дата
Jonathan Kingston 2a8b750345 Bug 1502743 - Replace black/whitelist within caps to block/allowlist r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D10013

--HG--
extra : moz-landing-system : lando
2018-10-31 17:56:43 +00:00
Nika Layzell 933f7fe4d4 Bug 1485177 - Add |siteOrigin| information to nsIPrincipal r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-05 03:22:16 +00:00
Tiberius Oros 2fe7330f2d Backed out changeset 33c7b0ea5caa (bug 1485177) for assertion failure at builds/worker/workspace/build/src/caps/ContentPrincipal.cpp on a CLOSED TREE 2018-09-01 05:06:55 +03:00
Nika Layzell 452350d97c Bug 1485177 - Add |siteOrigin| information to nsIPrincipal, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D4140

--HG--
extra : moz-landing-system : lando
2018-09-01 00:52:00 +00:00
Olli Pettay de99e4460b Bug 1439153 - Make WebExtensions work with Shadow DOM/WebComponents, r=kmag
--HG--
extra : rebase_source : 83638cba42eea1523d32d06a2eb14df20cbab404
2018-07-14 05:26:15 +03:00
Adrian Wielgosik 074d88de5a Bug 1460940 - Convert nsIPrincipal to use nsIDocument. r=bz
MozReview-Commit-ID: z1TGWtS1KG

--HG--
extra : rebase_source : e5291c40eb017c1e3fd69333ac108dda852fb8cd
2018-05-11 19:46:15 +02:00
Kris Maglione 27c96362b9 Bug 1412345: Downgrade expanded principals before inheriting. r=bz,krizsa
There are several ways that expanded principals can be used as triggering
principals for requests. While that works fine for security checks, it also
sometimes causes them to be inherited, and used as result principals in
contexts where expanded principals aren't allowed.

This patch changes our inheritance behavior so that expanded principals are
downgraded to the most appropriate constituent principal when they would
otherwise be inherited.

The logic for choosing the most appropriate principal is a bit suspect, and
may eventually need to be changed to always select the last whitelist
principal, but I chose it to preserve the current principal downgrade behavior
used by XMLHttpRequest for the time being.

MozReview-Commit-ID: 9fvAKr2e2fa

--HG--
extra : rebase_source : c30df1b3851c11fed5a1d6a7fb158cec14933182
2017-11-02 19:56:27 -07:00
Kris Maglione bd6d63772a Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj

--HG--
extra : source : 237acf2879f6222bc4b076c377bf026d18a6ebef
extra : amend_source : dfaf6e88e3c4758f7fdcf7fb422d457edafab1b7
2017-10-10 15:00:16 -07:00
Sebastian Hengst 11a2b8ef67 Backed out changeset 237acf2879f6 (bug 1407428) for frequent crashes, e.g. in xpcshell's test_bug248970_cookie.js. r=backout on a CLOSED TREE
--HG--
extra : amend_source : 1ccac4fb953566239cba8db7d6f8bdca4ce48b35
2017-10-16 00:00:15 +02:00
Kris Maglione 7d8f8ea3d6 Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj

--HG--
extra : rebase_source : d2a5e0862f8c964fb5a3e46b50c2e9629b218699
extra : amend_source : 27d7a7ef5da6fe2aa1104009b6ee067465db73e1
2017-10-10 15:00:16 -07:00
Kris Maglione b3ba0520ee Bug 1396449: Part 1 - Use WebExtensionPolicy objects in extension content principals. r=krizsa
Going through the extension policy service rather than using
WebExtensionPolicy objects directly adds a lot of unnecessary overhead to
common operations on extension principals, and also makes the code more
complicated than it needs to be.

We also use weak references to policy objects here, since principals should
ideally lose as much of their elevated privileges as possible once the
extension instance that created them has been destroyed (which is something we
couldn't handle easily when we simply tracked ID strings).

MozReview-Commit-ID: KDNvVdvLkIt

--HG--
extra : rebase_source : 1b567919d2461bd0315d1a7d89f330cbd585f579
2017-09-05 11:04:43 -07:00
Andrea Marchesini 884d9efc73 Bug 1369316 - Get rid of nsIPrincipal.unknownAppId, r=bholley 2017-06-02 11:05:28 +02:00
Andrea Marchesini cead0b042c Bug 1369310 - Get rid of nsIPrincipal.appStatus, r=bholley 2017-06-02 11:05:28 +02:00
Andrea Marchesini f91cb666bb Bug 1343933 - Renaming Principal classes - part 3 - SystemPrincipal, r=qdot
--HG--
rename : caps/nsSystemPrincipal.cpp => caps/SystemPrincipal.cpp
rename : caps/nsSystemPrincipal.h => caps/SystemPrincipal.h
2017-03-22 11:39:08 +01:00
Andrea Marchesini 68207654f2 Bug 1343933 - Renaming Principal classes - part 1 - ExpandedPrincipal, r=qdot
--HG--
rename : caps/nsExpandedPrincipal.cpp => caps/ExpandedPrincipal.cpp
rename : caps/nsExpandedPrincipal.h => caps/ExpandedPrincipal.h
2017-03-22 11:38:17 +01:00
Frederik Braun 390a075c26 Bug 1073952: inherit CSP into iframe sandbox srcdoc r=ckerschb,Tomcat
MozReview-Commit-ID: 3fhWCGwgG4A

--HG--
extra : rebase_source : 7e84fafe0ef69b7f6695de825fc254ee0e4209ba
2017-01-30 14:09:37 +01:00
Olli Pettay 5a13988731 Bug 1339251 - Make Equals/Subsumes faster when comparing same objects, r=bholley
--HG--
extra : rebase_source : 977c790f03188c4fda83297db026af62ee56a870
2017-02-22 13:19:03 +02:00
Daniel Holbert c280ee0009 Bug 1259348 part 1: Remove CSSUnprefixingService.js and associated code (since it's been supplanted by built-in webkit-prefixed-CSS support). r=mats
MozReview-Commit-ID: CXCJJWhHc8G

--HG--
extra : rebase_source : a09745ce568c9afde78065d9e837da958e7b252e
2017-02-03 14:56:13 -08:00
Tim Huang 3e5d172c95 Bug 1319773 - Part 1: Add a SubsumesConsideringDomainIgnoringFPD in BasePrincipal. r=baku
--HG--
extra : rebase_source : db853a600e666cd11a140153536427c1f4e5882c
2017-01-18 20:17:19 +08:00
Andrea Marchesini 359ae91eac Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby 2017-01-12 17:38:48 +01:00
Yoshi Huang 2b7e1dceb6 Bug 1324115 - Part 1: add a C++ helper in nsIPrincipal. r=smaug 2016-12-21 14:59:20 +08:00
Ehsan Akhgari eac76d9772 Bug 1310845 - Remove support for mozapp iframes; r=fabrice,jryans,baku,mcmanus
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact.  Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app.  In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed.  In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID.  Other notions of appId which were restricted to this
API have been removed.
2016-11-16 09:13:38 -05:00
Carsten "Tomcat" Book 3eacc680db Backed out changeset 7d1f7dd996f7 (bug 1310845) 2016-11-16 14:50:44 +01:00
Ehsan Akhgari cb369370b3 Bug 1310845 - Remove support for mozapp iframes; r=fabrice,jryans,baku,mcmanus
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact.  Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app.  In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed.  In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID.  Other notions of appId which were restricted to this
API have been removed.
2016-11-15 18:31:46 -05:00
Dave Huseby ce82855c42 Bug 1189086 - Eliminate nsIPrincipal::jarPrefix. r=dveditz 2016-10-24 13:52:00 +02:00
James Andreou 3585e16752 Bug 1283281 - Remove PB Flag from DOMStorage. r=jdm 2016-06-29 14:01:00 +02:00
Kris Maglione 6d36833e42 Bug 1254194: Apply a content security policy to all WebExtension documents. r=gabor
MozReview-Commit-ID: HsFFbWdq00b

--HG--
extra : rebase_source : 07e4b6ec8c32f696d5b5987091ffc5ebde2c3061
extra : histedit_source : 20983fe6a9590d7f410276fac248c3d2f711caaa
2016-04-23 20:56:56 -07:00
J. Ryan Stinnett 2a55d065b7 Bug 1238160 - Rename OriginAttributes.mInBrowser and associated methods. r=bz,mayhemer
This change renames OriginAttributes.mInBrowser to mInIsolatedMozBrowser and
nsIPrincipal::GetIsInBrowserElement to GetIsInIsolatedMozBrowserElement.  Other
methods that pass these values around also have name changes.

Tokens such as "inBrowser" have previously been serialized into cache keys, used
as DB column names, stored in app registries, etc.  No changes are made to any
serialization formats.  Only runtime method and variable names are updated.

No behavior changes are made in this patch, so some renamed methods may have
nonsensical implementations.  These are corrected in subsequent patches
focused on behavior.

MozReview-Commit-ID: 66HfMlsXFLs
2016-03-02 10:35:56 -06:00
Christoph Kerschbaumer fecee7be59 Bug 1224694 - Unify and clean up initialization of CSP (r=sicking) 2016-01-14 13:21:31 -08:00
Nigel Babu ccbf22eae8 Backed out changeset f001a01c85d7 (bug 1224694) for browser-chrome bustage on a CLOSED TREE
--HG--
extra : commitid : 5BUjoFsY8bv
2016-01-14 08:04:50 +05:30
Christoph Kerschbaumer 86457169b6 Bug 1224694 - Unify and clean up initialization of CSP (r=sicking) 2016-01-13 15:51:30 -08:00
Christoph Kerschbaumer b967444f19 Bug 663570 - MetaCSP Part 2: Principal changes (r=bz) 2015-11-14 19:28:23 -08:00
Jonathan Watt 8c3ca7675f Bug 1220602 - Make the documentation for nsIPrincipal.domain useful. r=bholley IGNORE IDL 2015-09-24 00:36:04 +01:00
Bobby Holley 86c97bb3f4 Bug 1218039 - Add a nice interface for both C++ and JS to access the principal kind. r=gabor 2015-10-26 11:18:14 -07:00
Steven Englehardt 754fd36b97 Bug 1179557 - Add getters for userContextId. r=bholley, r=tanvi
--HG--
extra : histedit_source : 29a5fb5f2a3204d27d0f620d6f3c03e134699fb9
2015-07-30 14:15:00 -04:00
Bobby Holley b4fdabe37d Bug 1182347 - Remove nsIPrincipal::cookieJar. r=sicking 2015-07-14 19:56:33 -07:00
Christoph Kerschbaumer f679dfded5 Bug 1129999 - Implement CSP devtool using GCLI; CSP to JSON (r=sstamm,bholley) 2015-05-21 11:16:04 -07:00
Bobby Holley 497b7c5b80 Bug 1165162 - Add nsIPrincipal::cookieJar. r=sicking 2015-05-20 17:11:52 -07:00
Bobby Holley 3b6ba803a8 Bug 1165162 - Serialize originSuffix into .origin. r=gabor,sr=sicking
We also provide an opt-out for the original behavior, and use it in various
consumers that look like they need fixing up. Most of the usage here is in
code with persistence considerations, where we may need some sort of migration
path.
2015-05-20 17:11:49 -07:00
Bobby Holley eea636ee0c Bug 1165162 - Make OriginAttributes a dictionary, and make it accessible as both a jsval and a canonical string. r=gabor,r=bholley,sr=sicking 2015-05-20 17:09:53 -07:00
Bobby Holley e61971d74b Bug 1164292 - Switch nsIPrincipal::origin to ACString. r=gabor 2015-05-15 11:51:51 -07:00
Daniel Holbert 908a699328 Bug 1132743: Only allow CSS Unprefixing Service to be activated for hosts on a small, hardcoded whitelist. r=dbaron f=bz
--HG--
rename : layout/style/test/test_unprefixing_service.html => layout/style/test/unprefixing_service_iframe.html
2015-03-13 13:15:09 -07:00
Wes Kocher bbd726bf8c Backed out 2 changesets (bug 1132743) for asan mochitest-e10s-1 bustage CLOSED TREE
Backed out changeset 4e00f10f5a2d (bug 1132743)
Backed out changeset 720842726906 (bug 1132743)
2015-03-13 15:16:33 -07:00
Daniel Holbert aff7407e30 Bug 1132743: Only allow CSS Unprefixing Service to be activated for hosts on a small, hardcoded whitelist. r=dbaron f=bz
--HG--
rename : layout/style/test/test_unprefixing_service.html => layout/style/test/unprefixing_service_iframe.html
2015-03-13 13:15:09 -07:00
Bob Owen 3140b4a353 Bug 1054646 - Part 1: Change nsNullPrincipal::CheckMayLoad to always allow loads when the principal of the URI in the principal doing the load. r=bz 2014-09-30 09:09:36 +01:00
Birunthan Mohanathas a4ac396211 Bug 1038535 - Flatten caps/{idl,include,src}/ directories. r=bholley,gps
--HG--
rename : caps/src/DomainPolicy.cpp => caps/DomainPolicy.cpp
rename : caps/include/DomainPolicy.h => caps/DomainPolicy.h
rename : caps/idl/nsIDomainPolicy.idl => caps/nsIDomainPolicy.idl
rename : caps/idl/nsIPrincipal.idl => caps/nsIPrincipal.idl
rename : caps/idl/nsIScriptSecurityManager.idl => caps/nsIScriptSecurityManager.idl
rename : caps/src/nsJSPrincipals.cpp => caps/nsJSPrincipals.cpp
rename : caps/include/nsJSPrincipals.h => caps/nsJSPrincipals.h
rename : caps/src/nsNullPrincipal.cpp => caps/nsNullPrincipal.cpp
rename : caps/include/nsNullPrincipal.h => caps/nsNullPrincipal.h
rename : caps/src/nsNullPrincipalURI.cpp => caps/nsNullPrincipalURI.cpp
rename : caps/src/nsNullPrincipalURI.h => caps/nsNullPrincipalURI.h
rename : caps/src/nsPrincipal.cpp => caps/nsPrincipal.cpp
rename : caps/include/nsPrincipal.h => caps/nsPrincipal.h
rename : caps/src/nsScriptSecurityManager.cpp => caps/nsScriptSecurityManager.cpp
rename : caps/include/nsScriptSecurityManager.h => caps/nsScriptSecurityManager.h
rename : caps/src/nsSystemPrincipal.cpp => caps/nsSystemPrincipal.cpp
rename : caps/include/nsSystemPrincipal.h => caps/nsSystemPrincipal.h
2014-07-15 11:12:59 -07:00