The policy is now as follows:
* The `--host` command line flag can now be an actual hostname as well
as in IP address.
* By default only requests with a `Host` header that is an IP address,
or matching the value of the `--host` argument are accepted.
* If `--host` is a local IP address, we by default accept `localhost`
in the `Host` header.
* When `--allow-hosts` is provided, only requests with a hostname
matching the listed values, or an IP address, are accepted.
* By default any request with an `Origin` header is rejected.
* When `--allow-origins` is provided, only requests with no `Origin`
header, or an origin matching the given values, are accepted.
Differential Revision: https://phabricator.services.mozilla.com/D129012
The policy is now as follows:
* The `--host` command line flag can now be an actual hostname as well
as in IP address.
* By default only requests with a `Host` header that is an IP address,
or matching the value of the `--host` argument are accepted.
* If `--host` is a local IP address, we by default accept `localhost`
in the `Host` header.
* When `--allow-hosts` is provided, only requests with a hostname
matching the listed values, or an IP address, are accepted.
* By default any request with an `Origin` header is rejected.
* When `--allow-origins` is provided, only requests with no `Origin`
header, or an origin matching the given values, are accepted.
Differential Revision: https://phabricator.services.mozilla.com/D129012
The midir update reduces the differences with upstream to the coremidi
version.
And now the coremidi override is done via a patch at the top-level. The
revision we were using is gone, but it turns out the new master is
identical in content (at least, as far as vendoring is concerned).
Differential Revision: https://phabricator.services.mozilla.com/D135194
The only remaining consumers are ::-moz-tree pseudo-elements (we used to
use ThinBoxedSlice for other data structures in the past).
Those are not particularly performance sensitive so I think just
double-boxing is fine. In the future, if we wanted to avoid the double
indirection, we could probably use the "thin" crate
(https://docs.rs/thin) or similar, which stores the length of the slice
along with the allocation, making the pointer thin in all
configurations, much like "ThinArc" does:
https://searchfox.org/mozilla-central/rev/1ce2eea39442190a71a1f8f650d098f286bf4a01/servo/components/servo_arc/lib.rs#891
In practice though, I don't think it's particularly worth it for this
specific case.
Differential Revision: https://phabricator.services.mozilla.com/D134672
- Updates Gecko's L10nRegistry class to use the new ResourceId type,
which can be either optional or required regarding a particular resource.
- Adds JS tests verifying the new behavior.
Differential Revision: https://phabricator.services.mozilla.com/D133578
This is as close to usptream as currently possibly. Only a few changes were
done to the dependencies: the wasm target was removed and the coremidi
dependency was updated to pick up a more recent version so that we don't need
to vendor separate versions of the core-foundation and core-foundation-sys
crates.
This vendors the following crates:
* alsa-sys
* alsa
* coremidi
* coremidi-sys
* memalloc
* midir
Overall this adds ~30K lines of code, over half of which is in the alsa
bindings alone.
Differential Revision: https://phabricator.services.mozilla.com/D124640
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Depends on D130820
Differential Revision: https://phabricator.services.mozilla.com/D122392
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
Also updates the docs on how to update the glean_parser in-tree.
Also adds a `no_lint` exception to test pings to avoid breaking the
build.
Differential Revision: https://phabricator.services.mozilla.com/D133077