Preliminary telemetry indicated 15% of users of EME are in an insecure
context. We'd better log a warning to the web console to inform authors
that their sites will stop working, rather than just breaking them!
MozReview-Commit-ID: CZasdbcC1jS
--HG--
extra : rebase_source : 008b9669d06a77bb133459df6479625ed47249a0
Preliminary telemetry indicated 15% of users of EME are in an insecure
context. We'd better log a warning to the web console to inform authors
that their sites will stop working, rather than just breaking them!
MozReview-Commit-ID: CZasdbcC1jS
--HG--
extra : rebase_source : 685a36be1601215aff4e962fd206d1332abbff79
The EME spec requires EME to be only usuable from a secure context, for example
from an origin served over HTTPS. We still don't enforce this, and Chrome is
going to start enforcing this in M58. So to inform our decision as to when to
start enforcing this, it would be useful to know how many sites we'd break if
we started enforcing this.
So this patch adds telemetry to tell us the how often EME is used on secure
and non-secure contexts.
MozReview-Commit-ID: BKS5iY4V3wK
--HG--
extra : rebase_source : 77b98516e0d8a0471f8c7a1e5bf54bcf9f74b7da
- I have refactored the Oculus and OpenVR interfaces in gfx/vr
so that initialization of the VR libraries only happens once
a WebVR site is detected.
- The Oculus interface has been cleaned up and updated to unload the Oculus
runtime library when not in use.
- The browser can now re-connect to Oculus home if it was restarted, without
restarting the browser.
- We no longer submit a black frame at the end of VR presentation, as this
appears to be handled by the latest Oculus runtime automatically.
- As we only hold on to the Oculus runtime when needed, this should
reduce the likelihood of the GPU process being killed by the Oculus
software updater.
MozReview-Commit-ID: AyWeD4CxXLD
--HG--
extra : rebase_source : 9eae07ef30b1a7559b5fe80e6698c248a55b970e
Necko computes this information in order to set the User-Agent header in
the parent process. This header is set on all outgoing requests, and
therefore in the content process we can easily copy the value of this
header from the document channel object instead of the inefficient sync
IPC that currently happens in order to access the JavaScript
implementation living in the parent process.
This patch implements the W3C Web Authentication API from
https://www.w3.org/TR/webauthn/, currently the 28 September 2016
working draft.
It utilizes a tentative binding of the U2F NSS Soft Token to provide
authentication services while waiting on Bug 1245527 to support USB HID-based
U2F tokens. This binding is not in the specification yet, so it should be
considered an experiment to help the specification move fowrard.
There are also a handful of deviations from the specification's WebIDL, which
are annotated with comments in WebAuthentication.webidl.
There are no tests in this commit; they are in Part 4 of this commit series.
There is a small script online at https://webauthn.bin.coffee/ to exercise this
code, but it doesn't do any automated checks.
There are also a handful of TODOS:
1) The algorithm to relax the same-origin restriction is in Part 3.
2) The use of AlgorithmIdentifier and having a way to coerce an object to a
string is still missing.
3) Timeouts and deadlines aren't there, and are pending reworking how
the nsIU2FToken interface works.
UPDATED:
- Address qdot, keeler review comments (thanks!)
- Address more qdot, keeler review comments (thanks!)
MozReview-Commit-ID: JITapI38iOh
--HG--
extra : rebase_source : 9a09e852dd0c8dc47f42dabbcf8b845a6828b225
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact. Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app. In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed. In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID. Other notions of appId which were restricted to this
API have been removed.
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact. Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app. In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed. In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID. Other notions of appId which were restricted to this
API have been removed.
Make the host's support for SSE2 instructions available to
javascript so we can report that status in update pings.
MozReview-Commit-ID: FhWPjLxKRZy
--HG--
extra : rebase_source : f804896705090fbc268a41db8edf755d72c643aa