Граф коммитов

828 Коммитов

Автор SHA1 Сообщение Дата
Masatoshi Kimura 38894511bc Bug 1390106 - Stop using versioned scripts in dom. r=mrbkap
MozReview-Commit-ID: 89KvCoTAg3I

--HG--
extra : rebase_source : 24831fa454a1cc6fff70a9b1eb509d0f5aeb800a
2017-08-14 20:42:55 +09:00
Gabor Krizsanits a53261ca24 Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-15 14:05:17 +02:00
Cameron McCormack 7f90eb21ad Bug 1384741 - Part 4: Test that we don't send CSP violation reports for cached fonts we don't actually use. r=jfkthame
MozReview-Commit-ID: Hlu6Dp1Hc1D
2017-08-07 10:13:31 +08:00
Cameron McCormack d531dc4afb Bug 1384741 - Part 2: Allow file_report_chromescript.js to listen for more than one CSP violation report. r=bz
MozReview-Commit-ID: 8ym5OqSUTMW
2017-08-07 10:11:04 +08:00
Cameron McCormack fdf6f9c5ef Bug 1384741 - Part 1: Add facility to buffer up CSP violation reports. r=bz
MozReview-Commit-ID: G4JLTmP1wD7
2017-08-07 10:09:32 +08:00
Brian Grinstead 0262e6e6ac Bug 1388552 - Export the HUDService object directly instead of individual methods and properties;r=nchevobbe
MozReview-Commit-ID: 9AYCuqqv1U7

--HG--
extra : rebase_source : 83612fd2c4edfde5c86cfc11a70682cc74ebfa12
2017-08-11 09:07:04 -07:00
Masatoshi Kimura 32e5d77ba4 Bug 1387805 - Remove [deprecated] nsIScriptSecurityManager.getCodebasePrincipal(). r=bz
MozReview-Commit-ID: CY47PBaQ5oy

--HG--
extra : rebase_source : 6a82bae0d3caafadc772a08a1d392ab30c4ad914
2017-08-06 15:31:31 +09:00
Eric Rahm 01f545fea7 Bug 1386825 - Part 1: Remove MOZ_B2G from dom. r=bkelly
MozReview-Commit-ID: 1zzP2r01B7U
2017-08-08 14:41:05 -07:00
Christoph Kerschbaumer a1341ccf6d Bug 1387811 - Follow up for Test within Bug 1381761: CSP JSON is never null, hence it's better to check actual contents of JSON for testing. r=dveditz 2017-08-06 11:37:09 +02:00
Christoph Kerschbaumer 4c276ebc38 Bug 1382869: Test data document should ignore meta csp. r=bz 2017-08-08 15:38:22 +02:00
Dragana Damjanovic dd.mozilla@gmail.com 23c8b30d23 Bug 1381282 - Change nsScriptErrorBase::InitWithWindowID so that it does not call GetSensitiveInfoHiddenSpec as much as now. r=bz r=valentin 2017-08-07 15:56:30 +02:00
Nicholas Nethercote f941156987 Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.

The patch also removes a couple of unused declarations from
nsIStringBundle.idl.

Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.

--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
Masatoshi Kimura 8b713b2b0f Bug 1375125 - Stop using nsILocalFile in the tree. r=froydnj
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.

MozReview-Commit-ID: 4ecl3RZhOwC

--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
2017-08-04 17:49:22 +09:00
Kate McKinley 092434c08c Bug 1376651 - Pass the nsIScriptElement instead of allocating a string every time r=ckerschb
Change the interface to GetAlowsInline to take an nsISupports* instead
of a string, and pass the nsIScriptElement directly. If we don't have an
element, then pass nullptr or the mock string created as an
nsISupportsString.

MozReview-Commit-ID: pgIMxtplsi

--HG--
extra : rebase_source : 4691643bb67ff6c78a74a4886a04c4816cff6219
2017-07-27 11:01:24 -07:00
Christoph Kerschbaumer 8b999864f0 Bug 1381761 - Test data: URIs inherit the CSP even if treated as unique, opaque origins. r=dveditz 2017-08-04 14:10:38 +02:00
Christoph Kerschbaumer 38a3b36992 Bug 1386183 - Test Meta CSP on data: URI iframe to be merged with CSP from including context. r=dveditz 2017-08-03 10:52:27 +02:00
Wes Kocher 20689fef47 Backed out 2 changesets (bug 1376895) for breaking browser_identity_UI.js with assertions in nsPermissionManager.cpp a=backout
Backed out changeset 620d01ac103a (bug 1376895)
Backed out changeset 3a06ab7fda1a (bug 1376895)

MozReview-Commit-ID: 2C8kUg77dz8
2017-08-14 13:13:45 -07:00
Gabor Krizsanits 7f2b53e79a Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-14 17:42:05 +02:00
Sebastian Hengst ddd4030358 merge mozilla-inbound to mozilla-central. r=merge a=merge
MozReview-Commit-ID: IrMqWiJhwan
2017-08-01 11:23:57 +02:00
Nicholas Nethercote 73558eac3d Bug 1384834 (part 2) - Remove remaining uses of nsAdoptingCString. r=erahm.
--HG--
extra : rebase_source : 70a385a0a06bc88e728d51459e7460a68f15f7fb
2017-07-28 11:21:47 +10:00
Nicholas Nethercote d18fdecf67 Bug 1384834 (part 1) - Remove remaining uses of nsAdoptingString. r=erahm.
--HG--
extra : rebase_source : c81ee11b9d08198a000979760a8e29a01e9498d0
2017-07-28 11:21:45 +10:00
Wes Kocher b11975d1ad Merge m-c to autoland, a=merge
MozReview-Commit-ID: L5cEw8jWPNI
2017-07-31 17:53:14 -07:00
Sebastian Hengst 915c63c332 merge mozilla-central to mozilla-inbound. r=merge a=merge 2017-07-31 11:28:37 +02:00
Nicholas Nethercote 72c884bf74 Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
--HG--
extra : rebase_source : d317b25be2ec21d1a60d25da3689e46cdce0b649
2017-07-31 14:28:48 +10:00
Kyle Machulis ef8d138ba7 Bug 1279218 - Remove tests related to the applet tag; r=bz
MozReview-Commit-ID: FzzA5Qic4Uq

--HG--
extra : rebase_source : 64206ee3e5073bafd822b23040fe6e24dda3463f
2017-07-10 16:15:16 -07:00
Carsten "Tomcat" Book d360d49d2a merge mozilla-inbound to mozilla-central a=merge 2017-07-27 10:57:25 +02:00
Bevis Tseng d935b29e72 Bug 1378930 - Part 1: Remove nsINamed::SetName(). r=billm
MozReview-Commit-ID: 7aM1yJRsfPH

--HG--
extra : rebase_source : f207a37be835ac4e6c431af56737cebacf5c566d
2017-07-21 11:50:43 +08:00
Kartikaya Gupta ba4b3b9101 Bug 1384233 - Remove SizePrintfMacros.h. r=froydnj
We have a minimum requirement of VS 2015 for Windows builds, which supports
the z length modifier for format specifiers. So we don't need SizePrintfMacros.h
any more, and can just use %zu and friends directly everywhere.

MozReview-Commit-ID: 6s78RvPFMzv

--HG--
extra : rebase_source : 009ea39eb4dac1c927aa03e4f97d8ab673de8a0e
2017-07-26 16:03:57 -04:00
Christoph Kerschbaumer e4b4af3900 Bug 1331351: Disable mochitest on android. r=me 2017-07-25 13:33:50 +02:00
Christoph Kerschbaumer 2d37dad0be Bug 1331351: Test allow toplevel window data: URI navigations from system. r=smaug 2017-07-24 18:51:39 +02:00
Christoph Kerschbaumer e116c4627b Bug 1331351: Test block toplevel window data: URI navigations. r=smaug 2017-07-24 18:52:01 +02:00
Andrew McCreight bf7fff95f0 Bug 1379786, part 4 - Use GetIsSystemPrincipal() method instead of going through secman in CHECK_PRINCIPAL_AND_DATA. r=mrbkap
MozReview-Commit-ID: INBsjjxbXZz

--HG--
extra : rebase_source : fd6d491d01acc70be1bf51e25ec31bbcde81344a
2017-07-10 15:00:03 -07:00
Ryan VanderMeulen 112cadfae3 Merge m-c to autoland. a=merge 2017-07-14 09:52:56 -04:00
Kartikaya Gupta 1ad55fc00a Bug 1380683 - Fix test_frameNavigation.html to pass with webrender enabled. r=jhao
MozReview-Commit-ID: 7CiM1eAFNJU

--HG--
extra : rebase_source : 0900fcc0cee8d44957408929f5451093e1db0728
2017-07-13 11:17:16 -04:00
Honza Bambas 3e3a7ddb9b Bug 1367814 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
This allows protocol handlers that load data from a privileged URI (chrome/file/jar) to make the channel's principal
as well as the redirect to look like (to) an unprivileged URI or a URI allowed to load to function correctly.
2017-07-13 05:51:00 +02:00
Carsten "Tomcat" Book 6ea5505659 Backed out changeset 13a9e2bbb96a (bug 1256122) for landing with wrong bug number in commit message 2017-07-13 15:41:53 +02:00
Honza Bambas 1fead4cd75 Bug 1256122 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
This allows protocol handlers that load data from a privileged URI (chrome/file/jar) to make the channel's principal
as well as the redirect to look like (to) an unprivileged URI or a URI allowed to load to function correctly.
2017-07-13 05:51:00 +02:00
Nicholas Nethercote c86dc10505 Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:

- a 16-bit C string literal, which is then converted to an 8-bit string in
  order for the lookup to occur;

- an 8-bit C string literal converted to a 16-bit string, which is then
  converted back to an 8-bit string in order for the lookup to occur.

This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.

The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.

Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.

The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)

--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00
Kate McKinley 84d5adef43 Bug 1331730 - Log CORS messages from the content process r=bz,mayhemer
In e10s, a channel created by parent does not have a reliable reference
to the inner window ID that initiated the request. Without that, the
channel must request that the content process log and blocked messages
to the web console. This patch creates a new ipdl interface to pass the
message from the parent to the child process. The nsCORSListenerProxy
also needs to keep a reference to the nsIHttpChannel that created it so
it can find its way back to the child. Additionally, the
HttpChannelParent needs to be propagated when creating a new channel for
CORS.

MozReview-Commit-ID: 8CUhlVCTWxt

--HG--
extra : rebase_source : 350f39ad6f7ada39e88dfcc69c4f2c470e2be0de
2017-02-15 12:40:41 +09:00
Geoff Brown a6583be403 Bug 1376238 - Skip browser_hsts-priming_include-subdomains.js on linux for intermittent failures; r=me,test-only 2017-07-12 10:48:29 -06:00
Yoshi Huang 9ff74a50f4 Bug 1373513 - Part 3: Revert Bug 1363634. r=ckerschb
Revert what we did in Bug 1363634, from the spec, data:text/css should be same origin.
2017-07-12 11:00:34 +08:00
Christoph Kerschbaumer 250d4b1ff8 Bug 1377426 - Set CSP on freshly created nullprincipal when iframe is sandboxed. r=dveditz 2017-07-11 08:48:37 +02:00
Sylvestre Ledru 4e9cf83ee8 Bug 1378712 - Remove all trailing whitespaces r=Ehsan
MozReview-Commit-ID: Kdz2xtTF9EG

--HG--
extra : rebase_source : 7235b3802f25bab29a8c6ba40a181a722f3df0ce
2017-07-06 14:00:35 +02:00
Bill McCloskey f115503a0b Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Joel Maher a039d5288b Bug 1311239 - Intermittent dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js. temporarily disable. r=gbrown
MozReview-Commit-ID: EWCAOjebfcH
2017-06-23 15:12:34 -04:00
Nicholas Nethercote f1364a75ea Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
All the instances are converted as follows.

- nsSubstring  --> nsAString
- nsCSubstring --> nsACString

--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
Nicholas Nethercote fe9268c4cd Bug 1374580 (part 2) - Remove nsAFlat{,C}String typedefs. r=froydnj.
All the instances are converted as follows.

- nsAFlatString  --> nsString
- nsAFlatCString --> nsCString

--HG--
extra : rebase_source : b37350642c58a85a08363df2e7c610873faa6e41
2017-06-20 19:19:05 +10:00
Florian Quèze 66f6d259bc Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop. 2017-06-22 12:51:42 +02:00
Paolo Amadini 10ee6a5c4e Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.

MozReview-Commit-ID: 1buqgX1EP4P

--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
2017-06-19 11:32:37 +01:00
Kate McKinley 396962011a Bug 1363546 - Store and report HSTS upgrade source r=francois,keeler,mayhemer p=francois
Add a field to the HSTS cache which indicates the source of the HSTS
entry if known, from the preload list, organically seen header, or HSTS
priming, or unknown otherwise. Also adds telemetry to collect the source
when upgrading in NS_ShouldSecureUpgrade.

MozReview-Commit-ID: 3IwyYe3Cn73

--HG--
extra : rebase_source : 9b8daac3aa02bd7a1b4285fb1e5731a817a76b7f
2017-05-23 15:31:37 -07:00
Christoph Kerschbaumer 829704554e Bug 1370788 - Move XFO out of nsDSURIContentListener.cpp into dom/security. r=smaug 2017-06-19 06:59:44 +02:00
Yoshi Huang 5dcdd16255 Bug 1267075 - Part 1: call SetBlockedRequest when CSP check failed. r=bz
As a follow-up from bug 1206961, we will remove calling CanLoadImage in
this bug. Also in the case of CSP check failed, we will call
SetBlockedRequest in those cases.

See https://bugzilla.mozilla.org/show_bug.cgi?id=1267075#c30 for the
analysis between the old and new setup.
2017-06-16 10:12:08 +08:00
Kate McKinley 37a7ace256 Bug 1359987 - Update HSTS priming telemetry r=ckerschb,francois,mayhemer p=francois
Collect telemetry for all requests to get an exact percentage of
requests that are subject to HSTS priming, and how many result in an
HSTS Priming request being sent. Clean up telemetry to remove instances
of double counting requests if a priming request was sent.

HSTSPrimingListener::ReportTiming was using mCallback to calculate
timing telemetry, but we were calling swap() on the nsCOMPtr. Give it an
explicit argument for the callback.

Add tests for telemetry values to all of the HSTS priming tests. This
tests for the minimum as telemetry may be gathered on background or
other requests.

MozReview-Commit-ID: 5V2Nf0Ugc3r

--HG--
extra : rebase_source : daa357219a77d912a78b95a703430f39d884c6ab
2017-05-09 15:36:07 -07:00
Christoph Kerschbaumer 0d10a7c233 Bug 1024557 - Test XFO is ignored when frame-ancestors is present. r=smaug 2017-06-07 10:12:55 +02:00
Christoph Kerschbaumer 632fd14dfa Bug 1024557 - Ignore x-frame-options if CSP with frame-ancestors exists. r=smaug 2017-06-07 21:17:49 +02:00
Christoph Kerschbaumer b6b3bb161d Bug 1367531: Update CSP frame ancestors test to make sure paths are ignored. r=dveditz 2017-06-06 09:12:32 +02:00
Christoph Kerschbaumer 4956d67907 Bug 1367531: CSP should only check host (not including path) when performing frame ancestors checks. r=dveditz 2017-06-06 09:12:13 +02:00
Yoshi Huang 7aef584058 Bug 1363634 - rewrite test_style_crossdomain.html. r=ckerschb
data:text/css should be considered as a CORS request, and should be
blocked if crossorigin is not specified.
Also move the original test to test_style-crossdomain_legacy.html


--HG--
rename : dom/security/test/sri/iframe_style_crossdomain.html => dom/security/test/sri/iframe_style_crossdomain_legacy.html
2017-05-23 09:02:06 +08:00
Francois Marier c10dd4c73c Bug 1364262 - Convert SRI metadata to ASCII before parsing it. r=ckerschb
MozReview-Commit-ID: Ekw8lNzDvou

--HG--
extra : rebase_source : a2fe92e804b5b690856c44783e88d815e38e2922
2017-05-16 17:33:22 -07:00
Christoph Kerschbaumer e4f38c8d7c Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian 2017-05-15 21:49:50 +02:00
Birunthan Mohanathas 5e41427024 Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley
According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:
- 349501cdaa
- https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy

Note that we only whitelist '127.0.0.1' and '::1' to match Chrome 53 and
later. See:
- 130ee686fa

It is unclear if HTTPS origins should be able to use workers and WebSocket
connections through a loopback HTTP address. They are not supported in Chrome
(whether this is intentional or not is uncertain) so lets just ignore them for
now.

See also: https://github.com/w3c/web-platform-tests/pull/5304
2017-05-10 20:50:00 +03:00
Christoph Kerschbaumer 917075833b Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug 2017-05-10 18:40:57 +02:00
Christoph Kerschbaumer b9a841105c Bug 1355801: Nonce should not apply to images tests. r=dveditz 2017-05-10 08:53:27 +02:00
Christoph Kerschbaumer e5865a7980 Bug 1355801: Nonce should only apply to script and style. r=dveditz 2017-05-10 08:52:24 +02:00
Christoph Kerschbaumer 58bdcd15b5 Bug 1345615: Disable websocket tests on android. r=test-fix 2017-04-27 17:28:13 +02:00
Dragana Damjanovic 9a3cfa6017 Bug 1334776 - Store header names into nsHttpHeaderArray. r=mcmanus 2017-04-27 16:48:36 +02:00
Christoph Kerschbaumer 62c0c912c8 Bug 1345615: Test websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:35 +02:00
Christoph Kerschbaumer f18a8897be Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
Cykesiopka 7c0b9e9d34 Bug 1356522 - Remove unnecessary nsICryptoHash output CRLF filtering in nsCSPUtils.cpp. r=ckerschb
This filtering is no longer necessary now that the fix for Bug 1338897 has landed and has gotten rid of the CRLF behaviour.

MozReview-Commit-ID: 9OKmrtQN3Cq

--HG--
extra : transplant_source : %C2%CD%AC%F6j%F5%D0%00%7E%AC%D2j%ACW%83%60%3B%F0%ED%CC
2017-04-17 17:34:18 +08:00
Florian Queze 37ff4fc7cc Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws. 2017-04-14 21:51:38 +02:00
Sebastian Hengst a07223d699 Backed out changeset 322fde2d53bf (bug 1356569) so bug 1355161 can be backed out. r=backout 2017-04-14 23:39:22 +02:00
Florian Queze 95d4d20c17 Bug 1356569 - Remove addObserver's last parameter when it is false, r=jaws. 2017-04-14 21:51:38 +02:00
Dan Banner cdf987089d Bug 1107904 - Remove packed.js and references to it as it is unused. r=standard8
MozReview-Commit-ID: K5TLF92pHq4

--HG--
extra : rebase_source : 295bf325a07fa8ec4c55a8babf5418588308dca6
2017-04-12 11:10:00 +01:00
Joel Maher 694ea4ea3b Bug 1183300 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disable on win7. r=ckerschb,gbrown
MozReview-Commit-ID: AslnFrYGOVw
2017-04-09 05:43:47 -04:00
Kate McKinley d082c41757 Bug 1322044 - Only mark a subdomain cached when includeSubDomains is true r=ckerschb,keeler
MozReview-Commit-ID: 3lFkuLauyGg

--HG--
extra : rebase_source : c356f1d4bef73b634eed6ca4d8078281ebc3ce3c
2017-02-13 13:36:01 +09:00
Thomas Nguyen afaba58d52 Bug 1339004 - Do DocGroup labeling in dom/security. r=ckerschb,smaug
MozReview-Commit-ID: 3QoH8P4J85I

--HG--
extra : rebase_source : 6f62454001fc02380f8aea99a56eff38de0e9fb6
2017-03-29 10:20:32 +08:00
Andrea Marchesini 2c716cd273 Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan 2017-03-29 15:28:46 +02:00
Sebastian Hengst eadf7b5c6e Backed out changeset 4af10700c64c (bug 1347817) 2017-03-29 11:17:04 +02:00
Andrea Marchesini 4b77f4a4b9 Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan 2017-03-29 08:27:17 +02:00
Christoph Kerschbaumer f49ee1fdca Bug 1316305 - Explicilty call .close() for websocket in test. r=baku 2017-03-22 13:04:02 +01:00
Andrea Marchesini 507c00cb9f Bug 1343933 - Renaming Principal classes - part 4 - ContentPrincipal, r=qdot
--HG--
rename : caps/nsPrincipal.cpp => caps/ContentPrincipal.cpp
rename : caps/nsPrincipal.h => caps/ContentPrincipal.h
2017-03-22 11:39:31 +01:00
Frederik Braun 56207a1b8b Bug 1073952: tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,Tomcat
MozReview-Commit-ID: 5Q8XIJPrRPk

--HG--
extra : rebase_source : 391431d3585173d096ab58747a854542dfd3adca
2017-01-30 14:12:15 +01:00
Frederik Braun 17c2bf2604 Bug 1224225: Tests for punycode/unicode in CSP source matching code r=ckerschb,KWierso
MozReview-Commit-ID: 21Mr9ekUvnk

--HG--
extra : rebase_source : be5d673efaa31e322fea5da5ff4e7e6fa749daca
2017-03-15 13:22:55 +01:00
Frederik Braun cef461241c Bug 1224225: Use GetAsciiHost in CSP source matching code r=ckerschb,KWierso
MozReview-Commit-ID: B7SwUEMiVwc

--HG--
extra : rebase_source : d5dbec9f6aac4a627c35fb93f85f8e922fa695dd
2017-03-15 13:22:06 +01:00
Carsten "Tomcat" Book dba578960e merge mozilla-inbound to mozilla-central a=merge 2017-03-14 14:23:03 +01:00
Christoph Kerschbaumer 658552e990 Bug 1316305 - Add debug information for test_upgrade_insecure_requests. r=jmaher 2017-03-13 12:00:46 +01:00
David Major dc67bfc9a3 Bug 1344629 - Part 6: Rewrite unnecessary uses of nsLiteralString. r=dbaron
There's an antipattern where nsLiteralString is used as an unnecessary intermediary in converting from CharT* to CharT*,
e.g. CallAFunctionThatTakesACharPointer(NS_LITERAL_CSTRING("foo").get());
or
NS_NAMED_LITERAL_STRING(foo, "abc");
CallAFunctionThatTakesACharPointer(foo.get());

This patch rewrites the callsites that can be trivially changed to use char*/char16_t*.

I'd somewhat like to remove nsTLiteralString::get() altogether, but in code that's less straightforward than these examples, get() is useful enough to keep.

MozReview-Commit-ID: Kh1rUziVllo

--HG--
extra : rebase_source : c21a65694d6e1c42fd88f73632f7ac8f38d005ae
2017-03-14 15:26:27 +13:00
Iris Hsiao 5cece96e1c Backed out 12 changesets (bug 1344629) for stylo build bustage
Backed out changeset cf4273d3ac30 (bug 1344629)
Backed out changeset a96390e044e0 (bug 1344629)
Backed out changeset d9b330f9bc24 (bug 1344629)
Backed out changeset 2b460fe020af (bug 1344629)
Backed out changeset 0ada91b0452e (bug 1344629)
Backed out changeset 083304fcd6bd (bug 1344629)
Backed out changeset 53d7d1ce2c97 (bug 1344629)
Backed out changeset 55eee7078ae4 (bug 1344629)
Backed out changeset 7d3c06b3eca9 (bug 1344629)
Backed out changeset e5df14c3db61 (bug 1344629)
Backed out changeset 636095ff2815 (bug 1344629)
Backed out changeset 0be052ad24c1 (bug 1344629)
2017-03-14 11:52:24 +08:00
David Major 40f4821701 Bug 1344629 - Part 6: Rewrite unnecessary uses of nsLiteralString. r=dbaron
There's an antipattern where nsLiteralString is used as an unnecessary intermediary in converting from CharT* to CharT*,
e.g. CallAFunctionThatTakesACharPointer(NS_LITERAL_CSTRING("foo").get());
or
NS_NAMED_LITERAL_STRING(foo, "abc");
CallAFunctionThatTakesACharPointer(foo.get());

This patch rewrites the callsites that can be trivially changed to use char*/char16_t*.

I'd somewhat like to remove nsTLiteralString::get() altogether, but in code that's less straightforward than these examples, get() is useful enough to keep.

MozReview-Commit-ID: Kh1rUziVllo

--HG--
extra : rebase_source : c21a65694d6e1c42fd88f73632f7ac8f38d005ae
2017-03-14 15:26:27 +13:00
Andrea Marchesini e9195daa8d Bug 1345168 - Get rid of OriginAttributes::Inherit, r=tjr 2017-03-08 07:41:51 +01:00
Wei-Cheng Pan 510ba75c20 Bug 1310127 - Part 17: Use MOZ_MUST_USE in netwerk/protocol/http r=smaug
MozReview-Commit-ID: 5gvVZtsa3yS

--HG--
extra : rebase_source : 5e1ab2fc06ae58f18abb8909ac93f9512abbe220
2016-12-20 11:49:32 +08:00
Ursula Sarracini 6b1858e254 Bug 1340181 - Hide Activity Stream URL in URLbar r=fkiefer,mconley
MozReview-Commit-ID: F0P5tn2wyG

--HG--
extra : rebase_source : a9f766913b8340e12a4f526dc741e8ed752e6acf
2017-02-22 13:18:09 -05:00
Masatoshi Kimura 7be7b11a1c Bug 1342144 - Remove version parameter from the type attribute of script elements. r=jmaher
This patch is generated by the following sed script:
find . ! -wholename '*/.hg*' -type f \( -iname '*.html' -o -iname '*.xhtml' -o -iname '*.xul' -o -iname '*.js' \) -exec sed -i -e 's/\(\(text\|application\)\/javascript\);version=1.[0-9]/\1/g' {} \;

MozReview-Commit-ID: AzhtdwJwVNg

--HG--
extra : rebase_source : e8f90249454c0779d926f87777f457352961748d
2017-02-23 06:10:07 +09:00
Joel Maher 51bcce91f3 Bug 1316305 - Intermittent dom/security/test/csp/test_upgrade_insecure.html. disabled on osx. r=gbrown
MozReview-Commit-ID: FyX1wqxhyT7
2017-02-24 12:33:21 -05:00
Kate McKinley c69d150710 Bug 1339669 - Update security.mixed_content.hsts_priming_cache_timeout default r=mayhemer
MozReview-Commit-ID: CNFrPUyrdO8

--HG--
extra : rebase_source : 858da20cf65369ede5908b07921dfba501956b84
2017-02-16 10:48:59 +09:00
Jonathan Hao c23b7c4dcc Bug 1323644 - Isolate the HSTS and HPKP storage by first party domain (DOM/DocShell) r=baku,ckerschb
MozReview-Commit-ID: AZUfZffsLxu

--HG--
extra : rebase_source : bcd831e5ba7e92dd142747dccacba5cd34da016e
2017-02-14 10:29:24 +08:00
Xidorn Quan 3e72a08b95 Bug 1339394 - Don't serialize transparent color to transparent keyword when not necessary. r=heycam,jaws
MozReview-Commit-ID: 59cmaCoFJMR

--HG--
extra : rebase_source : 3b927d3c056b66e98f457de1726cf9d459eb8708
2017-02-16 10:26:13 +11:00
Tom Tromey 5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
Ben Kelly 0e176007bb Bug 1322111 P1 Add TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS content policy type. r=ckerschb 2017-02-15 09:55:58 -05:00
Carsten "Tomcat" Book 4bb208b812 Backed out changeset 4a964c3f1759 (bug 1339394) for suspicion of causing failures on OS X browser_selectpopup.js tests 2017-02-15 14:43:57 +01:00
Xidorn Quan 8a139d9ab8 Bug 1339394 - Don't serialize transparent color to transparent keyword when not necessary. r=heycam
MozReview-Commit-ID: 59cmaCoFJMR

--HG--
extra : source : 6c2a110bb5f4c7d4b1efd81a5cf03878291f7591
extra : amend_source : e2cdd8e042f99c53dceb69e02b422d62cdc01e1f
2017-02-15 20:47:26 +11:00
Ben Kelly 564ce2618f Bug 1338304 P1 Make nsCSPService cancel the channel if a redirect is blocked by CSP. r=ckerschb 2017-02-14 10:06:38 -05:00
Tooru Fujisawa 6582faf6eb Bug 1338251 - Remove remaining legacy generator from dom/security/test/hsts/. r=smaug 2017-02-11 01:53:23 +09:00
Tim Huang 756cf900c9 Bug 1336802 - Part 2: Updating the whole code base to make sure nsILoadInfo get null check. r=smaug
--HG--
extra : rebase_source : 22149fd540fd02119afe9fe5c9a815d01cf959c1
2017-02-07 11:49:34 +08:00
Carsten "Tomcat" Book bb03ec5d0c Merge mozilla-central to autoland 2017-02-08 11:32:21 +01:00
Kate McKinley af9b4969e3 Bug 1334838 - Avoid matching same host with a non-test URI a=testonly r=ckerschb
MozReview-Commit-ID: 7Ok7FXFtMoH

--HG--
extra : rebase_source : 99e6beac73e043e9d6174277ab9458fe8d7556c7
2017-02-08 11:28:29 +08:00
Franziskus Kiefer 456a4733d7 Bug 1336654 - update expired certs and signatures for content signature tests, r=mgoodwin
--HG--
extra : rebase_source : ec6a62f2f8d651f6e2cc8d4dade93d9647d03a10
2017-02-06 10:07:49 +01:00
Wes Kocher f9c7eaa259 Bug 1336654 - Skip the suddenly permafailing tests to reopen the tree a=me CLOSED TREE
MozReview-Commit-ID: 1KLjbaojvYc
2017-02-03 17:17:51 -08:00
Andrea Marchesini 43b97e9ea3 Bug 1288768 - Better error reporting for network errors in workers - WPT, r=bz 2017-01-28 15:40:08 +01:00
Phil Ringnalda 5d4072a82c Merge m-i to m-c, a=merge 2017-01-28 13:09:00 -08:00
Phil Ringnalda 439b10ced6 Backed out 2 changesets (bug 1288768) for wptlint failure
Backed out changeset 3361d527f683 (bug 1288768)
Backed out changeset d8b8219c20d6 (bug 1288768)
2017-01-28 08:10:26 -08:00
Andrea Marchesini cab859bea8 Bug 1288768 - Better error reporting for network errors in workers - WPT, r=bz 2017-01-28 15:40:08 +01:00
Kate McKinley 0baeefeea1 Bug 1328460 - Don't send priming to IP or non-standard ports r=ckerschb
MozReview-Commit-ID: GLyLfp8gqYt

--HG--
extra : rebase_source : f722504803ed63c5d3be9b84d5053cb1abea984e
2017-01-23 14:01:43 -08:00
Florian Quèze b11907c7aa Bug 1334156 - script-generated patch to replace .ownerDocument.defaultView with .ownerGlobal, r=jaws. 2017-01-27 10:51:03 +01:00
Florian Quèze 2cf30507bd Bug 1334261 - script-generated patch to remove more newURI null parameters, r=jaws. 2017-01-27 10:51:02 +01:00
Florian Quèze be4dbae285 Bug 1334199 - script-generated patch to omit getComputedStyle's second argument when it's falsy, r=jaws. 2017-01-27 10:51:02 +01:00
Wes Kocher 3317135d5c Backed out 3 changesets (bug 1073952) for test_iframe_srcdoc.html failures a=backout
Backed out changeset e63233859ee1 (bug 1073952)
Backed out changeset 5534087efac3 (bug 1073952)
Backed out changeset 1e631015acc8 (bug 1073952)

MozReview-Commit-ID: Fmrv8mz4HYI
2017-01-27 10:37:05 -08:00
Joel Maher 2c0ed9cf64 Bug 1334242 - add BUG_COMPONENT to dom/security/* files. r=ckerschb
MozReview-Commit-ID: EeYWpLBI5G5
2017-01-27 08:18:50 -05:00
Frederik Braun d15c007015 Bug 1073952 - Part 2 - tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,dveditz
MozReview-Commit-ID: DPJRqEut5pu
2017-01-27 01:05:00 +01:00
Frederik Braun f72672a461 Bug 1073952: inherit CSP into iframe sandbox srcdoc r=ckerschb,dveditz
MozReview-Commit-ID: KTzCLoDfYnd
2017-01-27 01:05:00 +01:00
Brendan Dahl b27f51d095 Bug 1277102 - Use nsIDocShellTreeItem::ItemType during nsCSPContext::PermitsAncestry. r=ckerschb 2017-02-01 14:58:00 -05:00
Christoph Kerschbaumer 52276acb40 Bug 1271173 - Test upgrade-insecure-requests for navigational requests. r=smaug,freddyb 2016-05-09 13:37:49 +02:00
Christoph Kerschbaumer e7473c84f8 Bug 1329288: Allow content policy consumers to identify contentPolicy checks from docshell. r=bz,kmaglione 2017-01-22 18:05:03 +01:00
Christoph Kerschbaumer dd581118f0 Bug 1329288 - Test ContentPolicy blocks opening a new window. r=smaug 2017-01-22 17:42:42 +01:00
Sebastian Hengst 040a162daf Backed out changeset 828efd8ce683 (bug 1329288) 2017-01-22 13:09:53 +01:00
Sebastian Hengst a692f05c85 Backed out changeset 69fb2fc61535 (bug 1329288) 2017-01-22 13:09:48 +01:00
Christoph Kerschbaumer 130fcb1f75 Bug 1329288: Allow content policy consumers to identify contentPolicy checks from docshell. r=bz,kmaglione 2017-01-22 07:30:26 +01:00
Christoph Kerschbaumer 5b0e184329 Bug 1329288 - Test ContentPolicy blocks opening a new window. r=smaug 2017-01-22 07:30:10 +01:00
Mark Banner 16e6d381ac Bug 503613 - Remove old 'tail =' lines from xpcshell.ini files; r=gps
MozReview-Commit-ID: 62Hp5ISxowJ

--HG--
extra : rebase_source : daa8efb3409031fea553f4fd0c9d0746e38dc308
extra : histedit_source : b4c23aacf678ba0d0ac9c09191a7c494ead11a08
2017-01-18 10:30:39 +00:00
Ehsan Akhgari 4ef7762311 Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb 2017-01-18 15:18:29 -05:00
Ehsan Akhgari ee5969e9c2 Backout changeset 7040329487e9 (bug 1331838) because it was the wrong patch 2017-01-18 15:18:29 -05:00
Ehsan Akhgari 842ce9fb2d Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb 2017-01-18 13:11:42 -05:00
Sebastian Hengst 5baf0e453e Backed out changeset 8acb67f2e136 (bug 1331838) for failing GTest CSPParser.SimplePolicies. r=backout on a CLOSED TREE 2017-01-18 17:28:03 +01:00
Ehsan Akhgari 42a8bbcbb1 Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb 2017-01-18 08:57:13 -05:00
Florian Quèze 85611a7b6d Bug 1331081 - script generated patch to omit addEventListener/removeEventListener's third parameter when it's false, r=jaws.
--HG--
extra : rebase_source : a22344ee1569f58f1f0a01017bfe0d46a6a14602
2017-01-17 11:50:25 +01:00
Tuhina 265b3a3710 Bug 1303685: Add telemetry for CSP referrer directive. r=ckerschb,francois 2016-11-04 21:36:25 +05:30
Carsten "Tomcat" Book 054061a872 Merge mozilla-central to mozilla-inbound 2017-01-12 10:36:29 +01:00
Christoph Kerschbaumer 0c9692f60f Bug 1330035 - Explicitly use javascript: instead of URI_INHERITS_SECURITY_CONTEXT within subjectToCSP(). r=dveditz 2017-01-12 09:42:23 +01:00
Carsten "Tomcat" Book b815edc5b6 Backed out changeset d5ba64015065 (bug 1329288) 2017-01-11 15:41:43 +01:00
Christoph Kerschbaumer ca27de3795 Bug 1329288 - Update test_contentpolicytype_targeted_link_iframe to not call finish several times. r=me 2017-01-11 14:44:52 +01:00
Kate McKinley edae411c07 Bug 1313595 - Lower HSTS priming timeout r=mayhemer
MozReview-Commit-ID: 5wOqtYM1MfD

--HG--
extra : rebase_source : 78cb81a9223c80b93b2c574846111eb3bad91c03
2016-12-08 11:07:55 -10:00
Geoff Brown ab089bc866 Bug 1324870 - Skip test_bug803225.html and test_ext_downloads_misc.js on linux32 only, to enable taskcluster migration; r=jmaher 2017-01-05 16:34:47 -07:00
Iris Hsiao 8ca3b2dc24 Backed out changeset 724fdfe8f396 (bug 1324870) 2017-01-05 12:21:31 -05:00
Geoff Brown 4fdfff0c12 Bug 1324870 - Skip test_bug803225.html and test_ext_downloads_misc.js on linux32 only, to enable taskcluster migration; r=jmaher
--HG--
extra : rebase_source : eb4c1e94381f46d54619f0a3ba65e3f5beed2221
2017-01-05 09:15:11 -07:00
Thomas Nguyen 0aaea58b69 Bug 1304623 - Create a pref to control the default referrer policy - part 3. r=bkelly
MozReview-Commit-ID: 1A6IHPeNYBQ
2017-01-05 11:29:56 +08:00
Christoph Kerschbaumer c88d12696d Bug 1182569: Update ContentSecurityManager to handle docshell loads. r=smaug 2017-01-03 20:59:30 +01:00
Thomas Wisniewski 47afdb3f0c Bug 1324542 - Code-quality tweaks for isValidBase64Value. r=ckerschb
--HG--
extra : rebase_source : 6077893a7edc62c5842c3a1c9f5be9386a6e7e7c
2016-12-20 11:56:14 -05:00
Tooru Fujisawa 515ef9ba45 Bug 1321218 - Remove legacy generator from dom/. r=smaug 2016-12-01 18:11:32 +09:00
André Bargull 8843a98210 Bug 1319936 - Remove String generics uses in dom. r=billm
--HG--
extra : rebase_source : f2b40e5d4a423035d2de8739570a76305a058cf0
2016-11-24 13:17:00 -08:00
Carsten "Tomcat" Book 450508f7f3 merge mozilla-inbound to mozilla-central a=merge 2016-11-29 11:39:49 +01:00
Carsten "Tomcat" Book 002a446aec Backed out changeset 3472d9d9dd47 (bug 1313595) for hopefully reducing crashes 2016-11-29 10:25:07 +01:00
Frederik Braun 29efcb86ac Bug 1316826 - Test for JS URLs and strict-dynamic. r=dveditz
MozReview-Commit-ID: EKmYoZbap25
2016-11-28 21:56:55 -05:00
Thomas Wisniewski fe33117844 Bug 1309219 - Only allow valid base64-values for CSP nonce and hash sources, per spec. r=francois 2016-11-24 21:46:09 -05:00
Frederik Braun 53901256a5 Bug 1316826 - Test case for strict-dynamic blocks inline event handlers. r=dveditz
MozReview-Commit-ID: 4TS4pUNeIS1

--HG--
extra : rebase_source : e517f4898d0a9873c77e2731152ce3255b7c5938
2016-11-21 15:13:29 -05:00
Ryan VanderMeulen e1487e92f8 Bug 1311599 - Disable HSTS tests on linux debug.
--HG--
extra : rebase_source : 5ad7d6ea972d4a350091458b0cc47dd148f13bb6
2016-11-21 12:30:56 -05:00
Andrea Marchesini 42cdd9436b Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 2, r=qdot 2016-11-18 09:33:50 +01:00
Andrea Marchesini 2f974ccbce Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 1, r=qdot 2016-11-18 09:33:33 +01:00
Sebastian Hengst 7110a88674 Backed out changeset d43b778d95c6 (bug 1318273) for failing mochitest fetch/test_formdataparsing.html. r=backout on a CLOSED TREE 2016-11-17 20:58:38 +01:00
Sebastian Hengst fdfd8b91d1 Backed out changeset 2560659cda95 (bug 1318273) 2016-11-17 20:57:59 +01:00
Andrea Marchesini a895bd31ae Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 2, r=qdot 2016-11-17 19:36:21 +01:00
Andrea Marchesini cf2ad8072f Bug 1318273 - Improve the use of SpecialPowers.pushPrefEnv() - part 1, r=qdot 2016-11-17 19:36:01 +01:00
Kate McKinley dcbe139332 Bug 1317115 turn off HSTS priming to suppress perma-orange a=test-only
MozReview-Commit-ID: I1bNquP4yT7
2016-11-15 10:52:45 +09:00
Kate McKinley 5565f4d518 Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
Default is 3 seconds

MozReview-Commit-ID: 47hoaTEL9hV
2016-11-08 17:49:39 +09:00
Phil Ringnalda 8562d3859b Backed out changeset a8be4ebc85cf (bug 1313595) for permaorange unexpected assertion in test_referrerdirective.html, a=backout
MozReview-Commit-ID: GxBqDrHHg7z
2016-11-14 18:30:58 -08:00
Kate McKinley b8eeda422c Bug 1313595 Reduce timeout for HSTS priming channels r=mayhemer
Default is 3 seconds

MozReview-Commit-ID: 47hoaTEL9hV

--HG--
extra : rebase_source : 6954dc92966122b15c60f19f5e91086fcd859728
2016-11-08 17:49:39 +09:00
Kate McKinley 5ef79ef9a4 Bug 1313596 - Increase HSTS Priming default cache timeout. r=mayhemer
MozReview-Commit-ID: 6sHuB4wIEu4

--HG--
extra : rebase_source : 9672c18384efe24f6cb5e1aa455217e37a97db90
2016-11-10 00:30:00 -05:00
Sebastian Hengst 115286c614 Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout 2016-11-09 11:31:38 +01:00
Tanuja Sawant 134e80abde Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb 2016-11-07 19:22:53 +05:30
Wes Kocher 41c087935b Merge m-c to inbound, a=merge 2016-11-08 14:08:34 -08:00
Christoph Kerschbaumer eb1fcc9de6 Bug 1299483 - CSP: Implement 'strict-dynamic', test default-src. r=dveditz 2016-11-08 13:34:36 +01:00
Christoph Kerschbaumer 54b5ba8aa1 Bug 1299483 - CSP: Implement 'strict-dynamic', parser inserted mochitests. r=dveditz,freddyb 2016-11-08 13:33:58 +01:00
Christoph Kerschbaumer 7148985f09 Bug 1299483 - CSP: Implement 'strict-dynamic', mochitests. r=dveditz,freddyb 2016-11-08 13:33:27 +01:00
Christoph Kerschbaumer d9efe93bac Bug 1299483 - CSP: Implement 'strict-dynamic', parser tests. r=dveditz,freddyb 2016-11-08 13:32:17 +01:00
Christoph Kerschbaumer 611dfdf9b7 Bug 1299483 - CSP: Implement 'strict-dynamic', parser changes. r=dveditz,freddyb 2016-11-08 13:08:33 +01:00
Christoph Kerschbaumer c267f70f91 Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb 2016-11-08 12:55:23 +01:00
Joel Maher 27b9e899b0 Bug 1311599 - Disable hsts tests on linux32-debug only. r=kmckinley
MozReview-Commit-ID: 2V5Xrfpwy3a

--HG--
extra : rebase_source : c02f00ac03368b5ce52598c23964e39f892e6007
2016-11-07 14:51:45 -05:00
Nicholas Nethercote e13c48fba9 Bug 1315170 - gtestify dom/security/test/TestCSPParser.cpp. r=francois.
--HG--
rename : dom/security/test/TestCSPParser.cpp => dom/security/test/gtest/TestCSPParser.cpp
extra : rebase_source : 52b30a4c063ce2d330108fa4b8382ff8e4adf1b0
2016-11-04 17:02:26 +11:00
Phil Ringnalda a7bc94158c Merge m-i to m-c, a=merge
MozReview-Commit-ID: H4VKCYDq5cD

--HG--
rename : xpcom/tests/TestAutoRef.cpp => xpcom/tests/gtest/TestAutoRef.cpp
rename : xpcom/tests/TestCOMArray.cpp => xpcom/tests/gtest/TestCOMArray.cpp
rename : xpcom/tests/TestCOMPtr.cpp => xpcom/tests/gtest/TestCOMPtr.cpp
rename : xpcom/tests/TestCOMPtrEq.cpp => xpcom/tests/gtest/TestCOMPtrEq.cpp
rename : xpcom/tests/TestFile.cpp => xpcom/tests/gtest/TestFile.cpp
rename : xpcom/tests/TestHashtables.cpp => xpcom/tests/gtest/TestHashtables.cpp
rename : xpcom/tests/TestID.cpp => xpcom/tests/gtest/TestID.cpp
2016-11-05 13:36:25 -07:00
Sebastian Hengst 4b45959d12 Bug 1310297 - Remove test annotations using b2g, mulet or gonk: dom/security. r=RyanVM
MozReview-Commit-ID: 8G41CCQ1P01

--HG--
extra : rebase_source : d8f02480bc506c06e13d0d47fa123df6f8b2f18d
2016-11-05 11:29:17 +01:00
Frederik Braun e8f0bc4a89 Bug 1312272 - Test that marquee event handlers are subject to CSP. r=smaug
MozReview-Commit-ID: 4KYon5u0ocf

--HG--
extra : histedit_source : 6de85932af364aba1960f16a51d20d32b8ec6b7c
2016-11-04 22:54:19 -04:00
Frederik Braun 579a6043ca Bug 1312680 - Test that require-sri-for blocks style loads via @import r=francois
MozReview-Commit-ID: A8DPWH2S3sD
2016-11-03 03:18:00 +01:00
Carsten "Tomcat" Book 921f2dc51d Merge mozilla-central to mozilla-inbound
--HG--
extra : amend_source : 754a1f5236bea4ec4fcaac985945aa89f6c29769
2016-10-20 16:50:23 +02:00
Kate McKinley 26490f6904 Bug 1310955 - Fix nsSiteSecurityService cache retrieval r=ckerschb,keeler
MozReview-Commit-ID: 55DpKrqcL1x

--HG--
extra : rebase_source : 5e068cc70c45dd1844a0e59559875cde659f202a
2016-10-18 20:09:15 +09:00
Phil Ringnalda 6c91017f20 Merge m-i to m-c, a=merge
MozReview-Commit-ID: FA9OZyjP59N
2016-10-18 19:36:18 -07:00
Ehsan Akhgari f13c011369 Bug 1310895 - Remove support for app default and manifest CSP enforcement; r=baku 2016-10-18 09:40:41 -04:00
Kate McKinley 5b82359aa3 Bug 1305993 - Break tests up to avoid timeouts r=philor
MozReview-Commit-ID: 8y2gwNjnEnT

--HG--
extra : rebase_source : c24354dd7c60064b38bbbad067806d3c0a52c690
2016-10-07 17:19:38 +09:00
Christoph Kerschbaumer 066a3827af Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb 2016-10-14 20:07:32 +02:00
Sebastian Hengst 24324313f6 Backed out changeset f443b21ba9de (bug 1307321) for unexpected passing of scripthash-unicode-normalization.sub.html. r=backout 2016-10-14 17:51:22 +02:00
Christoph Kerschbaumer 0341cd9771 Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb 2016-10-14 15:23:24 +02:00
Ehsan Akhgari 9de6bbbaec Bug 1261019 - Part 3: Remove Navigator.mozApps and code depending on it; r=myk,jryans,fabrice,mcmanus,peterv 2016-10-13 13:18:41 -04:00
Andrea Marchesini 793b227795 Bug 1309818 - Fixing some warning when compiling dom/*, r=smaug 2016-10-13 14:33:07 +02:00
Steven Englehardt f4e92ab657 Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb 2016-10-13 15:44:00 +08:00
Tim Huang 372ec56ff4 Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb 2016-10-13 15:43:54 +08:00
Wes Kocher 2142de26c1 Backed out 8 changesets (bug 1277803) for browser-chrome test failures a=backout
Backed out changeset 477890efdb88 (bug 1277803)
Backed out changeset 49da326bfe68 (bug 1277803)
Backed out changeset 2d17a40a9077 (bug 1277803)
Backed out changeset b1cb0a195ca1 (bug 1277803)
Backed out changeset c7d82459d152 (bug 1277803)
Backed out changeset 3be9a06248af (bug 1277803)
Backed out changeset 8d119ca96999 (bug 1277803)
Backed out changeset be767a6f7ecd (bug 1277803)
2016-10-12 14:26:00 -07:00
Steven Englehardt 226661a0bc Bug 1277803 - Part 5 : A test to verify the loadingPrincipal of favicon loads. r=ckerschb 2016-10-12 17:32:11 +08:00
Tim Huang 0ceca5575d Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb 2016-10-12 17:32:03 +08:00
Richard Barnes ea829544cd Bug 1308951 - Add a pref to whitelist specific domains as SecureContexts r=ckerschb,jcj
MozReview-Commit-ID: AxihCLsBNRw

--HG--
extra : rebase_source : bd2800c65af839ef67f4ca9a841f08884ac9c539
2016-10-10 11:32:24 -04:00
Yoshi Huang 06ba09a073 Bug 1264137 - Part 3: perform ContentPolicy check if the load is happening on this docshell. r=bz, smaug 2016-10-07 17:40:21 +08:00
Iris Hsiao e6ab0adc40 Backed out changeset d283c59402ce (bug 1277803)
CLOSED TREE
2016-10-07 11:24:08 +08:00
Iris Hsiao 596b8e86ce Backed out changeset 76788d4f83ce (bug 1277803)
CLOSED TREE
2016-10-07 11:23:40 +08:00
Steven Englehardt 1925944f12 Bug 1277803 - Part 5: Add a test to verify the loadingPrincipal of favicon loads. r=ckerschb 2016-09-13 00:33:00 -04:00
Tim Huang 85a1cb6b99 Bug 1277803 - Part 1: Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb 2016-09-07 00:38:00 -04:00
Nicolas B. Pierron 395abf823f Bug 1288104 part 2 - Instrument SRICheckDataVerifier to load/save the computed hash from the bytecode cache. r=francois 2016-10-20 09:44:33 +00:00
Frederik Braun ae7fb1e8d0 Bug 1279139 - require-sri-for needs to govern scriptloading for workers. r=baku
MozReview-Commit-ID: 3m21kbiV5qK

--HG--
extra : rebase_source : 30c784392e96c1b28c55d38959cc529093b9b568
2016-10-04 02:36:00 +02:00
Christoph Kerschbaumer b0951acfc5 Bug 1302539 - X-Content-Type-Options: nosniff should not apply to images (temporarily). r=dveditz 2016-09-30 09:38:44 +02:00
Edgar Chen cf7304c3c6 Bug 1306007 - Part 1: Remove srcset/picture feature control preference; r=jdm,smaug
MozReview-Commit-ID: BsyTHeqiGZL

--HG--
extra : rebase_source : 2add2510dbe16c641fe997a8349c1a36009bec20
2016-04-16 18:07:56 -04:00
Samriddhi Jain 40e1a53f35 Bug 1303682 - Add deprecation warning before removing 'referrer' directive from CSP. r=ckerschb 2016-09-28 20:17:18 +05:30
Thomas Wisniewski c190891418 Bug 1303121 - Do not fire one last progress event on XHR errors, to match a spec change. r=annevk
--HG--
extra : rebase_source : 9a59934cfe8fc7f2ee8ef7788813f97e2355ce2a
2016-09-28 13:05:32 -04:00
Kate McKinley c57d400961 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

MozReview-Commit-ID: ES1JruCtDdX

--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 11:27:00 -04:00
Xidorn Quan f196d451ef Bug 1304302 part 7 - Break cycle reference between SRIMetadata.h and SRICheck.h. r=smaug
MozReview-Commit-ID: 8UpAEXURuSg

--HG--
extra : source : 50604098e9e374611b02d82d765fa0b230d71373
2016-09-26 22:03:25 +10:00
Iris Hsiao 767e1e9b11 merge mozilla-inbound to mozilla-central a=merge 2016-09-26 18:34:20 +08:00
Kate McKinley 694c12c743 Bug 1242019 - Truncate data URIs in CSP log messages. r=ckerschb
MozReview-Commit-ID: DaiGESRI1rb

--HG--
extra : transplant_source : %EC%7B%3F%20O%3A%A7g%BAl%82%BC-Xg%23%84%E2%3C%EE
2016-09-12 14:30:43 -07:00
Kate McKinley ed0b5f06ee Bug 1271796 use raw bytes to calculate SRI hash r=francois
MozReview-Commit-ID: F62t5CnsYlJ

--HG--
extra : rebase_source : 9c2148ffe99a51db5541ec6d9961597b578157ae
2016-09-05 12:55:25 +02:00
Gabor Krizsanits 9f5afabda0 Bug 1294381 - Delayed process script for test_bug803225.html. r=mrbkap 2016-09-22 09:26:26 +02:00
Christoph Kerschbaumer f41283f981 Bug 1298680 - Use uint64_t consistently for windowID within CSP. r=freddyb 2016-09-19 12:57:20 +02:00
Christoph Kerschbaumer 9f2e941749 Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins 2016-09-19 10:18:55 +02:00
Frederik Braun fd99ac5cc2 Bug 1277248 - Add test to ensure that require-sri-for does not allow svg:scripts r=ckerschb
MozReview-Commit-ID: 1knIYZ93UeY

--HG--
extra : rebase_source : 4c1385382ecdddf80ec45d46d440b37bf4ad47c1
2016-09-13 11:05:37 +02:00
Tom Tung db38e2111a Bug 1187335 - P6 - Support script/css to set integrity metadata to serviceWorker. r=bkelly. r=francois. 2016-09-07 10:30:21 +08:00
Tom Tung 6f314fb375 Bug 1187335 - P3 - modify SRI test to match current behavior. r=bkelly, r=francois. 2016-05-30 12:26:56 +08:00
Tom Tung 78670a91d5 Bug 1187335 - P2 - Modify the way to report to console for worker and use LoadTainting to decide CORS or not. r=bkelly. r=francois. 2016-09-08 09:59:40 +08:00
Henry Chang 6ea7c1b598 Bug 1229639 - Part 2: Test case. r=ckerschb
MozReview-Commit-ID: GbofB6JoFil

--HG--
extra : rebase_source : dc4ac339817a052f687179988e28ec02764bd3e7
2016-09-06 18:30:12 +08:00
Henry Chang f9eeeb2620 Bug 1229639 - Part 1: Match CSP host source with percent-decoded URI. r=ckerschb
MozReview-Commit-ID: CSGeoSR2qw8

--HG--
extra : rebase_source : f64cb0b9cab61ec09faa29139f72d28272fbbedb
2016-09-06 18:29:26 +08:00
Tom Schuster 885c81fd09 Bug 1299267 - Test for wrong mime types. r=ckerschb 2016-09-05 20:02:52 +02:00
Nicholas Nethercote b71747b2ac Bug 1299727 - Rename NS_WARN_IF_FALSE as NS_WARNING_ASSERTION. r=erahm.
The new name makes the sense of the condition much clearer. E.g. compare:

  NS_WARN_IF_FALSE(!rv.Failed());

with:

  NS_WARNING_ASSERTION(!rv.Failed());

The new name also makes it clearer that it only has effect in debug builds,
because that's standard for assertions.

--HG--
extra : rebase_source : 886e57a9e433e0cb6ed635cc075b34b7ebf81853
2016-09-01 15:01:16 +10:00
Nicholas Nethercote 742fc7eb48 Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley.
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:

  nsAutoCString spec;
  uri->GetSpec(spec);
  printf("uri: %s", spec.get());

to be changed to this:

  printf("uri: %s", uri->GetSpecOrDefault().get());

This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.

I will fold this into part 1 before landing.

--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
2016-08-26 16:02:31 +10:00
Christoph Kerschbaumer a80531eeb1 Bug 1298505 - CSP: Update StripURIForReporting to rely on NS_SecurityCompareURIs. r=dveditz
--HG--
extra : rebase_source : b3cd4f3ebed2ee079d88c896aa08e2e99e5c20a5
2016-08-27 08:30:43 +02:00
Christoph Kerschbaumer 9489473322 Bug 1297051 - Test CSPRO should not block mixed content. r=dveditz 2016-08-24 09:24:20 +02:00
Christoph Kerschbaumer 653bf080a7 Bug 1297051 - CSPRO should not block mixed content. r=dveditz 2016-08-24 09:24:55 +02:00
Christoph Kerschbaumer 4261d2f1f7 Bug 1288361 - Test block script with wrong MIME type. r=dveditz 2016-08-22 08:56:32 +02:00
Christoph Kerschbaumer 19b246a586 Bug 1290560 - Update TestCSPParser to include 'sandbox', 'require-sri' and 'report-uri' with no valid srcs. r=dveditz 2016-08-19 18:45:04 +02:00
Christoph Kerschbaumer df1432e805 Bug 1290560 - Update CSPParser to handle 'sandbox', 'require-sri' and 'report-uri' with no valid srcs correctly. r=dveditz 2016-08-19 18:41:45 +02:00
Nicholas Nethercote ca40b738e4 Bug 1294620 - Use infallible XPIDL attribute getters more. r=erahm.
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.

The patch also removes a handful of redundant checks on infallible setters.

--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
2016-08-12 15:19:29 +10:00
Nicholas Nethercote 3b0485fcdb Bug 1294645 - Don't use NS_CALLBACK for callbacks in nsI{Input,Output,UnicharInput},Stream.idl. r=froydnj.
Slightly less than half (93 / 210) of the NS_METHOD instances in the codebase
are because of the use of NS_CALLBACK in
nsI{Input,Output,UnicharInput},Stream.idl. The use of __stdcall on Win32 isn't
important for these callbacks because they are only used as arguments to
[noscript] methods.

This patch converts them to vanilla |nsresult| functions. It increases the size
of xul.dll by about ~600 bytes, which is about 0.001%.

--HG--
extra : rebase_source : c15d85298e0975fd030cd8f8f8e54501f453959b
2016-08-12 17:36:22 +10:00
Michael Layzell 8e946df619 Bug 1293001 - Part 2: Change the BinaryName of nsIContentSecurityPolicy::getPolicy from GetPolicy (which overloaded another virtual method), to GetPolicyString, r=froydnj
MozReview-Commit-ID: 4XWRar3Uuw
2016-08-11 15:49:40 -04:00
Nicholas Nethercote e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00
Thomas Wisniewski 95d1c98761 Bug 918703 - Part 2: Correct progress event logic so events are sent in the correct order and with the correct values according to spec. r=baku
--HG--
extra : rebase_source : da5305fdfb1b28404199733f68cb65803a087e38
2016-08-05 23:47:40 -04:00
Gabor Krizsanits f6bc83a18a Bug 1285894 - Fixing test_bug803225.html for e10s-multi. r=mrbkap 2016-08-01 12:26:38 +02:00
Christoph Kerschbaumer 886e7cd571 Bug 1289085: CSP - Test referrer with no valid src. r=dveditz 2016-07-29 22:53:59 +02:00
Christoph Kerschbaumer ec59af86d9 Bug 1289085: CSP - Bail early if referrer directive has no valid src. r=dveditz 2016-07-31 07:57:22 +02:00
Thomas Wisniewski 6a1fb99d2b Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz 2016-07-30 00:24:56 -04:00
Iris Hsiao caea40742f Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures 2016-07-27 13:14:07 +08:00
Kate McKinley c6650db185 Bug 1246540 HSTS Priming Proof of Concept
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
Iris Hsiao a7c8429fc4 Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures 2016-07-27 11:15:52 +08:00
Kate McKinley 567ebcf321 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
Carsten "Tomcat" Book dcae5b0335 Merge mozilla-central to fx-team 2016-07-26 11:58:36 +02:00
Carsten "Tomcat" Book a3904e8a8a Merge mozilla-central to mozilla-inbound 2016-07-25 15:59:01 +02:00
Carsten "Tomcat" Book b9a6c687fa merge mozilla-inbound to mozilla-central a=merge 2016-07-25 15:50:41 +02:00
Franziskus Kiefer 249fa77287 Bug 1263793 - update SAN, r=mgoodwin,ulfr
MozReview-Commit-ID: HtMKl2gP1xi

--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book 0a5622c093 Backed out changeset 640247e978ba (bug 1246540) for bustage 2016-07-24 15:59:31 +02:00
Kate McKinley 547500d5a7 Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00