mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
585 474 коммитов 613 Ветки 98 Теги 5,9 GiB
Граф коммитов

769 Коммитов

Автор SHA1 Сообщение Дата
Andrea Marchesini 5784769019 Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug 2018-03-13 06:40:38 +01:00
Cristian Brindusan aebd2b4f26 Bug 1391823 - Disable dom/security/test/mixedcontentblocker/test_frameNavigation.html for frequent failures. r=jmaher 2018-03-03 05:16:00 +02:00
Sebastian Hengst 118e03a936 merge mozilla-central to mozilla-inbound 2018-03-01 20:32:20 +02:00
Tiberius Oros 61d400da1c Merge inbound to mozilla-central. a=merge 2018-03-01 19:29:00 +02:00
Georg Koppen f58841a715 Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE 2018-03-01 10:13:22 +01:00
Georg Koppen dd4fb3ba9f Bug 1382359: Treat .onion as a secure context 
Websites which collect passwords but don't use HTTPS start showing scary
warnings from Firefox 51 onwards and mixed context blocking has been
available even longer.

.onion sites without HTTPS support are affected as well, although their
traffic is encrypted and authenticated. This patch addresses this
shortcoming by making sure .onion sites are treated as potentially
trustworthy origins.

The secure context specification
(https://w3c.github.io/webappsec-secure-contexts/) is pretty much focused
on tying security and trustworthiness to the protocol over which domains
are accessed. However, it is not obvious why .onion sites should not be
treated as potentially trustworthy given:

"A potentially trustworthy origin is one which a user agent can
generally trust as delivering data securely.

This algorithms [sic] considers certain hosts, scheme, and origins as
potentially trustworthy, even though they might not be authenticated and
encrypted in the traditional sense."
(https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy)

We use step 8 in the algorithm to establish trustworthiness of .onion
sites by whitelisting them given the encrypted and authenticated nature
of their traffic.
 2018-03-01 09:44:30 +01:00
Adam Kasztenny fc42b2fa73 Bug 1355166 - Remove remote newtab's dead code. r=ursula 2018-02-28 16:44:00 +02:00
Nicolas Chevobbe 8ea55ce28a Bug 1382606 - Switch webconsole to new event-emitter; r=Honza. 
MozReview-Commit-ID: HBogPeOI7WM

--HG--
extra : rebase_source : 4ad1fb922ffc818d175ae3c09820ce31ba416487
 2018-02-23 09:10:36 +01:00
Florian Quèze c714053d73 Bug 1433175 - scripted patch to replace Components.classes[, Components.interfaces.nsI, Components.utils. and Components.results. with Cc, Ci, Cu and Cr, r=Mossop. 2018-02-28 18:51:33 +01:00
Valentin Gosu 84b854ce2c Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer 
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.

MozReview-Commit-ID: 3cK5HeyzjFE

--HG--
extra : rebase_source : f34400c11245d88648b0ae9c196637628afa9517
 2018-02-26 20:43:46 +01:00
Christoph Kerschbaumer e8f5150467 Bug 1439444: resource and chrome images and styles should not be subject to CSP. r=gijs 2018-03-01 13:45:04 +01:00
Jonathan Kingston eab7568bd9 Bug 1441794 - Add deprecation warning to passive OBJECT_SUBREQUEST loads. r=ckerschb 
MozReview-Commit-ID: 3j2t5FDZFmp

--HG--
extra : rebase_source : f18623e42ba4fd54335d26536e4d40deab15c584
 2018-02-28 13:56:35 +00:00
Gurzau Raul 2a77281049 Merge mozilla-central to autoland. a=merge CLOSED TREE 2018-02-21 19:30:44 +02:00
Christoph Kerschbaumer a6c1ffb498 Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer 2018-02-18 19:52:52 +01:00
Jonathan Kingston 8afc412494 Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer 
MozReview-Commit-ID: ETIgVF3zhRu

--HG--
extra : rebase_source : e4c59f50584158f4b31527347b10424b56692fa1
 2018-02-05 15:37:27 +00:00
Christoph Kerschbaumer 1407489a4b Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
extra : intermediate-source : 91c948c94506089d6f40dc59d13c75ab78ce914d
 2018-01-25 14:20:31 +01:00
Sebastian Hengst a6cab8c4e8 Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js 
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
 2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer 6575d66c41 Bug 1432358: Make resource URIs subject to CSP. r=gijs 
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
 2018-01-25 14:20:31 +01:00
Andrew McCreight b7bb86d0d4 Bug 1436184 - Remove definitions of Ci, Cr, Cc, and Cu from httpd.js and .sjs files. r=florian 
MozReview-Commit-ID: IKKb9zr2OSf

--HG--
extra : rebase_source : 72d949405c18e6d421422e7865182352eee0c407
 2018-02-06 15:03:13 -08:00
Andrew McCreight 5dec0e0beb Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian 
This patch was autogenerated by my decomponents.py

It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.

It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.

It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)

MozReview-Commit-ID: DeSHcClQ7cG

--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b
 2018-02-06 09:36:57 -08:00
Florian Quèze 2b1c8dccb6 Bug 1339461 - script-generated patch to convert foo.indexOf(...) == -1 to foo.includes(), r=Mossop. 2018-02-01 20:45:22 +01:00
Kris Maglione 918ed6c474 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
extra : intermediate-source : 34c999fa006bffe8705cf50c54708aa21a962e62
extra : histedit_source : b2be2c5e5d226e6c347312456a6ae339c1e634b0
 2018-01-29 15:20:18 -08:00
Boris Zbarsky 7c392f077e Bug 1418085 part 6. Remove nsIDOMHTMLElement. r=mystor 
MozReview-Commit-ID: 5QUyFeAQYZQ
 2018-01-30 00:25:36 -05:00
Boris Zbarsky 9da3878bc9 Bug 1418076 part 11. Eliminate the nsIDOMHTMLDocument interface. r=mystor 
MozReview-Commit-ID: 4lEcUeenbg3
 2018-01-26 01:03:25 -05:00
Cosmin Sabou 9a65a40178 Backed out 3 changesets (bug 1431533) for Android mochitest failures on testEventDispatcher on a CLOSED TREE 
Backed out changeset a1eca62826a1 (bug 1431533)
Backed out changeset 34c999fa006b (bug 1431533)
Backed out changeset e2674287e57f (bug 1431533)
 2018-01-30 07:17:48 +02:00
Boris Zbarsky e565b1fe1b Bug 1432944 part 11. Remove nsIDOMElement::GetAttribute. r=mccr8 
MozReview-Commit-ID: 2f1vFvRdCPG
 2018-01-29 23:28:00 -05:00
Boris Zbarsky f60fd673d6 Bug 1432186 part 19. Remove the nsIDOMNode::*_NODE constants. r=mccr8 
MozReview-Commit-ID: KvKjeKIOB9K
 2018-01-29 23:10:53 -05:00
Kris Maglione 6476f95b13 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
 2018-01-29 15:20:18 -08:00
Brindusan Cristian af8879d1eb Backed out 2 changesets (bug 1431533) for ESlint failures on a CLOSED TREE 
Backed out changeset 6e56f4c8843e (bug 1431533)
Backed out changeset 12fc4dee861c (bug 1431533)
 2018-01-30 02:32:43 +02:00
Kris Maglione c276bb9375 Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm

MozReview-Commit-ID: 1Nc3XDu0wGl

--HG--
extra : rebase_source : c004a023389f1f6bf3d2f3efe93c13d423b23ccd
 2018-01-29 15:20:18 -08:00
vinoth 7b23ba9165 Bug 1397740 - Removed security.xcto_nosniff_block_images from about:config r=ckerschb,fkiefer 
MozReview-Commit-ID: HTalMWq694W

--HG--
extra : rebase_source : 0ce03ae0ed6bb754791f7aadb52bc6c55aa6c7cd
 2018-01-05 10:43:17 +01:00
vinoth 9d7a2186b4 Bug 1370468 - frame-ancestor tests added for userpass r=ckerschb,fkiefer 
MozReview-Commit-ID: 4wW24JnxaKh

--HG--
extra : rebase_source : b926ea06208c1fbd91fe1a9fdee100f8cb21e8d1
 2017-08-30 15:58:20 +02:00
Andrea Marchesini c6da271117 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug 
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
 2018-01-24 17:17:31 +01:00
Kris Maglione aec63e140c Backed out 3 changesets (bug 1431533) for Android mochitest bustage. CLOSED TREE 
MozReview-Commit-ID: 5ubE9EMQpZ9

--HG--
extra : histedit_source : df68d7595925c07d9d6e8bacc2c46e69556f479a%2C72b768b9825e20ede6603ead75f871c50dc041f7
 2018-01-24 22:04:59 -08:00
Kris Maglione 30b3a49bfd Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian 
MozReview-Commit-ID: 8V1ZT53ReiP

--HG--
extra : rebase_source : 12b5f8c3e125111db7382eb3d7d20a99fb2c35b3
extra : absorb_source : e99fa7f6eee02e7e6cadeb898c7fcf6dac9c902a
extra : histedit_source : d0dfc31fadc2b81d341c9d0cd1efec02923c003b
 2018-01-24 15:48:47 -08:00
Brindusan Cristian 368c3d5b6b Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE 
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
 2018-01-24 20:47:48 +02:00
Andrea Marchesini 6480b95ba3 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug 2018-01-24 17:17:31 +01:00
Christoph Kerschbaumer 16dba8baf1 Bug 1432137 - Add test to verify insecure redirects to data: URIs are blocked for script modules. r=jonco 2018-01-23 14:04:21 +01:00
Christoph Kerschbaumer d8e2caf90a Bug 1428793: Test block insecure redirects to data: URIs. r=smaug 2018-01-23 09:58:06 +01:00
Christoph Kerschbaumer 47e37d6df2 Bug 1428793: Block insecure redirects to data: URIs. r=smaug 2018-01-23 09:57:47 +01:00
Chung-Sheng Fu 0319902c5b Bug 1418243 - Fix mochitest failures due to violationDirective change. r=ckerschb 
MozReview-Commit-ID: AphtAxYo6Hr

--HG--
extra : rebase_source : 24cd7773cb1f3583c524d142908f859ff5e88e8a
 2018-01-16 23:00:00 +02:00
Chung-Sheng Fu d1124b72c7 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL

--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
 2018-01-16 22:59:00 +02:00
Andrea Marchesini a1765c1a3c Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, r=ckerschb 2018-01-16 15:03:02 +01:00
Andreea Pavel 77efdcf21a Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge 
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
 2018-01-16 13:02:32 +02:00
Chung-Sheng Fu eaddf31393 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb 
MozReview-Commit-ID: 8DQ7CI5exUL
 2018-01-15 23:30:00 +02:00
Chris Peterson 37efe4d0e6 Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj 
MozReview-Commit-ID: DCPTnyBooIe

--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
 2017-11-05 19:37:28 -08:00
Honza Bambas c3f3b8d161 Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz 2018-01-11 10:57:00 +02:00
Gijs Kruitbosch 9d094a2464 Bug 1427302 - Stop supporting type=content-* on XUL <browser>s, r=bz 
Was: Backed out changeset 83fbff91e9d2 (bug 1328605).

MozReview-Commit-ID: 2itUgw8Ogkl

--HG--
extra : rebase_source : bad855f0292b28eb61b1549a1d96914a792c0fb6
 2018-01-10 19:37:29 +00:00
Kate McKinley e97980a95e Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb 
This patch removes support and tests for HSTS priming from the tree.
 2018-01-10 11:07:00 -05:00
Ryan VanderMeulen 41dae4c2d2 Bug 1425968 - Skip HSTS browser-chrome tests because the feature is being removed and they depend on an expiring Telemetry probe. r=kmckinley 2018-01-03 16:46:35 -05:00