Andrea Marchesini
5784769019
Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug
2018-03-13 06:40:38 +01:00
Cristian Brindusan
aebd2b4f26
Bug 1391823 - Disable dom/security/test/mixedcontentblocker/test_frameNavigation.html for frequent failures. r=jmaher
2018-03-03 05:16:00 +02:00
Sebastian Hengst
118e03a936
merge mozilla-central to mozilla-inbound
2018-03-01 20:32:20 +02:00
Tiberius Oros
61d400da1c
Merge inbound to mozilla-central. a=merge
2018-03-01 19:29:00 +02:00
Georg Koppen
f58841a715
Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE
2018-03-01 10:13:22 +01:00
Georg Koppen
dd4fb3ba9f
Bug 1382359: Treat .onion as a secure context
...
Websites which collect passwords but don't use HTTPS start showing scary
warnings from Firefox 51 onwards and mixed context blocking has been
available even longer.
.onion sites without HTTPS support are affected as well, although their
traffic is encrypted and authenticated. This patch addresses this
shortcoming by making sure .onion sites are treated as potentially
trustworthy origins.
The secure context specification
(https://w3c.github.io/webappsec-secure-contexts/ ) is pretty much focused
on tying security and trustworthiness to the protocol over which domains
are accessed. However, it is not obvious why .onion sites should not be
treated as potentially trustworthy given:
"A potentially trustworthy origin is one which a user agent can
generally trust as delivering data securely.
This algorithms [sic] considers certain hosts, scheme, and origins as
potentially trustworthy, even though they might not be authenticated and
encrypted in the traditional sense."
(https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy )
We use step 8 in the algorithm to establish trustworthiness of .onion
sites by whitelisting them given the encrypted and authenticated nature
of their traffic.
2018-03-01 09:44:30 +01:00
Adam Kasztenny
fc42b2fa73
Bug 1355166 - Remove remote newtab's dead code. r=ursula
2018-02-28 16:44:00 +02:00
Nicolas Chevobbe
8ea55ce28a
Bug 1382606 - Switch webconsole to new event-emitter; r=Honza.
...
MozReview-Commit-ID: HBogPeOI7WM
--HG--
extra : rebase_source : 4ad1fb922ffc818d175ae3c09820ce31ba416487
2018-02-23 09:10:36 +01:00
Florian Quèze
c714053d73
Bug 1433175 - scripted patch to replace Components.classes[, Components.interfaces.nsI, Components.utils. and Components.results. with Cc, Ci, Cu and Cr, r=Mossop.
2018-02-28 18:51:33 +01:00
Valentin Gosu
84b854ce2c
Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer
...
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.
MozReview-Commit-ID: 3cK5HeyzjFE
--HG--
extra : rebase_source : f34400c11245d88648b0ae9c196637628afa9517
2018-02-26 20:43:46 +01:00
Christoph Kerschbaumer
e8f5150467
Bug 1439444: resource and chrome images and styles should not be subject to CSP. r=gijs
2018-03-01 13:45:04 +01:00
Jonathan Kingston
eab7568bd9
Bug 1441794
- Add deprecation warning to passive OBJECT_SUBREQUEST loads. r=ckerschb
...
MozReview-Commit-ID: 3j2t5FDZFmp
--HG--
extra : rebase_source : f18623e42ba4fd54335d26536e4d40deab15c584
2018-02-28 13:56:35 +00:00
Gurzau Raul
2a77281049
Merge mozilla-central to autoland. a=merge CLOSED TREE
2018-02-21 19:30:44 +02:00
Christoph Kerschbaumer
a6c1ffb498
Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer
2018-02-18 19:52:52 +01:00
Jonathan Kingston
8afc412494
Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer
...
MozReview-Commit-ID: ETIgVF3zhRu
--HG--
extra : rebase_source : e4c59f50584158f4b31527347b10424b56692fa1
2018-02-05 15:37:27 +00:00
Christoph Kerschbaumer
1407489a4b
Bug 1432358: Make resource URIs subject to CSP. r=gijs
...
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
extra : intermediate-source : 91c948c94506089d6f40dc59d13c75ab78ce914d
2018-01-25 14:20:31 +01:00
Sebastian Hengst
a6cab8c4e8
Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js
...
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer
6575d66c41
Bug 1432358: Make resource URIs subject to CSP. r=gijs
...
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
2018-01-25 14:20:31 +01:00
Andrew McCreight
b7bb86d0d4
Bug 1436184
- Remove definitions of Ci, Cr, Cc, and Cu from httpd.js and .sjs files. r=florian
...
MozReview-Commit-ID: IKKb9zr2OSf
--HG--
extra : rebase_source : 72d949405c18e6d421422e7865182352eee0c407
2018-02-06 15:03:13 -08:00
Andrew McCreight
5dec0e0beb
Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian
...
This patch was autogenerated by my decomponents.py
It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.
It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.
It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)
MozReview-Commit-ID: DeSHcClQ7cG
--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b
2018-02-06 09:36:57 -08:00
Florian Quèze
2b1c8dccb6
Bug 1339461 - script-generated patch to convert foo.indexOf(...) == -1 to foo.includes(), r=Mossop.
2018-02-01 20:45:22 +01:00
Kris Maglione
918ed6c474
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
extra : intermediate-source : 34c999fa006bffe8705cf50c54708aa21a962e62
extra : histedit_source : b2be2c5e5d226e6c347312456a6ae339c1e634b0
2018-01-29 15:20:18 -08:00
Boris Zbarsky
7c392f077e
Bug 1418085 part 6. Remove nsIDOMHTMLElement. r=mystor
...
MozReview-Commit-ID: 5QUyFeAQYZQ
2018-01-30 00:25:36 -05:00
Boris Zbarsky
9da3878bc9
Bug 1418076 part 11. Eliminate the nsIDOMHTMLDocument interface. r=mystor
...
MozReview-Commit-ID: 4lEcUeenbg3
2018-01-26 01:03:25 -05:00
Cosmin Sabou
9a65a40178
Backed out 3 changesets (bug 1431533
) for Android mochitest failures on testEventDispatcher on a CLOSED TREE
...
Backed out changeset a1eca62826a1 (bug 1431533
)
Backed out changeset 34c999fa006b (bug 1431533
)
Backed out changeset e2674287e57f (bug 1431533
)
2018-01-30 07:17:48 +02:00
Boris Zbarsky
e565b1fe1b
Bug 1432944 part 11. Remove nsIDOMElement::GetAttribute. r=mccr8
...
MozReview-Commit-ID: 2f1vFvRdCPG
2018-01-29 23:28:00 -05:00
Boris Zbarsky
f60fd673d6
Bug 1432186 part 19. Remove the nsIDOMNode::*_NODE constants. r=mccr8
...
MozReview-Commit-ID: KvKjeKIOB9K
2018-01-29 23:10:53 -05:00
Kris Maglione
6476f95b13
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
2018-01-29 15:20:18 -08:00
Brindusan Cristian
af8879d1eb
Backed out 2 changesets (bug 1431533
) for ESlint failures on a CLOSED TREE
...
Backed out changeset 6e56f4c8843e (bug 1431533
)
Backed out changeset 12fc4dee861c (bug 1431533
)
2018-01-30 02:32:43 +02:00
Kris Maglione
c276bb9375
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : rebase_source : c004a023389f1f6bf3d2f3efe93c13d423b23ccd
2018-01-29 15:20:18 -08:00
vinoth
7b23ba9165
Bug 1397740 - Removed security.xcto_nosniff_block_images from about:config r=ckerschb,fkiefer
...
MozReview-Commit-ID: HTalMWq694W
--HG--
extra : rebase_source : 0ce03ae0ed6bb754791f7aadb52bc6c55aa6c7cd
2018-01-05 10:43:17 +01:00
vinoth
9d7a2186b4
Bug 1370468 - frame-ancestor tests added for userpass r=ckerschb,fkiefer
...
MozReview-Commit-ID: 4wW24JnxaKh
--HG--
extra : rebase_source : b926ea06208c1fbd91fe1a9fdee100f8cb21e8d1
2017-08-30 15:58:20 +02:00
Andrea Marchesini
c6da271117
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
...
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
2018-01-24 17:17:31 +01:00
Kris Maglione
aec63e140c
Backed out 3 changesets (bug 1431533
) for Android mochitest bustage. CLOSED TREE
...
MozReview-Commit-ID: 5ubE9EMQpZ9
--HG--
extra : histedit_source : df68d7595925c07d9d6e8bacc2c46e69556f479a%2C72b768b9825e20ede6603ead75f871c50dc041f7
2018-01-24 22:04:59 -08:00
Kris Maglione
30b3a49bfd
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
MozReview-Commit-ID: 8V1ZT53ReiP
--HG--
extra : rebase_source : 12b5f8c3e125111db7382eb3d7d20a99fb2c35b3
extra : absorb_source : e99fa7f6eee02e7e6cadeb898c7fcf6dac9c902a
extra : histedit_source : d0dfc31fadc2b81d341c9d0cd1efec02923c003b
2018-01-24 15:48:47 -08:00
Brindusan Cristian
368c3d5b6b
Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE
...
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
2018-01-24 20:47:48 +02:00
Andrea Marchesini
6480b95ba3
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
2018-01-24 17:17:31 +01:00
Christoph Kerschbaumer
16dba8baf1
Bug 1432137 - Add test to verify insecure redirects to data: URIs are blocked for script modules. r=jonco
2018-01-23 14:04:21 +01:00
Christoph Kerschbaumer
d8e2caf90a
Bug 1428793: Test block insecure redirects to data: URIs. r=smaug
2018-01-23 09:58:06 +01:00
Christoph Kerschbaumer
47e37d6df2
Bug 1428793: Block insecure redirects to data: URIs. r=smaug
2018-01-23 09:57:47 +01:00
Chung-Sheng Fu
0319902c5b
Bug 1418243 - Fix mochitest failures due to violationDirective change. r=ckerschb
...
MozReview-Commit-ID: AphtAxYo6Hr
--HG--
extra : rebase_source : 24cd7773cb1f3583c524d142908f859ff5e88e8a
2018-01-16 23:00:00 +02:00
Chung-Sheng Fu
d1124b72c7
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
2018-01-16 22:59:00 +02:00
Andrea Marchesini
a1765c1a3c
Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, r=ckerschb
2018-01-16 15:03:02 +01:00
Andreea Pavel
77efdcf21a
Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge
...
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
2018-01-16 13:02:32 +02:00
Chung-Sheng Fu
eaddf31393
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
2018-01-15 23:30:00 +02:00
Chris Peterson
37efe4d0e6
Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj
...
MozReview-Commit-ID: DCPTnyBooIe
--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
2017-11-05 19:37:28 -08:00
Honza Bambas
c3f3b8d161
Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz
2018-01-11 10:57:00 +02:00
Gijs Kruitbosch
9d094a2464
Bug 1427302 - Stop supporting type=content-* on XUL <browser>s, r=bz
...
Was: Backed out changeset 83fbff91e9d2 (bug 1328605).
MozReview-Commit-ID: 2itUgw8Ogkl
--HG--
extra : rebase_source : bad855f0292b28eb61b1549a1d96914a792c0fb6
2018-01-10 19:37:29 +00:00
Kate McKinley
e97980a95e
Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb
...
This patch removes support and tests for HSTS priming from the tree.
2018-01-10 11:07:00 -05:00
Ryan VanderMeulen
41dae4c2d2
Bug 1425968 - Skip HSTS browser-chrome tests because the feature is being removed and they depend on an expiring Telemetry probe. r=kmckinley
2018-01-03 16:46:35 -05:00