We need a helper function for checking principal if it's in the foreign
allow list.
In this patch we will add a BasePrincipal::IsURIInList() because this is
needed for RejectForeignAllowList::Check().
Differential Revision: https://phabricator.services.mozilla.com/D123804
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
For every cookie permission check CookieJarSettings::CookiePermission has to create a new principal.
This is slow. It uses a cloned principal so it can strip the origin attributes which should not be
used for the permission check.
With this patch we no longer need to clone the principal. We pass in the original principal and perform
the OA stripping on an OA copy in BasePrincipal::EqualsForPermission.
Before, EqualsForPermission was guaranteed to get a content principal, because ClonePrincipalForPermission
enforced it. BasePrincipal::EqualsForPermission was refactored to account for non content principals.
Differential Revision: https://phabricator.services.mozilla.com/D120834
These test various ways of loading documents which will end up with null
principals, and verify that they are loaded with the expected precursor URI.
Depends on D119693
Differential Revision: https://phabricator.services.mozilla.com/D119694
This change stores a generated nsID directly on the LoadInfo, rather
than the full SandboxedLoadingPrincipal. This allows for the sandboxed
principal to be constructed from GetChannelResultPrincipal using the
unsandboxed result principal as a precursor, rather than the loading
principal.
The nsID is reset by HttpChannelBase whenever a non-internal redirect
occurs to reduce the chance of multiple null result principals during a
redirect with the same nsID, but different precursors.
Depends on D119692
Differential Revision: https://phabricator.services.mozilla.com/D119693
This provides a getter which can be used to interact with the precursor
attribute of the null principal.
Depends on D119691
Differential Revision: https://phabricator.services.mozilla.com/D119692
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given
a content principal by CreateContentPrincipal. This patch changes the
algorithm for creating result principals for network requests such that
the null principal created in this situation has a precursor principal
tracked on it.
Depends on D119689
Differential Revision: https://phabricator.services.mozilla.com/D119690
This method will be the primary way to track the precursor for a null
principal, and will automatically handle tracking precursors in some common
cases.
While sandboxed principals are created with `CreateWithInheritedAttributes`,
they unfortunately currently use the wrong precursor principal, which will be
fixed in a later part.
Depends on D119688
Differential Revision: https://phabricator.services.mozilla.com/D119689
This patch only adds the machinery for tracking a precursor origin to the
principal, and does not actually track the precursor origin in any situations.
That is done in follow-up patches.
Differential Revision: https://phabricator.services.mozilla.com/D119688
This is slightly complicated by the fact that the editor code wants to be able
to set this from the content process, so we really need separate
BrowsingContext and WindowContext flags, the latter of which can be set by the
owning process.
Differential Revision: https://phabricator.services.mozilla.com/D114899
This is a step towards separating the mutable state on principals from const
state which can be made threadsafe. The remaining mutable fields will either
need to be moved off of nsIPrincipal or made threadsafe to destroy (e.g. using
nsMainThreadPtrHandle) and stored behind a mutex.
Serialization is handled for most types using a separate Deserializer class,
like how it was handled with `nsIURI` mutators. SystemPrincipal wasn't changed
as the `Read` method is a no-op for that class.
Differential Revision: https://phabricator.services.mozilla.com/D115092
This is necessary to remove the Init methods from principals, allowing
immutable fields to be marked as const and clearly separated from mutable
fields to improve threadsafety.
Differential Revision: https://phabricator.services.mozilla.com/D115091
This patch implements support for the manifest V3 matches property
which limits what hosts may load an extensions web_accessible_resources.
Differential Revision: https://phabricator.services.mozilla.com/D107746
Removes NPAPI plugin features from tests outside of dom/plugins. Some tests are updated to avoid NPAPI behavior and others are deleted if they no longer offer anthing useful.
Differential Revision: https://phabricator.services.mozilla.com/D107134
Removes NPAPI plugin features from tests outside of dom/plugins. Some tests are updated to avoid NPAPI behavior and others are deleted if they no longer offer anthing useful.
Differential Revision: https://phabricator.services.mozilla.com/D107134
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
Implement manifest v3 CSP that is compatible with the current chrome implementation.
Support for content_security_policy.isolated_world (a.k.a. content_security_policy.content_scripts)
has been removed for consistency with
345390adf6%5E%21/
Differential Revision: https://phabricator.services.mozilla.com/D100573
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.
Differential Revision: https://phabricator.services.mozilla.com/D98750
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.
Differential Revision: https://phabricator.services.mozilla.com/D98750
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
We want to partition the CORS preflight cache by the network state
partitioning. So, we have done two things in the patch. First, we make
the CORS preflight cache to be aware of the OriginAttributes. Second, we
use the originAttributes of the network state partitioning in the CORS
preflight cache. As the result, the CORS preflight cache will be
partitioned by the originAttributes.partitionKey as well as other
originAttributes fields if present.
Differential Revision: https://phabricator.services.mozilla.com/D93683
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
In many cases with wpt, most of the tests in the file pass, but it is rather time consuming to annotate
.ini files case by case.
Differential Revision: https://phabricator.services.mozilla.com/D91977