This patch begins re-implements ReadableStreams using WebIDL and DOM technology (vs the existing JS streams implementation). Some more background is [here](https://docs.google.com/document/d/1MWRkF32KV60ngOY-Ip4PnKbCMvl6VK_Y9QLED8MJJxg/edit#)
This is guarded under a configure flag `--enable-dom-streams`
1. ByteStreams and ReadableStream.tee will come in future patches.
2. I intentionally crash in other parts of the DOM that require streams (Fetch, Response, Blob), until the integration work is done in future patches.
My current plan for that integration doesn't involve re-creating the alternative 'external streams' API from SpiderMonkey's implementation, but I have yet to do enough development to verify that will work.
Differential Revision: https://phabricator.services.mozilla.com/D122643
dom/console/Console.cpp:2899:10: error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
dom/console/Console.cpp:2955:10: error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
dom/fetch/FetchDriver.cpp:252:10: error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return NS_OK;
^~~~~
Differential Revision: https://phabricator.services.mozilla.com/D126870
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.
Differential Revision: https://phabricator.services.mozilla.com/D124965
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts. The document certainly has no authority
to block those from loading. (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)
Differential Revision: https://phabricator.services.mozilla.com/D111695
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts. The document certainly has no authority
to block those from loading. (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)
Differential Revision: https://phabricator.services.mozilla.com/D111695
The goal of this series of patches is to address the cases where sites
don't use standard form submission events.
The basic idea is inferring a form is submitted when the form is removed
from the DOM tree, but with one premise:
There must be a successful fetch or XHR request sent in the document before the
form is removed.
This is because websites usually send the credentials with a fetch or an
XHR. After the request succeeds, the website removes the form.
In summary, this patch does the following:
1. Add NotifyFetchOrXHRSuccess API in Document. The API sends a
"DOMDocFetchSuccess" event to who registers the event listener.
2. When a fetch request or a XMLHttpReuqest completes and succeeds,
call NotifyFetchOrXHRSuccess().
3. LoginMangerChild listen to `DOMDocFetchSuccess` event only when there
is an user interaction on the password field.
Differential Revision: https://phabricator.services.mozilla.com/D106024
This is a partial revert of:
https://phabricator.services.mozilla.com/D80905
The regressing patch does 2 things:
- Add an origin header-implementation that fills in current blank spots, and implements global redirect tainting.
- Remove the fetchdriver origin header implementation -> which would trigger the new one to take place for those cases.
The patch did block-list moz-extension://, so we would get null-origin for extensions.
My proposal is to just revert the removal of the fetch driver changes for now.
Pro:
- the extensions get their expected origin,
- we keep filling in blank spots
- we will be handling redirects correctly even for fetch-driver set origin headers[[ https://bugzilla.mozilla.org/show_bug.cgi?id=1535795 | which was a problem before ]]
- it's a way smaller changeset than removing the whole patch.
Cons:
- we have one more place for now where the header is set :(
Differential Revision: https://phabricator.services.mozilla.com/D104668
Matthew Gaudet
Andreas Pehrson
Mike Hommey
Marian-Vasile Laza
Yury Delendik
Cristian Tuns
Byron Campen
Andi-Bogdan Postelnicu
Kagami Sascha Rosylight
Gijs Kruitbosch
Eden Chuang
Mats Palmgren
Butkovits Atila
Sebastian Hengst
Noemi Erli
Tim Huang
Tom Schuster
Jeff Walden
Dimi Lee
Sebastian Streich
Simon Giesecke
Alexandru Michis
smolnar
Kershaw Chang
Forrest
Emilio Cobos Álvarez
Masatoshi Kimura