The logic for choosing the principal here was originally written before
loadInfo had a separate principalToInherit field, and we needed to specify it
via the triggeringPrincipal instead. At that point, we had to choose a
component principal with permission to load the URI at the start of the
request.
However, now that we have a separate field for the principal to inherit, it's
only needed after access checks have passed and we know that we have a URI
which inherits a principal. In that case, the current logic causes us to
always inherit the first principal in the whitelist (which is the page
principal) for URIs (such as data: URIs) that always inherit, where we really
want to inherit the last (which is the extension principal).
MozReview-Commit-ID: EPoUNuOCwrH
--HG--
extra : rebase_source : 535083e3dd4598ac4e8ea187d27d61ac2ac48476
This also changes URIUtils.cpp:DeserializeURI() to use the mutator to instantiate new URIs, instead of using their default constructor.
MozReview-Commit-ID: JQOvIquuQAP
--HG--
extra : rebase_source : e146624c5ae423f7f69a738aaaafaa55dd0940d9
This class isn't being used right now, and MozURL is a much better alternative if interaction with rust URLs is required.
MozReview-Commit-ID: ADdYRrrTnr6
--HG--
extra : rebase_source : b36aa26c20e7daaadab1f3360bab0ed4681eb7f8
There are several ways that expanded principals can be used as triggering
principals for requests. While that works fine for security checks, it also
sometimes causes them to be inherited, and used as result principals in
contexts where expanded principals aren't allowed.
This patch changes our inheritance behavior so that expanded principals are
downgraded to the most appropriate constituent principal when they would
otherwise be inherited.
The logic for choosing the most appropriate principal is a bit suspect, and
may eventually need to be changed to always select the last whitelist
principal, but I chose it to preserve the current principal downgrade behavior
used by XMLHttpRequest for the time being.
MozReview-Commit-ID: 9fvAKr2e2fa
--HG--
extra : rebase_source : c30df1b3851c11fed5a1d6a7fb158cec14933182
This makes the code nicer. In particular, it removes many getter_Copies()
calls. The patch also converts a lot of nsCStrings to nsAutoCString, which will
avoid heap allocation in the common case.
The patch also renames PREF_CopyCharPref() as PREF_GetCStringPref(), because
it's actually getting a string, not a char, and that matches the existing
GetCString() and GetDefaultCString() methods. Correspondingly, it also renames
PREF_SetCharPref() as PREF_SetCStringPref().
The |aPrefName| arguments in nsIPrefBranch.idl remain as |string| because they
almost always involve passing in C string literals, and passing "foo" is much
nicer than passing NS_LITERAL_CSTRING("foo").
It's worth noting that early versions of this patch used |AUTF8String| instead
of |ACString|. But it turns out that libpref stores prefs internally as Latin1.
And |ACString| is compatible with Latin1 but |AUTF8String| isn't, because
non-ASCII Latin1 strings are not valid UTF-8!
MozReview-Commit-ID: D3f7a1Vl1oE
--HG--
extra : rebase_source : e6e4b15d6d210cfd93686f96400281f02bd1d06b
Right now, NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR expects singleton
constructors to return already-addrefed raw pointers, and while it accepts
constructors that return already_AddRefed, most existing don't do so.
Meanwhile, the convention elsewhere is that a raw pointer return value is
owned by the callee, and that the caller needs to addref it if it wants to
keep its own reference to it.
The difference in convention makes it easy to leak (I've definitely caused
more than one shutdown leak this way), so it would be better if we required
the singleton getters to return an explicit already_AddRefed, which would
behave the same for all callers.
This also cleans up several singleton constructors that left a dangling
pointer to their singletons when their initialization methods failed, when
they released their references without clearing their global raw pointers.
MozReview-Commit-ID: 9peyG4pRYcr
--HG--
extra : rebase_source : 2f5bd89c17cb554541be38444672a827c1392f3f
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.
--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
Conceivably, we could allow a few more prefetches than this would (based
on the headers in the original request matching up to a header listed in
the Vary response header), but this is safer in case (for example)
future requests of this resource end up sending a cookie that wasn't set
on the original request. In practice, the difference is likely to be
small enough that this broader stroke won't make a huge impact on the
number of things we do or don't prefetch.
MozReview-Commit-ID: GhD9mZR6aOX
--HG--
extra : rebase_source : 13a2edb99485c73db902d2ec8b0f2b5b1d437abe
This patch enables support for setting prefs with the pattern
permissions.default.* to provide a custom default permission
for arbitrary permission types in nsPermissionManager.
The previous default of UNKNOWN_ACTION is honored if no pref is set.
A default value is provided if no permission entry can be found in the db.
Accordingly, the patch does not affect the behavior of functions
that return permission objects from the db such as GetPermissionObject,
which returns null if no entry was found.
MozReview-Commit-ID: 3JECI6kXqGf
--HG--
extra : rebase_source : 9fbcfc740a85c02cf4245956e69ae13c8f90b5ab
After data delivery for a request has been retargeted, there's no reliable way
to get the appropriate event target to re-dispatch data events after
asynchronous processing.
While it's technically possible to retrieve the current thread from
OnDataAvailable callbacks and re-use that for later dispatch, that approach
has some issues:
1) It's not currently possible to reliably map the current thread to the
thread pool that owns it. That means that if data delivery is being targetted
to a thread pool, attempts to redispatch events to the previous delivery
thread might lead to long delays when one thread in a pool is blocked.
2) If a filter wishes to dispatch data events to the wrapped listeners before
it's recieved any data (as extensions StreamFilters sometimes do), there's no
way to determine the proper event target without waiting for initial data to
be received.
Simply returning the correct event target from the request solves both of
these problems.
MozReview-Commit-ID: CJxq7O4399R
--HG--
extra : rebase_source : db2f659ecad16daafdbcc108d7b1a51ea1af31f9
Since we check both blacklist and whitelist for tracking annotation now, it makes sense to also adopt this behavior for tracking protection. So, when TP is enabled, the channel will be canceled before calling ContinueBeginConnectWithResult().
Also adds the necessary methods to rust-url-capi and fixes a bug in rusturl_set_username
MozReview-Commit-ID: 9rsPIQAbWBJ
--HG--
extra : rebase_source : a1dee0b0e26a5c816f47a7c7c779c2454f87f51f
Also adds the necessary methods to rust-url-capi and fixes a bug in rusturl_set_username
MozReview-Commit-ID: 9rsPIQAbWBJ
--HG--
extra : rebase_source : 550aafbfb1d57257db49897a7506ebb9f038021f
In child process, during shutdown, it's possible that IsNeckoChild() is true but gNeckoChild is null. When this case happens, it is necessary to return early in RequestContext::BeginLoad to avoid modifying mAfterDOMContentLoaded.
In order to optionally report the full hash back to Google, we need to keep it
around in the callback. While a prefix is not the same as a full hash (multiple
full hashes can map to the same prefix), in this case, the callback will only be
called when the full hash matches.
MozReview-Commit-ID: F4WSLZpYrXB
--HG--
extra : rebase_source : da3b16b00729d0aa6ff1765a135b751fcf44c012
For netwerk/cache2/CacheFileInputStream.cpp:148 and netwerk/protocol/http/nsHttpHeaderArray.cpp:358,
missing "()" in the if statement.
For netwerk/base/rust-url-capi/test/test.cpp:29, netwerk/streamconv/converters/nsHTTPCompressConv.cpp:297,
and netwerk/streamconv/converters/nsHTTPCompressConv.cpp:300, null pointer will be returned but the
original memory buffer will not be freed if |realloc| fails. We should remember the original memory
buffer and free it if error is detected.
MozReview-Commit-ID: 2ggXsL73jYV
--HG--
extra : rebase_source : e47e41f2b37f717207bd13990efead22a14db1c0
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.
MozReview-Commit-ID: B5Y8KyExPQ8
--HG--
extra : rebase_source : e27b266c145daa5acd887e998c6d5b408101e1db
extra : source : 33f49977a33cbdb1c7127871b940eefccc018f65
In child process, during shutdown, it's possible that IsNeckoChild() is true but gNeckoChild is null. When this case happens, we have to early return in RequestContext::DOMContentLoaded() to avoid the asseration failure (MOZ_ASSERT(!IsNeckoChild())) in RequestContext::ScheduleUnblock().
RequestContextService will cancel all the blocked tail requests during xpcom-shutdown.
However, the timer for unblocking tail request might be already running.
RequestContext need to cancel the timer when all blocked tail request is canceled for that context.
MozReview-Commit-ID: 1Nbzu2a788w
--HG--
extra : rebase_source : 6a68310ab7984eb3ceebd089a1e36232b5f0a72b
The WebRequest API needs to know if a given window ID is at the top level, for
various reasons. It currently figures this out by mapping a channel's load
context to a <browser> element, which tracks its current top outer window ID.
But this is inefficient, and not friendly to C++ callers.
Adding the top window ID to the load info simplifies things considerably.
MozReview-Commit-ID: Fy0gxTqQZMZ
--HG--
extra : rebase_source : bb5b1e1b3294004ca5e713fc88c4e20652296e53
This patch calls CancelTailPendingRequests(NS_ERROR_ABORT) for every RequestContext at shutdown, then prevents the creation of any more RequestContexts.
MozReview-Commit-ID: BbJDL7Np8HW
--HG--
extra : rebase_source : d144e3b09d9725fbc7df169f1c9a49bf45ddfd54
This allows MOZ_TRY and MOZ_TRY_VAR to be transparently used in XPCOM methods
when compatible Result types are used.
Also removes a compatibility macro in SimpleChannel.cpp, and an identical
specialization in AddonManagerStartup, which are no longer necessary after
this change.
MozReview-Commit-ID: 94iNrPDJEnN
--HG--
extra : rebase_source : 24ad4a54cbd170eb04ded21794530e56b1dfbd82
This moves URI creation from ParseMetaDataEntry into SetupPrediction
because ParseMetaDataEntry is called in way more circumstances than we
actually need the URI from. Even in those cases where we might use the
URI (but it's not guaranteed), we end up using the URI less often than
we create one. In case it wasn't clear, SetupPrediction is the only
thing called post-ParseMetaDataEntry that would require a parsed URI in
the first place.
SetupPrediction has the duplicated NS_NewURI calls to avoid creating
URIs for those calls to SetupPrediction that are no-ops.
MozReview-Commit-ID: HlhVj7p2uuk
--HG--
extra : rebase_source : 0349dc52225b6e93150947ea978f2ba7afa3e2f5
We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299
NS_AsyncCopy aborts if it receives an NS_BASE_STREAM_WOULD_BLOCK error result
during copying and it is unable to QI the source stream to an
nsIAsyncInputStream. IPCBlobInputStream can return this, especially if it's:
- A freshly created aggregate stream as part of form submission of a type=file
where the Blob will come from the parent because of the file picker but the
stream is being uploaded from the child.
- A ServiceWorker is involved, causing
HttpBaseChannel::EnsureUploadStreamIsCloneable to trigger an NS_AsyncCopy
very early in the process.
IPCBlobInputStream implements nsIAsyncInputStream, and nsMultiplexInputStream
does too (conditionally based on its child streams; if any are async, it takes
step to uniformly expose async behavior). However, due to lack of sufficient
test coverage, nsMIMEInputStream did not get fixed as part of bug 1361443 when
nsMultiplexInputStream gained its nsIAsyncInputStream powers. We address that
here in the same fashion.
Part 1 of this series addresses the test coverage issue.
--HG--
extra : rebase_source : 1cae03a314397b159c3985d97231c1e34cd5f079
This patch is mainly to add a probe to measure sw launch time. To do this, this
patch records the sw launch time when the sw is just spwaned and it's ready to
handle the incoming fetch event.
MozReview-Commit-ID: 3w5MNyhQNnd
--HG--
extra : rebase_source : 3228213d0ea6be1d23b9c49382f1f8d3c2f358f1
These are all easy cases where an nsXPIDLCString local variable is set via
getter_Copies() and then is null checked. The patch uses IsVoid() to replace
the null checks (and get() and EqualsLiteral() calls to replace any implicit
conversions).
--HG--
extra : rebase_source : 484ad42a7816b34b86afbe072e04ba131c1619c6
This patch removes the ability to select which protocols you want
included in necko, a wholly untested configuration that is broken in
practice. We have no need of this kind of configurability in necko.
In addition, this removes the final vestiges of rtsp support, which was
originally removed in bug 1295885 but still had some stuff hanging
around behind some ifdefs (that were never true).
MozReview-Commit-ID: KOEaDmit2IL
--HG--
extra : rebase_source : f6c2fdb972aaba46e922cda801252dc953550b94
These are all easy cases where an nsXPIDLCString local variable is set via
getter_Copies() and then is only used in ways that nsCStrings can also be used
(i.e. no null checks or implicit conversions to |char*|).
In every case the patch trivially replaces the nsXPIDLCString with an
nsCString. (Also, there are a couple of unused nsXPIDLCString variables that
the patch simply removes.)
This patch refactors the nsThread event queue to clean it up and to make it easier to restructure. The fundamental concepts are as follows:
Each nsThread will have a pointer to a refcounted SynchronizedEventQueue. A SynchronizedEQ takes care of doing the locking and condition variable work when posting and popping events. For the actual storage of events, it delegates to an AbstractEventQueue data structure. It keeps a UniquePtr to the AbstractEventQueue that it uses for storage.
Both SynchronizedEQ and AbstractEventQueue are abstract classes. There is only one concrete implementation of SynchronizedEQ in this patch, which is called ThreadEventQueue. ThreadEventQueue uses locks and condition variables to post and pop events the same way nsThread does. It also encapsulates the functionality that DOM workers need to implement their special event loops (PushEventQueue and PopEventQueue). In later Quantum DOM work, I plan to have another SynchronizedEQ implementation for the main thread, called SchedulerEventQueue. It will have special code for the cooperatively scheduling threads in Quantum DOM.
There are two concrete implementations of AbstractEventQueue in this patch: EventQueue and PrioritizedEventQueue. EventQueue replaces the old nsEventQueue. The other AbstractEventQueue implementation is PrioritizedEventQueue, which uses multiple queues for different event priorities.
The final major piece here is ThreadEventTarget, which splits some of the code for posting events out of nsThread. Eventually, my plan is for multiple cooperatively scheduled nsThreads to be able to share a ThreadEventTarget. In this patch, though, each nsThread has its own ThreadEventTarget. The class's purpose is just to collect some related code together.
One final note: I tried to avoid virtual dispatch overhead as much as possible. Calls to SynchronizedEQ methods do use virtual dispatch, since I plan to use different implementations for different threads with Quantum DOM. But all the calls to EventQueue methods should be non-virtual. Although the methods are declared virtual, all the classes used are final and the concrete classes involved should all be known through templatization.
MozReview-Commit-ID: 9Evtr9oIJvx
The spec is already escaped in SetSpec,SetQuery,SetRef - so there is no need to escape it again in the getter.
MozReview-Commit-ID: C0279q5nLXl
--HG--
extra : rebase_source : 726bda4f13bdab7c3e22eed29f6a8cd9bccb024f
This flags is added in the http channel interface by which developers can control the TLS
connections from JavaScript code (e.g. Add-ons). Basically, all the changes accounted for
plumbing this TLS flags from JavaScript level to C++ code responsible for calling NSS
module. We also added a unit test to make sure that separate connections are created if we
use different tlsFlags. Basically we used a concrete set of flag values that covers the
edge cases and check the hashkey generated in the connection info.
--HG--
rename : netwerk/test/unit/test_separate_connections.js => netwerk/test/unit/test_tls_flags_separate_connections.js