gecko-dev/dom/security
Birunthan Mohanathas 5e41427024 Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley
According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:
- 349501cdaa
- https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy

Note that we only whitelist '127.0.0.1' and '::1' to match Chrome 53 and
later. See:
- 130ee686fa

It is unclear if HTTPS origins should be able to use workers and WebSocket
connections through a loopback HTTP address. They are not supported in Chrome
(whether this is intentional or not is uncertain) so lets just ignore them for
now.

See also: https://github.com/w3c/web-platform-tests/pull/5304
2017-05-10 20:50:00 +03:00
..
test Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley 2017-05-10 20:50:00 +03:00
ContentVerifier.cpp
ContentVerifier.h
SRICheck.cpp Bug 1060419 - make log_print use Printf.h, r=froydnj 2016-12-15 20:16:31 -07:00
SRICheck.h Bug 1288104 part 2 - Instrument SRICheckDataVerifier to load/save the computed hash from the bytecode cache. r=francois 2016-10-20 09:44:33 +00:00
SRILogHelper.h
SRIMetadata.cpp Bug 1060419 - make log_print use Printf.h, r=froydnj 2016-12-15 20:16:31 -07:00
SRIMetadata.h
moz.build Bug 1334242 - add BUG_COMPONENT to dom/security/* files. r=ckerschb 2017-01-27 08:18:50 -05:00
nsCSPContext.cpp Bug 1355801: Nonce should only apply to script and style. r=dveditz 2017-05-10 08:52:24 +02:00
nsCSPContext.h Bug 1339004 - Do DocGroup labeling in dom/security. r=ckerschb,smaug 2017-03-29 10:20:32 +08:00
nsCSPParser.cpp Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
nsCSPParser.h Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb 2017-01-18 15:18:29 -05:00
nsCSPService.cpp Bug 1343933 - Renaming Principal classes - part 4 - ContentPrincipal, r=qdot 2017-03-22 11:39:31 +01:00
nsCSPService.h
nsCSPUtils.cpp Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
nsCSPUtils.h Bug 1345615: Allow websocket schemes when using 'self' in CSP. r=freddyb,dveditz 2017-04-27 09:59:16 +02:00
nsContentSecurityManager.cpp Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug 2017-05-10 18:40:57 +02:00
nsContentSecurityManager.h
nsMixedContentBlocker.cpp Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley 2017-05-10 20:50:00 +03:00
nsMixedContentBlocker.h Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley 2017-05-10 20:50:00 +03:00