Birunthan Mohanathas 5e41427024 Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley ... According to the spec, content from loopback addresses should no longer be treated as mixed content even in secure origins. See: - 349501cdaa - https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy Note that we only whitelist '127.0.0.1' and '::1' to match Chrome 53 and later. See: - 130ee686fa It is unclear if HTTPS origins should be able to use workers and WebSocket connections through a loopback HTTP address. They are not supported in Chrome (whether this is intentional or not is uncertain) so lets just ignore them for now. See also: https://github.com/w3c/web-platform-tests/pull/5304		2017-05-10 20:50:00 +03:00
..
contentverifier	Bug 1336654 - update expired certs and signatures for content signature tests, r=mgoodwin	2017-02-06 10:07:49 +01:00
cors	Bug 1334776 - Store header names into nsHttpHeaderArray. r=mcmanus	2017-04-27 16:48:36 +02:00
csp	Bug 1355801: Nonce should not apply to images tests. r=dveditz	2017-05-10 08:53:27 +02:00
general	Backed out changeset 322fde2d53bf (bug 1356569) so bug 1355161 can be backed out. r=backout	2017-04-14 23:39:22 +02:00
gtest	Bug 1224225: Tests for punycode/unicode in CSP source matching code r=ckerschb,KWierso	2017-03-15 13:22:55 +01:00
hsts	Bug 903966 - Stop blocking 'http://127.0.0.1/' as mixed content. r=ckerschb,kmckinley	2017-05-10 20:50:00 +03:00
mixedcontentblocker	Backed out changeset 322fde2d53bf (bug 1356569) so bug 1355161 can be backed out. r=backout	2017-04-14 23:39:22 +02:00
sri	Bug 1334199 - script-generated patch to omit getComputedStyle's second argument when it's falsy, r=jaws.	2017-01-27 10:51:02 +01:00
unit	Bug 1347817 - Principal must always have a valid origin - part 6 - fixing tests, r=ehsan	2017-03-29 15:28:46 +02:00
moz.build	Bug 1340181 - Hide Activity Stream URL in URLbar r=fkiefer,mconley	2017-02-22 13:18:09 -05:00