gecko-dev/dom/security
Matt Woodrow 936025ce74 Bug 1594166 - Dont do nsContentSecurityManager checks for internal redirects. r=baku,ckerschb
We fail this during test_invalid_mime_type_blob.html when using DocumentChannel for blobs without this.
DocumentChannelChild reports an internal redirect as it replaces itself with the real channel (BlobURLChannel), and we fail the CheckLoadURIWithPrincipal checks.

The old channel has a null principal (due to being a sandboxed iframe), and we compare that to the blob principal computed from the URI, which is a normal content principal.

Differential Revision: https://phabricator.services.mozilla.com/D51905

--HG--
extra : moz-landing-system : lando
2019-11-07 19:13:59 +00:00
..
featurepolicy Bug 1580462 - Store iframe's FeaturePolicy in browsingContext to inherit cross origin document. r=baku,farre 2019-10-23 19:39:00 +00:00
fuzztest Bug 1560455 - rename CodebasePrincipal to ContentPrincipal. r=ckerschb 2019-07-08 16:37:45 +00:00
test Bug 1585000 - Enable Samesite Cookies for Fission r=ckerschb,farre 2019-11-05 09:39:13 +00:00
CSPEvalChecker.cpp Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku 2019-10-08 17:31:35 +00:00
CSPEvalChecker.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
DOMSecurityManager.cpp Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh,flod 2019-10-31 08:28:35 +00:00
DOMSecurityManager.h Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh,flod 2019-10-31 08:28:35 +00:00
FramingChecker.cpp Bug 1593321: Ignore XFO on channels that will be redirected. r=jkt,dragana 2019-11-06 12:53:46 +00:00
FramingChecker.h Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh,flod 2019-10-31 08:28:35 +00:00
PolicyTokenizer.cpp Bug 1530369 - part 3 - do less copying in generateTokens; r=ckerschb 2019-02-25 13:58:53 -05:00
PolicyTokenizer.h Bug 1530369 - part 1 - don't needlessly write characters when skipping; r=ckerschb 2019-02-25 13:58:54 -05:00
ReferrerInfo.cpp Bug 1591226 - Convert network.http.referer.defaultPolicy.* to static prefs r=njn 2019-10-25 19:13:19 +00:00
ReferrerInfo.h Bug 1591226 - Convert network.http.referer.XOriginTrimmingPolicy to static pref. r=njn 2019-10-25 04:55:12 +00:00
SRICheck.cpp Bug 1523969 part 6 - Move method definition inline comments to new line in 'dom/'. r=nika 2019-02-25 16:05:29 -06:00
SRICheck.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
SRILogHelper.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
SRIMetadata.cpp Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
SRIMetadata.h Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format 2018-11-30 11:46:48 +01:00
moz.build Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 2019-10-22 10:57:43 +00:00
nsCSPContext.cpp Bug 1584993: Make CSP frame-ancestors work with fission enabled. r=jkt,farre,valentin 2019-10-22 10:57:43 +00:00
nsCSPContext.h Bug 1580710: Expose functionality on the CSP Object to allow skipping the inline style checks. r=bzbarsky 2019-09-16 23:47:19 +00:00
nsCSPParser.cpp Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 2019-09-10 22:33:51 +00:00
nsCSPParser.h Bug 1557793 part 2. Stop using [array] in nsIStringBundle. r=Pike 2019-06-11 15:51:51 +00:00
nsCSPService.cpp Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb 2019-09-30 10:38:32 +00:00
nsCSPService.h Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb 2019-09-25 08:25:22 +00:00
nsCSPUtils.cpp Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 2019-09-10 22:33:51 +00:00
nsCSPUtils.h Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8 2019-09-10 22:33:51 +00:00
nsContentSecurityManager.cpp Bug 1594166 - Dont do nsContentSecurityManager checks for internal redirects. r=baku,ckerschb 2019-11-07 19:13:59 +00:00
nsContentSecurityManager.h Bug 1570681 - Move Eval testing logic from nsContentSecurityManager to nsContentSecurityUtils r=ckerschb 2019-09-18 19:36:31 +00:00
nsContentSecurityUtils.cpp Bug 1584602 - Enforce eval restrictions in Workers and do not enforce restrictions in Release r=ckerschb 2019-10-30 15:21:57 +00:00
nsContentSecurityUtils.h Bug 1590784: Move GetHttpChannelHelper into nsContentSecurityUtils. r=jkt 2019-10-23 15:17:21 +00:00
nsMixedContentBlocker.cpp Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb 2019-10-02 11:17:28 +00:00
nsMixedContentBlocker.h Bug 1376309 - Allow localhost ws:// connections from secure origins. r=jkt 2019-08-07 00:19:59 +00:00