corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
725,175 Commits 1 Branch 0 Tags
2be9ca3be10c429a5fd9608caec37c3e9a192993
Commit Graph

296 Commits

Author SHA1 Message Date
lyavor
2be9ca3be1 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-03 17:25:45 +00:00
Nils
488a36d979 Bug 1740294: Fix typo "then then" -> "then" r=mhentges 
Instances of the typo that have been imported from other repositories have been left unchanged.

Differential Revision: https://phabricator.services.mozilla.com/D130561
 2021-11-09 17:36:40 +00:00
Frederik Braun
58bd428aa3 Bug 1735476 - MOZ_LOG=CSMLog emits contentsecuritycheck as valid yaml r=ckerschb 
This commit changes the MOZ_LOG to make the yaml easier to parse,
addressing various shortcomings:

- Firstly, the yaml "document" for a check was an array of dictionaries
  that each contained a single key/value pair. It's now a big dictionary
  containing lots of key/value pairs instead.
- Indentation was wrong for some of the attributes of the content
  security check
- The name key-name for https-only flags was oddly cased

This changeset resolves all of these shortcomings.

Differential Revision: https://phabricator.services.mozilla.com/D128463
 2021-10-14 11:50:50 +00:00
Frederik Braun
0d52e7d821 Bug 1735117 - Restrict systemprincipal from loading type *STYLESHEET* via HTTP, HTTPS r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D128057
 2021-10-12 07:42:14 +00:00
Frederik Braun
d20125ef18 Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-10-04 11:09:15 +00:00
Frederik Braun
8f416b197d Bug 1732896 - expand script,style collection to type document r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D126780
 2021-09-28 15:50:08 +00:00
criss
d0d5e6c8a7 Backed out changeset 60edafe5dcc3 (bug 1731025) for causing failures on ServoUtils.h:33 and browser_preferences_usage.js. CLOSED TREE 2021-09-20 14:19:48 +03:00
Frederik Braun
0c0f04dbcb Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-09-20 08:58:55 +00:00
Byron Campen
b8c031d556 Bug 1702417: Test case for bug. r=freddyb,mixedpuppy,necko-reviewers 
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.

Differential Revision: https://phabricator.services.mozilla.com/D124965
 2021-09-13 18:20:10 +00:00
Frederik Braun
19341828d9 Bug 1725339 - Restrict systemprincipal from loading type *SUBDOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-23 09:23:25 +00:00
Marian-Vasile Laza
77d1b4fe51 Backed out changeset ed0cca70a9a5 (bug 1725339) for causing failures on nsContentSecurityManager. CLOSED TREE 2021-08-16 11:32:15 +03:00
Frederik Braun
9568be50ae Bug 1725339 - Restrict systemprincipal from loading type *DOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-16 08:00:17 +00:00
Frederik Braun
e899e65457 Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-10 12:41:02 +00:00
Marian-Vasile Laza
aff1264ab8 Backed out changeset 24284cf9d4da (bug 1723998) for causing GTest failures. CLOSED TREE 2021-08-06 12:16:11 +03:00
Frederik Braun
5ba08bf5ec Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-06 08:12:47 +00:00
Alexandru Michis
039be67939 Backed out changeset 19de2822bc0c (bug 1711168) for causing Bug 1719063. 
CLOSED TREE
 2021-07-08 22:56:34 +03:00
Christoph Kerschbaumer
8c72e21c81 Bug 1718034: Add and include logging for https-first mode to the ContentSecurityManager r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D118707
 2021-06-24 12:32:23 +00:00
Shane Caraveo
740ccc1faf Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2021-06-23 21:52:38 +00:00
Mats Palmgren
c50393b1de Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-14 01:22:06 +00:00
Butkovits Atila
c8f6a1fcf4 Backed out 7 changesets (bug 1542807) for causing failures at inert-retargeting-iframe.tentative.html. CLOSED TREE 
Backed out changeset e9ef32fa2f2e (bug 1542807)
Backed out changeset 8fa0cb199975 (bug 1542807)
Backed out changeset 38daf64afe59 (bug 1542807)
Backed out changeset e3aee052c495 (bug 1542807)
Backed out changeset a71056d4c7cc (bug 1542807)
Backed out changeset cf91e7d0a37f (bug 1542807)
Backed out changeset eee949e5fd67 (bug 1542807)
 2021-06-12 01:38:25 +03:00
Mats Palmgren
d43792a9f6 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-11 18:10:39 +00:00
Frederik Braun
861c96b28b Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-11 08:27:47 +00:00
Sandor Molnar
b3e153af11 Backed out changeset fda42a745baf (bug 1708114) for causing Gtest failures in UnexpectedPrivilegedLoadsTelemetryTest. CLOSED TREE 2021-05-04 18:13:00 +03:00
Frederik Braun
edaebee59c Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-04 13:04:18 +00:00
Shane Caraveo
1351a9d311 Bug 1700762 iframe sandboxed extensions pages are allowed to load their own resources r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D100834
 2021-03-26 15:27:19 +00:00
Cosmin Sabou
2c6adc65d4 Backed out 2 changesets (bug 1699627) for bc failures on browser_startup_content.js. 
Backed out changeset 02e74b497dfc (bug 1699627)
Backed out changeset 270e0f9613a6 (bug 1699627)
 2021-03-22 20:24:53 +02:00
Henrik Skupin
eb0d88ece3 Bug 1699627 - Use nsIMarionette service to get enabled state of Marionette within the Content Security Manager. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D109363
 2021-03-22 16:44:41 +00:00
Frederik Braun
1add12a8de Bug 1697163 - restrict systemprincipal telemetry to scripts and styles r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D107643
 2021-03-11 09:43:54 +00:00
Tom Ritter
74dd5a97d1 Bug 1688800: Carve out more edge cases for javascriptLoad restrictions, and let Telemetry ride the trains r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D103043
 2021-01-29 13:35:31 +00:00
Brindusan Cristian
a5ed964b85 Backed out changeset 2ade9dd19ad1 (bug 1688800) for build bustages at nsContentSecurityUtils.cpp. CLOSED TREE 2021-01-28 23:26:05 +02:00
Tom Ritter
c160087454 Bug 1688800: Carve out more edge cases for javascriptLoad restrictions, and let Telemetry ride the trains r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D103043
 2021-01-28 20:40:40 +00:00
Masatoshi Kimura
b2472e0aeb Bug 1687108 - Remove unused content policy types. r=ckerschb,remote-protocol-reviewers,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D102083
 2021-01-19 09:42:13 +00:00
Masatoshi Kimura
12c9fd0669 Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-15 12:07:16 +00:00
Narcis Beleuzu
30a5f83baa Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE 2021-01-15 04:04:37 +02:00
Masatoshi Kimura
666d7f8e2b Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-15 04:02:41 +02:00
Dorel Luca
922d64bb4f Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE 2021-01-15 02:45:34 +02:00
Masatoshi Kimura
fd94179ca1 Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-14 20:44:54 +00:00
Simon Giesecke
fdd0be071c Bug 1583109 - Use StringJoin(Append) where easily possible. r=nika 
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.

Differential Revision: https://phabricator.services.mozilla.com/D98750
 2020-12-17 14:58:18 +00:00
Csoregi Natalia
51401405eb Backed out changeset 16d174e7c342 (bug 1583109) for bustage on nsReadableUtils.h. CLOSED TREE 2020-12-16 22:51:26 +02:00
Simon Giesecke
8db61da8b6 Bug 1583109 - Use StringJoin(Append) where easily possible. r=nika 
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.

Differential Revision: https://phabricator.services.mozilla.com/D98750
 2020-12-16 19:38:23 +00:00
Simon Giesecke
46908cfb51 Bug 1660470 - Add missing include directives/forward declarations. r=nika 
Differential Revision: https://phabricator.services.mozilla.com/D87865
 2020-11-23 16:21:38 +00:00
Andi-Bogdan Postelnicu
28641b48fa Bug 1626555 - Add dom/security to the list of non-unified-build-compatible directories. r=sg 
Differential Revision: https://phabricator.services.mozilla.com/D96427
 2020-11-09 21:03:52 +00:00
Brindusan Cristian
4095108060 Backed out changeset 3a087ad91d30 (bug 1626555) for build bustages. CLOSED TREE 2020-11-09 21:09:33 +02:00
Andi-Bogdan Postelnicu
6081181e65 Bug 1626555 - Add dom/security to the list of non-unified-build-compatible directories. r=sg 
Differential Revision: https://phabricator.services.mozilla.com/D96427
 2020-11-09 17:57:01 +00:00
Jens Hausdorf
be213abd05 Bug 1660417 - Make sure CSP policy strings are logged as valid yaml r=freddyb,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D87841
 2020-11-03 14:06:13 +00:00
Narcis Beleuzu
eebe75b41a Backed out changeset 7aa5ac524911 (bug 1608074) for assertion failure on nsContentSecurityUtils.cpp. CLOSED TREE 2020-10-13 16:08:21 +03:00
julianwels
4be7e431a9 Bug 1608074 - Add assertion to make sure referrer header matches the computed referrer in referrerInfo r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D59314
 2020-10-13 10:39:03 +00:00
Michael Kaply
2b2e5e0506 Bug 1450309 - Allow nSIContentPolicy to reject based on enterprise policy. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D91487
 2020-10-03 00:02:19 +00:00
Cosmin Sabou
a13f011987 Backed out 2 changesets (bug 1450309) for wpt failures on reporting-navigation.https.html. CLOSED TREE 
Backed out changeset 7fae6ea289bd (bug 1450309)
Backed out changeset 14c35856cea4 (bug 1450309)
 2020-10-01 08:50:41 +03:00
Michael Kaply
1f898b3b76 Bug 1450309 - Allow nSIContentPolicy to reject based on enterprise policy. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D91487
 2020-09-30 18:39:40 +00:00