corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
546,803 Commits 1 Branch 0 Tags
80b1443c29c901b4f15e3c9d39a1f86d2e6a6cc0
Commit Graph

120 Commits

Author SHA1 Message Date
Ben Kelly
407bb92b55 Bug 1470114 Make parent-side of redirect override the reserved ClientInfo to handle some corner cases. r=valentin 2018-06-22 08:09:00 -07:00
Ben Kelly
5723cf8094 Bug 1468213 Propagate nsILoadInfo.serviceWorkerTaintingSynthesized and tainting values from parent process to child process. r=valentin 2018-06-11 12:54:22 -07:00
Ben Kelly
2310d6869c Bug 1441932 P3 Forward reserved client, initial client, and controller on Redirect2Verify message back to parent. r=mayhemer 2018-06-04 09:26:51 -07:00
Ben Kelly
1af5b57dfe Bug 1441932 P1 Add the ServiceWorker controller to ParentLoadInfoForwarderArgs. r=mayhemer 2018-06-04 09:26:50 -07:00
Emilio Cobos Álvarez
4b8b5e1717 Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj 
This was done automatically replacing:

  s/mozilla::Move/std::move/
  s/ Move(/ std::move(/
  s/(Move(/(std::move(/

Removing the 'using mozilla::Move;' lines.

And then with a few manual fixups, see the bug for the split series..

MozReview-Commit-ID: Jxze3adipUh
 2018-06-01 10:45:27 +02:00
Ben Kelly
411a5b4ad3 Bug 1459655 Check for error when serializing the LoadInfo triggering principal. r=baku 2018-05-10 08:18:05 -07:00
Rob Wu
bd147c608a Bug 1459588 - Remove unused allowDocumentToBeAgnosticToCSP r=ckerschb 
This cleanup basically reverts the remaining bits of 93dcf59ff87

MozReview-Commit-ID: 9zimpjAkZyj
 2018-05-07 15:12:51 +02:00
Christoph Kerschbaumer
07965896e9 Bug 1439713 - Add flag to loadinfo for skipping certain security policy checks. r=bz 2018-03-29 11:14:35 +02:00
Jonathan Kingston
3c93f0a6e1 Bug 1440701 - Adding in telemetry for upgrading display content. r=ckerschb,valentin 
MozReview-Commit-ID: 7oEIith4Ehv
 2018-03-04 14:33:33 +00:00
Honza Bambas
9f551e72a7 Bug 1438935 - Serialize selected LoadInfo properties from HTTPChannelParent to HTTPChannelChild through OnStartRequest and Redirect1Begin, r=asuth 2018-03-06 08:07:00 +02:00
Gurzau Raul
53f480c4b8 Merge mozilla-central to autoland. a=merge CLOSED TREE 2018-02-21 19:30:44 +02:00
Christoph Kerschbaumer
8af0a6f791 Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer 2018-02-18 19:52:52 +01:00
Jonathan Kingston
91e54f8c78 Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer 
MozReview-Commit-ID: ETIgVF3zhRu
 2018-02-05 15:37:27 +00:00
Christoph Kerschbaumer
e7cff0b2bd Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=smaug 2018-02-01 14:07:01 +01:00
Sebastian Hengst
39acc3c032 Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js 
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
 2018-02-12 19:58:28 +02:00
Christoph Kerschbaumer
5cee13175d Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=smaug 2018-02-01 14:07:01 +01:00
Ben Kelly
0f3d5cd3c1 Bug 1231211 P3 Serialize LoadInfo's mClientInfo, mReservedClientInfo, and mReservedClientInfo members across IPC. r=valentin 2018-01-23 10:38:52 -05:00
Ben Kelly
677e6caaf4 Bug 1231211 P2 Pass the controller ServiceWorkerDescriptor on the channel LoadInfo and back in PHttpChannel's OnStartRequest message. r=valentin 2018-01-23 10:38:52 -05:00
Ben Kelly
f6625b0e7f Bug 1231211 P1 Allow docshell reload state to be set on LoadInfo. r=valentin 2018-01-23 10:38:51 -05:00
Kate McKinley
400d720dc9 Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb 
This patch removes support and tests for HSTS priming from the tree.
 2018-01-10 11:07:00 -05:00
Tom Tung
92f8a43dc2 Bug 1222008 - P7: Freeze the tainting if a service worker responds with a synthesize response. r=bkelly 2017-11-03 15:37:35 +08:00
Andrea Marchesini
47d900c6e2 Bug 1414755 - Get rid of ContentPrincipalInfoOriginNoSuffix, r=bz, r=bkelly 
This patch uses MozURL in ServiceWorkerRegistrar and in DBScheme to obtain the
origin of a URL. This is safe because the URL is always http/https/ftp.

It also changes the serialization of Principal in nsJSPrincipals in order to
pass the originNoSuffix together with the OriginAttributes and the spec.
 2017-11-15 11:19:26 +01:00
Christoph Kerschbaumer
1a5e7d3be0 Bug 1407891: Allow view-image to open a data: URI by setting a flag on the loadinfo. r=bz 2017-11-08 20:01:41 +01:00
Christoph Kerschbaumer
980d2b45c4 Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug 2017-11-03 13:23:11 +01:00
Kris Maglione
b0f77cbbe3 Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa 
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj
 2017-10-10 15:00:16 -07:00
Sebastian Hengst
a6ff7a4821 Backed out changeset 237acf2879f6 (bug 1407428) for frequent crashes, e.g. in xpcshell's test_bug248970_cookie.js. r=backout on a CLOSED TREE 2017-10-16 00:00:15 +02:00
Kris Maglione
b373b92d17 Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa 
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj
 2017-10-10 15:00:16 -07:00
d9b8b90901 Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz,mystor 
MozReview-Commit-ID: 1IMi5MqTx7o
 2017-10-10 09:54:00 -07:00
Wes Kocher
ce6083bc04 Backed out 2 changesets (bug 1305237) for crashtest failures in 403574-1.xhtml and 1282985-1.svg a=backout 
Backed out changeset 96b5d596cc27 (bug 1305237)
Backed out changeset 5fe72402746f (bug 1305237)

MozReview-Commit-ID: CjCWY73Hps1
 2017-10-02 16:41:56 -07:00
b1d96d9364 Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz 
MozReview-Commit-ID: ADVtxjSQjk5
 2017-10-02 11:05:33 -07:00
Wes Kocher
26e25c2519 Backed out 2 changesets (bug 1305237) for bc failures in browser_WebRequest_ancestors.js a=backout 
Backed out changeset 163a2b0bb0a0 (bug 1305237)
Backed out changeset e05bab140564 (bug 1305237)

MozReview-Commit-ID: GLlbWYZqyVS
 2017-10-02 13:35:03 -07:00
15e18a2d25 Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz 
MozReview-Commit-ID: ADVtxjSQjk5
 2017-10-02 11:05:33 -07:00
Ryan VanderMeulen
252c89b8d4 Backed out changesets d0d30a90efa1 and fd1d81b93380 (bug 1305237) for causing bug 1403932. 2017-09-28 17:55:43 -04:00
0339efbd2f Bug 1305237 LoadInfo changes to include all ancestors principals and window IDs, r=bz 
MozReview-Commit-ID: JdOjc7Ihhv
 2017-09-25 12:12:47 -07:00
Kris Maglione
7f126f87b9 Bug 1396856: Part 2 - Add top outer window ID to LoadInfo. r=ehsan 
The WebRequest API needs to know if a given window ID is at the top level, for
various reasons. It currently figures this out by mapping a channel's load
context to a <browser> element, which tracks its current top outer window ID.
But this is inefficient, and not friendly to C++ callers.

Adding the top window ID to the load info simplifies things considerably.

MozReview-Commit-ID: Fy0gxTqQZMZ
 2017-09-06 14:25:23 -07:00
Honza Bambas
d9b2cc5343 Bug 1319111 - Expose 'result principal URI' on LoadInfo as a source for NS_GetFinalChannelURI (removes some use of LOAD_REPLACE flag). r=bz, r=mikedeboer 2017-05-30 18:07:59 +02:00
Kate McKinley
6dd7bb7e6b Bug 1359987 - Update HSTS priming telemetry r=ckerschb,francois,mayhemer p=francois 
Collect telemetry for all requests to get an exact percentage of
requests that are subject to HSTS priming, and how many result in an
HSTS Priming request being sent. Clean up telemetry to remove instances
of double counting requests if a priming request was sent.

HSTSPrimingListener::ReportTiming was using mCallback to calculate
timing telemetry, but we were calling swap() on the nsCOMPtr. Give it an
explicit argument for the callback.

Add tests for telemetry values to all of the HSTS priming tests. This
tests for the minimum as telemetry may be gathered on background or
other requests.

MozReview-Commit-ID: 5V2Nf0Ugc3r
 2017-05-09 15:36:07 -07:00
Thomas Nguyen
8733d0e208 Bug 1351146 - P1 - Add more information to redirect chains. r=dragana 
In order to provide more details context of how client arrived at the unsafe
page, particularly in redirect case, we may have to add more information to
redirect chains including:
- referrer (if any)
- remote address.
- URL

We may want to use an idl interface instead of nsIPrincipal to store these
information

MozReview-Commit-ID: 3Uh4r06w60C
 2017-05-25 19:42:00 +02:00
Honza Bambas
00cefdc449 Backout of 7f28c1084c47 (bug 1319111) for security checks breakage, r=me 2017-05-25 18:16:02 +02:00
Honza Bambas
0487f42c85 Bug 1319111 - Expose 'result principal URI' on LoadInfo as a source for NS_GetFinalChannelURI (removes some use of LOAD_REPLACE flag). r=bz 2017-05-23 08:09:00 -04:00
Ehsan Akhgari
7bf0c09d78 Bug 1356836 - Reduce the hashtable lookup cost in principal serialization/deserialization; r=billm 2017-04-25 11:04:13 -04:00
Andrea Marchesini
bbcb9558a8 Bug 1347817 - Principal must always have a valid origin - part 4 - origin passed as argument when a principal is created, r=bholley 2017-03-29 08:24:01 +02:00
Sebastian Hengst
419dd35b4e Backed out changeset 059bcee1ccda (bug 1347817) 2017-03-29 11:17:13 +02:00
Andrea Marchesini
0ae94345ff Bug 1347817 - Principal must always have a valid origin - part 4 - origin passed as argument when a principal is created, r=bholley 2017-03-29 08:24:01 +02:00
Andrea Marchesini
a04ab116f5 Bug 1343933 - Renaming Principal classes - part 4 - ContentPrincipal, r=qdot 2017-03-22 11:39:31 +01:00
Andrea Marchesini
8f5f953fba Bug 1343933 - Renaming Principal classes - part 2 - NullPrincipal, r=qdot 2017-03-22 11:38:40 +01:00
Andrea Marchesini
73e2ac514b Bug 1343933 - Renaming Principal classes - part 1 - ExpandedPrincipal, r=qdot 2017-03-22 11:38:17 +01:00
Andrea Marchesini
2902e0810c Bug 1340163 - Introducing originNoSuffix as attribute in ContentPrincipalInfo, r=smaug 2017-03-20 16:03:45 +01:00
Sebastian Hengst
47a783fba4 Backed out changeset 54a1f0cb64d9 (bug 1340163) for crashing e.g. in browser/components/originattributes/test/browser/browser_cacheAPI.js. r=backout 2017-03-20 15:38:19 +01:00
Andrea Marchesini
d5025905cf Bug 1340163 - Introducing originNoSuffix as attribute in ContentPrincipalInfo, r=smaug 2017-03-20 14:51:54 +01:00