corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
741,744 Commits 1 Branch 0 Tags
cd7c15e45b367f44b3fd9e835e9f09e06c88db6a
Commit Graph

315 Commits

Author SHA1 Message Date
Molnar Sandor
cd7c15e45b Backed out 5 changesets (bug 1761242, bug 1744822, bug 1761252) for causing browser-chrome failures in netwerk/test/browser/browser_103_assets.js CLOSED TREE 
Backed out changeset 33cc08eb51b3 (bug 1744822)
Backed out changeset b70697d24e75 (bug 1761252)
Backed out changeset 4a5e10110c6a (bug 1761242)
Backed out changeset 7cda175b833d (bug 1761242)
Backed out changeset 4f5ed111093b (bug 1761242)
 2022-06-08 18:56:35 +03:00
Manuel Bucher
77458730d0 Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D144798
 2022-06-08 14:33:10 +00:00
Tom Schuster
1299aac755 Bug 1770395 - Telemetry for file protocol script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D146902
 2022-05-25 17:07:56 +00:00
Frederik Braun
a47bdff726 Bug 1767581 - restrict loads of http/https scripts in the privilegedabout process r=dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D145978
 2022-05-23 20:22:52 +00:00
Frederik Braun
e1e3393365 Bug 1767581 - refactor systemprincipal restrictions, disallow loads without finaluri r=ckerschb,tjr 
This is a bit of a refactor.
We'll keep the spagetthi code for existing checks, to be able
to easily iterate and pref-flip if things fail later in the cycle.
This also resolves bug 1638770 and removes the "disallow all"
-pref that proved not be a useful approach anyway.

Differential Revision: https://phabricator.services.mozilla.com/D145411
 2022-05-23 20:22:52 +00:00
Tom Schuster
f5d14f8497 Bug 1760024 - Add a pref for checking file:// script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D146069
 2022-05-13 11:13:09 +00:00
Tom Schuster
04321c9790 Bug 1760024 - Enforce a correct MIME type for file:// script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D143608
 2022-05-06 10:51:42 +00:00
Frederik Braun
22873cd58e Bug 1767954 - csmlog should include process type r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D145575
 2022-05-05 12:46:47 +00:00
Frederik Braun
5daa5cb300 Bug 1767395 disallow loading http/https scripts for systemprincipal r=ckerschb,tjr 
This copies over the behavior for style & subdocument restrictions.
Admittedly, with this if/else spagetthi, it would be preferable to
turn this into restriction levels or lump some of the known-to-be-safe
prefs together, but I would prefer we wait a couple of cycles to
make sure this makes it all the way to release before we refactor.

Differential Revision: https://phabricator.services.mozilla.com/D145306
 2022-05-03 15:28:34 +00:00
Nika Layzell
2a9fcf1bde Bug 1746115 - Perform data URI blocking from DocumentLoadListener, r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D138213
 2022-02-11 16:34:24 +00:00
Sylvestre Ledru
35a175aa33 Bug 1754767 - Remove duplicate includes r=media-playback-reviewers,padenot 
Differential Revision: https://phabricator.services.mozilla.com/D138441
 2022-02-11 10:01:15 +00:00
lyavor
b311f4c528 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-20 14:14:10 +00:00
criss
357dcc966a Backed out 2 changesets (bug 1745650) for causing build bustages on browser_download_slow. CLOSED TREE 
Backed out changeset 32bac3160aa5 (bug 1745650)
Backed out changeset 336d3cfecad2 (bug 1745650)
 2022-01-17 15:53:10 +02:00
lyavor
cbf78f79b4 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-17 13:19:42 +00:00
Cristian Tuns
d7b7929aae Backed out 2 changesets (bug 1745650) for causing mochitest failures on browser_slow_download.js CLOSED TREE 
Backed out changeset 98712a0ace1e (bug 1745650)
Backed out changeset efb69ab57dc9 (bug 1745650)
 2022-01-14 08:02:45 -05:00
lyavor
7cbc533a80 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-14 11:53:20 +00:00
Cristian Tuns
fab03a3db8 Backed out 2 changesets (bug 1745650) for causing mochitest failures on browser_slow_download.js CLOSED TREE 
Backed out changeset 7f7864031ae3 (bug 1745650)
Backed out changeset 23081f3b923f (bug 1745650)
 2022-01-07 08:07:51 -05:00
lyavor
52fb115886 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-07 12:18:32 +00:00
Csoregi Natalia
9500373047 Backed out 2 changesets (bug 1745650) for failures on browser_slow_download.js. CLOSED TREE 
Backed out changeset f94ea51101a1 (bug 1745650)
Backed out changeset dd8809f8bb92 (bug 1745650)
 2022-01-03 20:24:32 +02:00
lyavor
2be9ca3be1 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-03 17:25:45 +00:00
Nils
488a36d979 Bug 1740294: Fix typo "then then" -> "then" r=mhentges 
Instances of the typo that have been imported from other repositories have been left unchanged.

Differential Revision: https://phabricator.services.mozilla.com/D130561
 2021-11-09 17:36:40 +00:00
Frederik Braun
58bd428aa3 Bug 1735476 - MOZ_LOG=CSMLog emits contentsecuritycheck as valid yaml r=ckerschb 
This commit changes the MOZ_LOG to make the yaml easier to parse,
addressing various shortcomings:

- Firstly, the yaml "document" for a check was an array of dictionaries
  that each contained a single key/value pair. It's now a big dictionary
  containing lots of key/value pairs instead.
- Indentation was wrong for some of the attributes of the content
  security check
- The name key-name for https-only flags was oddly cased

This changeset resolves all of these shortcomings.

Differential Revision: https://phabricator.services.mozilla.com/D128463
 2021-10-14 11:50:50 +00:00
Frederik Braun
0d52e7d821 Bug 1735117 - Restrict systemprincipal from loading type *STYLESHEET* via HTTP, HTTPS r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D128057
 2021-10-12 07:42:14 +00:00
Frederik Braun
d20125ef18 Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-10-04 11:09:15 +00:00
Frederik Braun
8f416b197d Bug 1732896 - expand script,style collection to type document r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D126780
 2021-09-28 15:50:08 +00:00
criss
d0d5e6c8a7 Backed out changeset 60edafe5dcc3 (bug 1731025) for causing failures on ServoUtils.h:33 and browser_preferences_usage.js. CLOSED TREE 2021-09-20 14:19:48 +03:00
Frederik Braun
0c0f04dbcb Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-09-20 08:58:55 +00:00
Byron Campen
b8c031d556 Bug 1702417: Test case for bug. r=freddyb,mixedpuppy,necko-reviewers 
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.

Differential Revision: https://phabricator.services.mozilla.com/D124965
 2021-09-13 18:20:10 +00:00
Frederik Braun
19341828d9 Bug 1725339 - Restrict systemprincipal from loading type *SUBDOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-23 09:23:25 +00:00
Marian-Vasile Laza
77d1b4fe51 Backed out changeset ed0cca70a9a5 (bug 1725339) for causing failures on nsContentSecurityManager. CLOSED TREE 2021-08-16 11:32:15 +03:00
Frederik Braun
9568be50ae Bug 1725339 - Restrict systemprincipal from loading type *DOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-16 08:00:17 +00:00
Frederik Braun
e899e65457 Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-10 12:41:02 +00:00
Marian-Vasile Laza
aff1264ab8 Backed out changeset 24284cf9d4da (bug 1723998) for causing GTest failures. CLOSED TREE 2021-08-06 12:16:11 +03:00
Frederik Braun
5ba08bf5ec Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-06 08:12:47 +00:00
Alexandru Michis
039be67939 Backed out changeset 19de2822bc0c (bug 1711168) for causing Bug 1719063. 
CLOSED TREE
 2021-07-08 22:56:34 +03:00
Christoph Kerschbaumer
8c72e21c81 Bug 1718034: Add and include logging for https-first mode to the ContentSecurityManager r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D118707
 2021-06-24 12:32:23 +00:00
Shane Caraveo
740ccc1faf Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2021-06-23 21:52:38 +00:00
Mats Palmgren
c50393b1de Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-14 01:22:06 +00:00
Butkovits Atila
c8f6a1fcf4 Backed out 7 changesets (bug 1542807) for causing failures at inert-retargeting-iframe.tentative.html. CLOSED TREE 
Backed out changeset e9ef32fa2f2e (bug 1542807)
Backed out changeset 8fa0cb199975 (bug 1542807)
Backed out changeset 38daf64afe59 (bug 1542807)
Backed out changeset e3aee052c495 (bug 1542807)
Backed out changeset a71056d4c7cc (bug 1542807)
Backed out changeset cf91e7d0a37f (bug 1542807)
Backed out changeset eee949e5fd67 (bug 1542807)
 2021-06-12 01:38:25 +03:00
Mats Palmgren
d43792a9f6 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-11 18:10:39 +00:00
Frederik Braun
861c96b28b Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-11 08:27:47 +00:00
Sandor Molnar
b3e153af11 Backed out changeset fda42a745baf (bug 1708114) for causing Gtest failures in UnexpectedPrivilegedLoadsTelemetryTest. CLOSED TREE 2021-05-04 18:13:00 +03:00
Frederik Braun
edaebee59c Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-04 13:04:18 +00:00
Shane Caraveo
1351a9d311 Bug 1700762 iframe sandboxed extensions pages are allowed to load their own resources r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D100834
 2021-03-26 15:27:19 +00:00
Cosmin Sabou
2c6adc65d4 Backed out 2 changesets (bug 1699627) for bc failures on browser_startup_content.js. 
Backed out changeset 02e74b497dfc (bug 1699627)
Backed out changeset 270e0f9613a6 (bug 1699627)
 2021-03-22 20:24:53 +02:00
Henrik Skupin
eb0d88ece3 Bug 1699627 - Use nsIMarionette service to get enabled state of Marionette within the Content Security Manager. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D109363
 2021-03-22 16:44:41 +00:00
Frederik Braun
1add12a8de Bug 1697163 - restrict systemprincipal telemetry to scripts and styles r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D107643
 2021-03-11 09:43:54 +00:00
Tom Ritter
74dd5a97d1 Bug 1688800: Carve out more edge cases for javascriptLoad restrictions, and let Telemetry ride the trains r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D103043
 2021-01-29 13:35:31 +00:00
Brindusan Cristian
a5ed964b85 Backed out changeset 2ade9dd19ad1 (bug 1688800) for build bustages at nsContentSecurityUtils.cpp. CLOSED TREE 2021-01-28 23:26:05 +02:00
Tom Ritter
c160087454 Bug 1688800: Carve out more edge cases for javascriptLoad restrictions, and let Telemetry ride the trains r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D103043
 2021-01-28 20:40:40 +00:00