nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
798482 commits 1 branch 98 tags 6.4 GiB
Commit graph

318 commits

Author SHA1 Message Date
Manuel Bucher
14dd2f26fc Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D144798
 2022-06-15 09:59:44 +00:00
Tom Schuster
3b08086654 Bug 1773667 - Add console logging for file:// script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D148899
 2022-06-13 08:02:13 +00:00
Tom Schuster
4b2a9f4fe1 Bug 1773667 - Perform file URI script check after other checks. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D148898
 2022-06-13 08:02:13 +00:00
Molnar Sandor
1fc858a96d Backed out 5 changesets (bug 1761242, bug 1744822, bug 1761252) for causing browser-chrome failures in netwerk/test/browser/browser_103_assets.js CLOSED TREE 
Backed out changeset 33cc08eb51b3 (bug 1744822)
Backed out changeset b70697d24e75 (bug 1761252)
Backed out changeset 4a5e10110c6a (bug 1761242)
Backed out changeset 7cda175b833d (bug 1761242)
Backed out changeset 4f5ed111093b (bug 1761242)
 2022-06-08 18:56:35 +03:00
Manuel Bucher
35abf46688 Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D144798
 2022-06-08 14:33:10 +00:00
Tom Schuster
b9f2fe59ee Bug 1770395 - Telemetry for file protocol script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D146902
 2022-05-25 17:07:56 +00:00
Frederik Braun
c2181f7a67 Bug 1767581 - restrict loads of http/https scripts in the privilegedabout process r=dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D145978
 2022-05-23 20:22:52 +00:00
Frederik Braun
0aeb0900a2 Bug 1767581 - refactor systemprincipal restrictions, disallow loads without finaluri r=ckerschb,tjr 
This is a bit of a refactor.
We'll keep the spagetthi code for existing checks, to be able
to easily iterate and pref-flip if things fail later in the cycle.
This also resolves bug 1638770 and removes the "disallow all"
-pref that proved not be a useful approach anyway.

Differential Revision: https://phabricator.services.mozilla.com/D145411
 2022-05-23 20:22:52 +00:00
Tom Schuster
c41e3ff3ad Bug 1760024 - Add a pref for checking file:// script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D146069
 2022-05-13 11:13:09 +00:00
Tom Schuster
82ba338d5a Bug 1760024 - Enforce a correct MIME type for file:// script loads. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D143608
 2022-05-06 10:51:42 +00:00
Frederik Braun
b7e76370ff Bug 1767954 - csmlog should include process type r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D145575
 2022-05-05 12:46:47 +00:00
Frederik Braun
e0e7fe2c04 Bug 1767395 disallow loading http/https scripts for systemprincipal r=ckerschb,tjr 
This copies over the behavior for style & subdocument restrictions.
Admittedly, with this if/else spagetthi, it would be preferable to
turn this into restriction levels or lump some of the known-to-be-safe
prefs together, but I would prefer we wait a couple of cycles to
make sure this makes it all the way to release before we refactor.

Differential Revision: https://phabricator.services.mozilla.com/D145306
 2022-05-03 15:28:34 +00:00
Nika Layzell
001c77587c Bug 1746115 - Perform data URI blocking from DocumentLoadListener, r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D138213
 2022-02-11 16:34:24 +00:00
Sylvestre Ledru
98949ee751 Bug 1754767 - Remove duplicate includes r=media-playback-reviewers,padenot 
Differential Revision: https://phabricator.services.mozilla.com/D138441
 2022-02-11 10:01:15 +00:00
lyavor
11c0f63d58 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-20 14:14:10 +00:00
criss
7003e86117 Backed out 2 changesets (bug 1745650) for causing build bustages on browser_download_slow. CLOSED TREE 
Backed out changeset 32bac3160aa5 (bug 1745650)
Backed out changeset 336d3cfecad2 (bug 1745650)
 2022-01-17 15:53:10 +02:00
lyavor
0159626046 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-17 13:19:42 +00:00
Cristian Tuns
cb6d193f17 Backed out 2 changesets (bug 1745650) for causing mochitest failures on browser_slow_download.js CLOSED TREE 
Backed out changeset 98712a0ace1e (bug 1745650)
Backed out changeset efb69ab57dc9 (bug 1745650)
 2022-01-14 08:02:45 -05:00
lyavor
68ea9d8493 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-14 11:53:20 +00:00
Cristian Tuns
98a512a1b6 Backed out 2 changesets (bug 1745650) for causing mochitest failures on browser_slow_download.js CLOSED TREE 
Backed out changeset 7f7864031ae3 (bug 1745650)
Backed out changeset 23081f3b923f (bug 1745650)
 2022-01-07 08:07:51 -05:00
lyavor
8b1cb2caad Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-07 12:18:32 +00:00
Csoregi Natalia
2f0f82ae58 Backed out 2 changesets (bug 1745650) for failures on browser_slow_download.js. CLOSED TREE 
Backed out changeset f94ea51101a1 (bug 1745650)
Backed out changeset dd8809f8bb92 (bug 1745650)
 2022-01-03 20:24:32 +02:00
lyavor
1f39d39c47 Bug 1745650 - If a download upgrades to https via httpsFirst-/httpsOnly - mode it fails. r=ckerschb,necko-reviewers,dragana 
Differential Revision: https://phabricator.services.mozilla.com/D133882
 2022-01-03 17:25:45 +00:00
Nils
3c79233da8 Bug 1740294: Fix typo "then then" -> "then" r=mhentges 
Instances of the typo that have been imported from other repositories have been left unchanged.

Differential Revision: https://phabricator.services.mozilla.com/D130561
 2021-11-09 17:36:40 +00:00
Frederik Braun
3bb6563d9e Bug 1735476 - MOZ_LOG=CSMLog emits contentsecuritycheck as valid yaml r=ckerschb 
This commit changes the MOZ_LOG to make the yaml easier to parse,
addressing various shortcomings:

- Firstly, the yaml "document" for a check was an array of dictionaries
  that each contained a single key/value pair. It's now a big dictionary
  containing lots of key/value pairs instead.
- Indentation was wrong for some of the attributes of the content
  security check
- The name key-name for https-only flags was oddly cased

This changeset resolves all of these shortcomings.

Differential Revision: https://phabricator.services.mozilla.com/D128463
 2021-10-14 11:50:50 +00:00
Frederik Braun
f4e0c8a772 Bug 1735117 - Restrict systemprincipal from loading type *STYLESHEET* via HTTP, HTTPS r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D128057
 2021-10-12 07:42:14 +00:00
Frederik Braun
a953ebd94a Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-10-04 11:09:15 +00:00
Frederik Braun
70fd288cc6 Bug 1732896 - expand script,style collection to type document r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D126780
 2021-09-28 15:50:08 +00:00
criss
97908bee81 Backed out changeset 60edafe5dcc3 (bug 1731025) for causing failures on ServoUtils.h:33 and browser_preferences_usage.js. CLOSED TREE 2021-09-20 14:19:48 +03:00
Frederik Braun
4c092a56f5 Bug 1731025 - systemprincipal telemetry for userChrome.css profiles (and avoid racing with pref checks) r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D125804
 2021-09-20 08:58:55 +00:00
Byron Campen
b67cbe0b60 Bug 1702417: Test case for bug. r=freddyb,mixedpuppy,necko-reviewers 
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.

Differential Revision: https://phabricator.services.mozilla.com/D124965
 2021-09-13 18:20:10 +00:00
Frederik Braun
0d6ba1700d Bug 1725339 - Restrict systemprincipal from loading type *SUBDOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-23 09:23:25 +00:00
Marian-Vasile Laza
c86473eec6 Backed out changeset ed0cca70a9a5 (bug 1725339) for causing failures on nsContentSecurityManager. CLOSED TREE 2021-08-16 11:32:15 +03:00
Frederik Braun
e3dbac69c7 Bug 1725339 - Restrict systemprincipal from loading type *DOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D122420
 2021-08-16 08:00:17 +00:00
Frederik Braun
9294e89efa Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=ckerschb,tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-10 12:41:02 +00:00
Marian-Vasile Laza
671452f263 Backed out changeset 24284cf9d4da (bug 1723998) for causing GTest failures. CLOSED TREE 2021-08-06 12:16:11 +03:00
Frederik Braun
f6cd6f8e0b Bug 1723998 - Refactor jshacks detection and adapt for use in system principal telemetry r=tjr 
Differential Revision: https://phabricator.services.mozilla.com/D121838
 2021-08-06 08:12:47 +00:00
Alexandru Michis
88d34a31f5 Backed out changeset 19de2822bc0c (bug 1711168) for causing Bug 1719063. 
CLOSED TREE
 2021-07-08 22:56:34 +03:00
Christoph Kerschbaumer
3860b64792 Bug 1718034: Add and include logging for https-first mode to the ContentSecurityManager r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D118707
 2021-06-24 12:32:23 +00:00
Shane Caraveo
7a0db3609f Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2021-06-23 21:52:38 +00:00
Mats Palmgren
58a3ef1c19 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-14 01:22:06 +00:00
Butkovits Atila
ed3da455ae Backed out 7 changesets (bug 1542807) for causing failures at inert-retargeting-iframe.tentative.html. CLOSED TREE 
Backed out changeset e9ef32fa2f2e (bug 1542807)
Backed out changeset 8fa0cb199975 (bug 1542807)
Backed out changeset 38daf64afe59 (bug 1542807)
Backed out changeset e3aee052c495 (bug 1542807)
Backed out changeset a71056d4c7cc (bug 1542807)
Backed out changeset cf91e7d0a37f (bug 1542807)
Backed out changeset eee949e5fd67 (bug 1542807)
 2021-06-12 01:38:25 +03:00
Mats Palmgren
2047e29464 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-11 18:10:39 +00:00
Frederik Braun
5b4bb711be Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-11 08:27:47 +00:00
Sandor Molnar
c5f7ff6b65 Backed out changeset fda42a745baf (bug 1708114) for causing Gtest failures in UnexpectedPrivilegedLoadsTelemetryTest. CLOSED TREE 2021-05-04 18:13:00 +03:00
Frederik Braun
886cc45e9a Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D113763
 2021-05-04 13:04:18 +00:00
Shane Caraveo
7601b1edfd Bug 1700762 iframe sandboxed extensions pages are allowed to load their own resources r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D100834
 2021-03-26 15:27:19 +00:00
Cosmin Sabou
1b347c5c49 Backed out 2 changesets (bug 1699627) for bc failures on browser_startup_content.js. 
Backed out changeset 02e74b497dfc (bug 1699627)
Backed out changeset 270e0f9613a6 (bug 1699627)
 2021-03-22 20:24:53 +02:00
Henrik Skupin
f01757f544 Bug 1699627 - Use nsIMarionette service to get enabled state of Marionette within the Content Security Manager. r=freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D109363
 2021-03-22 16:44:41 +00:00
Frederik Braun
2100e901b0 Bug 1697163 - restrict systemprincipal telemetry to scripts and styles r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D107643
 2021-03-11 09:43:54 +00:00