nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
868473 commits 1 branch 98 tags 6.4 GiB
Commit graph

58 commits

Author SHA1 Message Date
Magnus Melin
3c40cbe913 Bug 1819592 - Don't set Sec- headers for system requests. r=freddyb,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D180932
 2023-07-23 10:49:31 +00:00
CanadaHonk
bfafc3d345 Bug 1806256 - Fix Sec-Fetch-Dest header value for WebSockets r=freddyb 
Sec-Fetch-Dest for WebSockets should be "empty", not "websocket"
(not a spec value, see https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header)

Differential Revision: https://phabricator.services.mozilla.com/D181816
 2023-06-26 16:09:59 +00:00
Stanca Serban
a155a2af57 Backed out changeset 0b98f19ab7c1 (bug 1806256) for causing mochitests failures in test_websocket.html. CLOSED TREE 2023-06-26 18:58:41 +03:00
CanadaHonk
b2f1e587be Bug 1806256 - Fix Sec-Fetch-Dest header value for WebSockets r=freddyb 
Sec-Fetch-Dest for WebSockets should be "empty", not "websocket"
(not a spec value, see https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header)

Differential Revision: https://phabricator.services.mozilla.com/D181816
 2023-06-26 14:06:53 +00:00
sunil mayya
a35b81e828 Bug 1816918 - pass ClientInfo via IPC while creating webtransport session. r=necko-reviewers,jesup 
Differential Revision: https://phabricator.services.mozilla.com/D173115
 2023-03-31 03:54:20 +00:00
Sandor Molnar
5f41905362 Backed out changeset 9fda7af76207 (bug 1816918) for causing build bustage in dom/webtransport/parent/WebTransportParent.cpp CLOSED TREE 2023-03-30 08:36:21 +03:00
sunil mayya
3c35233ee6 Bug 1816918 - pass ClientInfo via IPC while creating webtransport session. r=necko-reviewers,jesup 
Differential Revision: https://phabricator.services.mozilla.com/D173115
 2023-03-30 04:46:54 +00:00
Norisz Fay
0dd2f35ce7 Backed out changeset 2ce4fba56cf7 (bug 1816918) for causing bustage on WebTransportParent.cpp 2023-03-28 21:48:35 +03:00
sunil mayya
0ece05ba82 Bug 1816918 - pass ClientInfo via IPC while creating webtransport session. r=necko-reviewers,jesup 
Differential Revision: https://phabricator.services.mozilla.com/D173115
 2023-03-28 16:53:23 +00:00
Sandor Molnar
f2ead1f335 Backed out changeset db2b968157d6 (bug 1816918) for causing xpc assertion failures in mozilla/Maybe.h CLOSED TREE 2023-03-28 05:30:53 +03:00
sunil mayya
4f907068d8 Bug 1816918 - pass ClientInfo via IPC while creating webtransport session. r=necko-reviewers,jesup 
Differential Revision: https://phabricator.services.mozilla.com/D173115
 2023-03-28 01:39:23 +00:00
Iulian Moraru
fa6cfbe289 Backed out changeset 57f13fcb6953 (bug 1816918) for causing build bustages on WebTransportParent.cpp. CLOSED TREE 2023-03-27 18:03:33 +03:00
sunil mayya
3497e2d7c9 Bug 1816918 - pass ClientInfo via IPC while creating webtransport session. r=necko-reviewers,jesup 
Differential Revision: https://phabricator.services.mozilla.com/D173115
 2023-03-27 12:35:44 +00:00
Christoph Kerschbaumer
0866d5a7c5 Bug 1813489: Remove pref dom.security.secFetch.enabled, r=dveditz 
Differential Revision: https://phabricator.services.mozilla.com/D168229
 2023-01-31 15:47:07 +00:00
Yulia Startsev
1c5ad3e91d Bug 1247687 - Implement csp for Module Workers; r=evilpie,asuth,rpl,ckerschb 
Depends on D155691

Differential Revision: https://phabricator.services.mozilla.com/D156102
 2023-01-18 13:46:33 +00:00
Norisz Fay
8cf029b070 Backed out 15 changesets (bug 1247687) as requested by dev CLOSED TREE 
Backed out changeset 81d052cabf84 (bug 1247687)
Backed out changeset d698041e5174 (bug 1247687)
Backed out changeset 2adf67f910e8 (bug 1247687)
Backed out changeset 0bc871906e97 (bug 1247687)
Backed out changeset 1700d5b79273 (bug 1247687)
Backed out changeset 31888ffde37a (bug 1247687)
Backed out changeset 9153182c650d (bug 1247687)
Backed out changeset 45de9ffeec19 (bug 1247687)
Backed out changeset 59207e959b7c (bug 1247687)
Backed out changeset 49f18430c465 (bug 1247687)
Backed out changeset 0ae1fd421d4f (bug 1247687)
Backed out changeset 7770ec4717fd (bug 1247687)
Backed out changeset 68b476066248 (bug 1247687)
Backed out changeset c94a9dc60dff (bug 1247687)
Backed out changeset 0ab366c6eaaf (bug 1247687)
 2022-12-21 10:48:15 +02:00
Yulia Startsev
dcbacd54c8 Bug 1247687 - Implement csp for Module Workers; r=evilpie,asuth,rpl,ckerschb 
Depends on D155691

Differential Revision: https://phabricator.services.mozilla.com/D156102
 2022-12-20 20:56:15 +00:00
Csoregi Natalia
c382c6a7ca Backed out 16 changesets (bug 1247687) for frequent string bundle related crashes with PDF viewer (bug 1806064). a=backout 
Backed out changeset 721f612fd09f (bug 1247687)
Backed out changeset c6c5750cf713 (bug 1247687)
Backed out changeset 5d05ab0c7cde (bug 1247687)
Backed out changeset 2429599729cb (bug 1247687)
Backed out changeset 55f13fb4ee3f (bug 1247687)
Backed out changeset 354711cf113a (bug 1247687)
Backed out changeset 40b8abaf1c0b (bug 1247687)
Backed out changeset 0c9650a1ac48 (bug 1247687)
Backed out changeset e7b103c79b1a (bug 1247687)
Backed out changeset 4dbd510fb042 (bug 1247687)
Backed out changeset 9276c7e1ddd9 (bug 1247687)
Backed out changeset 6ee318df6641 (bug 1247687)
Backed out changeset 6c129bd72b61 (bug 1247687)
Backed out changeset 4b0a4fcc6894 (bug 1247687)
Backed out changeset 34680059b9f0 (bug 1247687)
Backed out changeset 85b827971a48 (bug 1247687)
 2022-12-17 11:27:32 +02:00
Yulia Startsev
4916e53611 Bug 1247687 - Implement csp for Module Workers; r=evilpie,asuth,rpl,ckerschb 
Depends on D155691

Differential Revision: https://phabricator.services.mozilla.com/D156102
 2022-12-14 14:55:38 +00:00
Benjamin VanderSloot
066e83f229 Bug 1793647, part 1 - Create new Sec-Fetch-Dest value for WebIdentity (FedCM), r=freddyb,webdriver-reviewers,whimboo 
This is to keep up with WHATWG Fetch https://github.com/whatwg/fetch/pull/1495 .
Also revised to not include the new destination type in the RequestDestination enum, per https://github.com/whatwg/fetch/pull/1500 .

I added an element to nsIContentPolicy::nsContentPolicyType as my starting point and
proceeded from there, following the instructions at the end of the internal enum.

Differential Revision: https://phabricator.services.mozilla.com/D158657
 2022-10-17 16:07:50 +00:00
Emilio Cobos Álvarez
685321b746 Bug 1755947 - Simplify nsIPrincipal.isSameOrigin(). r=bholley 
Differential Revision: https://phabricator.services.mozilla.com/D139030
 2022-02-17 18:11:58 +00:00
Niklas Goegge
5ef444d868 Bug 1732069: Consider loopback origin for Sec-Fetch-Site: same-site r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D129152
 2021-11-04 08:56:29 +00:00
Niklas Goegge
d9e823a6f5 Bug 1725173: Add sec-fetch tests for extension content scripts. r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D122361
 2021-09-29 09:42:49 +00:00
Byron Campen
b67cbe0b60 Bug 1702417: Test case for bug. r=freddyb,mixedpuppy,necko-reviewers 
We add the new content policy here, but leave the behavior as TYPE_OTHER, so
we can verify that the new test fails before the fix is applied.

Differential Revision: https://phabricator.services.mozilla.com/D124965
 2021-09-13 18:20:10 +00:00
Niklas Goegge
f83b599385 Bug 1722703: Consider requests from extension with access to the requested site as Sec-Fetch-Site: 'same-origin'. r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D121600
 2021-08-05 10:35:45 +00:00
Sandor Molnar
59f2477c8f Backed out changeset 04ebee77f0ad (bug 1722703) for causing clang build bustage. CLOSED TREE 2021-08-04 23:37:35 +03:00
Niklas Goegge
b6f2cf017a Bug 1722703: Consider requests from extension with access to the requested site as Sec-Fetch-Site: 'same-origin'. r=ckerschb,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D121600
 2021-08-04 18:55:19 +00:00
Niklas Goegge
f25f0736d9 Bug 1722044: Consider loads from external applications as user triggered. r=ckerschb,annevk 
Differential Revision: https://phabricator.services.mozilla.com/D120963
 2021-08-04 13:04:37 +00:00
Mats Palmgren
58a3ef1c19 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-14 01:22:06 +00:00
Butkovits Atila
ed3da455ae Backed out 7 changesets (bug 1542807) for causing failures at inert-retargeting-iframe.tentative.html. CLOSED TREE 
Backed out changeset e9ef32fa2f2e (bug 1542807)
Backed out changeset 8fa0cb199975 (bug 1542807)
Backed out changeset 38daf64afe59 (bug 1542807)
Backed out changeset e3aee052c495 (bug 1542807)
Backed out changeset a71056d4c7cc (bug 1542807)
Backed out changeset cf91e7d0a37f (bug 1542807)
Backed out changeset eee949e5fd67 (bug 1542807)
 2021-06-12 01:38:25 +03:00
Mats Palmgren
2047e29464 Bug 1542807 part 5 - Don't apply CSP rules for the document to fonts loaded from User and UserAgent origin sheets. r=ckerschb 
As for document.fonts, I don't think we intentionally meant to apply
CSP to User/UserAgent fonts.  The document certainly has no authority
to block those from loading.  (We already have a separate principal
for these which is further evidence that this was unintentional
and we can use the same bit (mUseOriginPrincipal) to avoid CSP.)

Differential Revision: https://phabricator.services.mozilla.com/D111695
 2021-06-11 18:10:39 +00:00
Niklas Goegge
643d999174 Bug 1648825 - Ensure that Sec-Fetch-Site is only 'none' if the load was user triggered. r=ckerschb,marionette-reviewers,whimboo 
Differential Revision: https://phabricator.services.mozilla.com/D109643
 2021-05-25 17:37:08 +00:00
Andreea Pavel
87ae6eae9f Backed out 3 changesets (bug 1695911, bug 1648825) for bc failures at browser_navigation.js on a CLOSED TREE 
Backed out changeset 1d7e78cac600 (bug 1695911)
Backed out changeset d90566e41269 (bug 1648825)
Backed out changeset 5aece2a17f5d (bug 1648825)
 2021-05-20 18:59:30 +03:00
Niklas Goegge
f361b2288f Bug 1648825 - Ensure that Sec-Fetch-Site is only 'none' if the load was user triggered. r=ckerschb,marionette-reviewers,whimboo 
Differential Revision: https://phabricator.services.mozilla.com/D109643
 2021-05-20 11:06:11 +00:00
Niklas Goegge
35b1cdb734 Bug 1703466 - Set sec-fetch-site to 'none' for browser issued requests. r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D111792
 2021-04-13 11:18:25 +00:00
Niklas Goegge
abde84c961 Bug 1698767 - Use ExtContentPolicyType instead of InternalContentPolicyType in SecFetch::IsUserTriggeredForSecFetchSite r=ckerschb 
The internal content policy type of `TYPE_INTERNAL_IFRAME` gets mapped to `ExtContentPolicy::TYPE_SUBDOCUMENT`, so there is no need to use the internal type.

Differential Revision: https://phabricator.services.mozilla.com/D108640
 2021-03-17 11:43:34 +00:00
Niklas Gögge
ed5eaf624b Bug 1647128 - Detect webby navs caused by meta refreshes in IsUserTriggeredForSecFetchSite check r=necko-reviewers,ckerschb,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D108035
 2021-03-17 11:42:55 +00:00
Masatoshi Kimura
54c1b8dee1 Bug 1687108 - Remove unused content policy types. r=ckerschb,remote-protocol-reviewers,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D102083
 2021-01-19 09:42:13 +00:00
Masatoshi Kimura
a29e207781 Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-15 12:07:16 +00:00
Narcis Beleuzu
0322452233 Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE 2021-01-15 04:04:37 +02:00
Masatoshi Kimura
b384f14cde Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-15 04:02:41 +02:00
Dorel Luca
9ed19e2828 Backed out changeset a52961071dcd (bug 1685900) for Build bustage in nsContentSecurityManager.cpp. CLOSED TREE 2021-01-15 02:45:34 +02:00
Masatoshi Kimura
87e50835c4 Bug 1685900 - Split internal and external contentPolicyType. r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D101271
 2021-01-14 20:44:54 +00:00
Andi-Bogdan Postelnicu
5e91efd61f Bug 1626555 - Add dom/security to the list of non-unified-build-compatible directories. r=sg 
Differential Revision: https://phabricator.services.mozilla.com/D96427
 2020-11-09 21:03:52 +00:00
Brindusan Cristian
ca85f574a0 Backed out changeset 3a087ad91d30 (bug 1626555) for build bustages. CLOSED TREE 2020-11-09 21:09:33 +02:00
Andi-Bogdan Postelnicu
6ffdaf663d Bug 1626555 - Add dom/security to the list of non-unified-build-compatible directories. r=sg 
Differential Revision: https://phabricator.services.mozilla.com/D96427
 2020-11-09 17:57:01 +00:00
Frederik Braun
6c85c74f16 Bug 1655716 - Introduce TYPE_INTERNAL_FETCH_PRELOAD and use in HTMLLinkElement::AsValueToContentPolicy() - r=emilio,mayhemer,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D85980
 2020-08-11 12:33:14 +00:00
Frederik Braun
7c16ddcc54 Bug 1655714 - Add TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT and use in TryCacheLoadAndCompileScript(), r=kmag 
The main point of this change is to not use TYPE_OTHER in `TryCacheLoadAndCompileScript()`,
for extra clarity, we're not using a catch-all TYPE_INTERNAL_SCRIPT.
This is why the changeset introduces a new type TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT
which in itself adds lots of changes to various files.

Differential Revision: https://phabricator.services.mozilla.com/D85977
 2020-08-10 09:04:37 +00:00
Frederik Braun
887dadabf0 Bug 1648764 - map chromescripts into their own internal contentpolicytype r=ckerschb,smaug 
Differential Revision: https://phabricator.services.mozilla.com/D81336
 2020-07-24 11:52:02 +00:00
Frederik Braun
a7153982e8 Bug 1366973: Rename security flags to not contain DATA anymore r=geckoview-reviewers,ckerschb,snorp 
Differential Revision: https://phabricator.services.mozilla.com/D83490
 2020-07-15 11:20:45 +00:00