This is a partial revert of:
https://phabricator.services.mozilla.com/D80905
The regressing patch does 2 things:
- Add an origin header-implementation that fills in current blank spots, and implements global redirect tainting.
- Remove the fetchdriver origin header implementation -> which would trigger the new one to take place for those cases.
The patch did block-list moz-extension://, so we would get null-origin for extensions.
My proposal is to just revert the removal of the fetch driver changes for now.
Pro:
- the extensions get their expected origin,
- we keep filling in blank spots
- we will be handling redirects correctly even for fetch-driver set origin headers[[ https://bugzilla.mozilla.org/show_bug.cgi?id=1535795 | which was a problem before ]]
- it's a way smaller changeset than removing the whole patch.
Cons:
- we have one more place for now where the header is set :(
Differential Revision: https://phabricator.services.mozilla.com/D104668
We need to extract the common method into the idl since the connection between necko
and XHR is idl. Need to import the whole necko if we do something like
`#include "HttpBaseChannel.h"
Differential Revision: https://phabricator.services.mozilla.com/D78830
Currently, the worker's COEP is saved in WorkerPrivate and not be respected when loading resources in workers.
This patch adds an attribute loadingEmbedderPolicy in nsILoadInfo, which indicates the COEP header the loading must be respected.
The default value of loadingEmbedderPolicy is nsILoadInfo::EMBEDDER_POLICY_NULL.
loadingEmbedderPolicy is initialized with the COEP of the BrowsingContext used for creating LoadInfo.
And it could be set to other value when fetch in workers.
Differential Revision: https://phabricator.services.mozilla.com/D73690
Given that we are going to add ContentBlockingAllowList in
CookieSettings, so CookieSettings will be responsible for more stuff than the
cookie behavior and cookie permission. We should use a proper name to
reflect the purpose of it. The name 'CookieSettings' is misleading that
this is only for cookie related stuff. So, we decide to rename
'CookieSettins' to 'CookieJarSettings' which serves better meaning here.
Differential Revision: https://phabricator.services.mozilla.com/D63935
--HG--
rename : netwerk/cookie/CookieSettings.cpp => netwerk/cookie/CookieJarSettings.cpp
rename : netwerk/cookie/nsICookieSettings.idl => netwerk/cookie/nsICookieJarSettings.idl
extra : moz-landing-system : lando
Spec change brief:
A request-body-header name is a header name that is a byte-case-insensitive match for one of:
- Content-Encoding
- Content-Language
- Content-Location
- Content-Type
If one of the following is true
1. actualResponse ’s status is 301 or 302 and request ’s method is POST
1. actualResponse ’s status is 303 and request ’s method is not GET or HEAD
then set then:
1. Set request ’s method to GET and request ’s body to null.
1. For each headerName of request-body-header name , delete headerName from request ’s header list .
Differential Revision: https://phabricator.services.mozilla.com/D55887
--HG--
extra : moz-landing-system : lando
The inclusions were removed with the following very crude script and the
resulting breakage was fixed up by hand. The manual fixups did either
revert the changes done by the script, replace a generic header with a more
specific one or replace a header with a forward declaration.
find . -name "*.idl" | grep -v web-platform | grep -v third_party | while read path; do
interfaces=$(grep "^\(class\|interface\).*:.*" "$path" | cut -d' ' -f2)
if [ -n "$interfaces" ]; then
if [[ "$interfaces" == *$'\n'* ]]; then
regexp="\("
for i in $interfaces; do regexp="$regexp$i\|"; done
regexp="${regexp%%\\\|}\)"
else
regexp="$interfaces"
fi
interface=$(basename "$path")
rg -l "#include.*${interface%%.idl}.h" . | while read path2; do
hits=$(grep -v "#include.*${interface%%.idl}.h" "$path2" | grep -c "$regexp" )
if [ $hits -eq 0 ]; then
echo "Removing ${interface} from ${path2}"
grep -v "#include.*${interface%%.idl}.h" "$path2" > "$path2".tmp
mv -f "$path2".tmp "$path2"
fi
done
fi
done
Differential Revision: https://phabricator.services.mozilla.com/D55442
--HG--
extra : moz-landing-system : lando
The inclusions were removed with the following very crude script and the
resulting breakage was fixed up by hand. The manual fixups did either
revert the changes done by the script, replace a generic header with a more
specific one or replace a header with a forward declaration.
find . -name "*.idl" | grep -v web-platform | grep -v third_party | while read path; do
interfaces=$(grep "^\(class\|interface\).*:.*" "$path" | cut -d' ' -f2)
if [ -n "$interfaces" ]; then
if [[ "$interfaces" == *$'\n'* ]]; then
regexp="\("
for i in $interfaces; do regexp="$regexp$i\|"; done
regexp="${regexp%%\\\|}\)"
else
regexp="$interfaces"
fi
interface=$(basename "$path")
rg -l "#include.*${interface%%.idl}.h" . | while read path2; do
hits=$(grep -v "#include.*${interface%%.idl}.h" "$path2" | grep -c "$regexp" )
if [ $hits -eq 0 ]; then
echo "Removing ${interface} from ${path2}"
grep -v "#include.*${interface%%.idl}.h" "$path2" > "$path2".tmp
mv -f "$path2".tmp "$path2"
fi
done
fi
done
Differential Revision: https://phabricator.services.mozilla.com/D55442
--HG--
extra : moz-landing-system : lando
ReferrerPolicy gets tossed back and forth as a uint32_t and
ReferrerPolicy enum in header file. Expose ReferrerPolicyValues from
webidl file and use consistently in native code.
Differential Revision: https://phabricator.services.mozilla.com/D41954
--HG--
extra : moz-landing-system : lando
In the old way, if referrer is ommited we will not be able to go to
download page. In that case, we should use originalReferrer in
ReferrerInfo object
Differential Revision: https://phabricator.services.mozilla.com/D39875
--HG--
extra : moz-landing-system : lando
(a) Substitute Cross-Origin header with COEP
(b) Forcing cors in FetchDriver is removed since COEP doesn't need to IIUC
Differential Revision: https://phabricator.services.mozilla.com/D38788
--HG--
extra : moz-landing-system : lando
This requires replacing inclusions of it with inclusions of more specific prefs
files.
The exception is that StaticPrefsAll.h, which is equivalent to StaticPrefs.h,
and is used in `Codegen.py` because doing something smarter is tricky and
suitable for a follow-up. As a result, any change to StaticPrefList.yaml will
still trigger recompilation of all the generated DOM bindings files, but that's
still a big improvement over trigger recompilation of every file that uses
static prefs.
Most of the changes in this commit are very boring. The only changes that are
not boring are modules/libpref/*, Codegen.py, and ServoBindings.toml.
Differential Revision: https://phabricator.services.mozilla.com/D39138
--HG--
extra : moz-landing-system : lando
For requests without credentials, add wildcard to Access-Control-Expose-Headers.
Differential Revision: https://phabricator.services.mozilla.com/D36624
--HG--
extra : moz-landing-system : lando
