searching for reviewer(ckerschb)
3b42f1a5097a3ea23d91740ffd3bac899d128952: Bug 1405971 - Strip existing disallowed schemes in Origin header. r=JuniorHsu,ckerschb
Tom Schuster <evilpies@gmail.com> - Thu, 14 Nov 2019 18:11:16 +0000 - rev 502014
Push 36805 by aiakab@mozilla.com at Fri, 15 Nov 2019 09:53:19 +0000
Bug 1405971 - Strip existing disallowed schemes in Origin header. r=JuniorHsu,ckerschb Differential Revision: https://phabricator.services.mozilla.com/D39781
09a0252278f8bcd493345f2e05179f78f16e5a10: Bug 1594004 - Enable CacheSplit on nightly r=ckerschb,annevk
Sebastian Streich <sstreich@mozilla.com> - Wed, 13 Nov 2019 12:11:30 +0000 - rev 501735
Push 36800 by btara@mozilla.com at Thu, 14 Nov 2019 05:51:12 +0000
Bug 1594004 - Enable CacheSplit on nightly r=ckerschb,annevk Differential Revision: https://phabricator.services.mozilla.com/D51815
35436d4e7917bf9d9b96a6173201ca001a8ff7bc: Bug 1591932 - Enable Sniffing on No Mime+ XCTO nosniff r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Wed, 13 Nov 2019 12:12:34 +0000 - rev 501734
Push 36799 by btara@mozilla.com at Wed, 13 Nov 2019 21:50:41 +0000
Bug 1591932 - Enable Sniffing on No Mime+ XCTO nosniff r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50816
a4e17e19b2078866776be8a8998aafed47e4aad1: Bug 1595541 - enable test_same_site_cookies_laxByDefault with fission r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 12 Nov 2019 07:50:25 +0000 - rev 501551
Push 36795 by malexandru@mozilla.com at Tue, 12 Nov 2019 21:49:46 +0000
Bug 1595541 - enable test_same_site_cookies_laxByDefault with fission r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D52552
c07d058d206cf71d16f85bf2294e1265b402ee18: Bug 1594166 - Dont do nsContentSecurityManager checks for internal redirects. r=baku,ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Thu, 07 Nov 2019 19:13:59 +0000 - rev 501145
Push 36781 by csabou@mozilla.com at Fri, 08 Nov 2019 05:21:04 +0000
Bug 1594166 - Dont do nsContentSecurityManager checks for internal redirects. r=baku,ckerschb We fail this during test_invalid_mime_type_blob.html when using DocumentChannel for blobs without this. DocumentChannelChild reports an internal redirect as it replaces itself with the real channel (BlobURLChannel), and we fail the CheckLoadURIWithPrincipal checks. The old channel has a null principal (due to being a sandboxed iframe), and we compare that to the blob principal computed from the URI, which is a normal content principal. Differential Revision: https://phabricator.services.mozilla.com/D51905
d3acb5c52fc6576021bd90fad805ffea0d0b11c3: Bug 1592701 - Remove usage of GetURI in nsGlobalWindowInner r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 07 Nov 2019 13:42:37 +0000 - rev 501077
Push 36779 by csabou@mozilla.com at Thu, 07 Nov 2019 21:53:15 +0000
Bug 1592701 - Remove usage of GetURI in nsGlobalWindowInner r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D51258
d6410f35a1f2f4a733dcbea6ccdad68740bab79c: Bug 1585000 - Enable Samesite Cookies for Fission r=ckerschb,farre
Sebastian Streich <sstreich@mozilla.com> - Tue, 05 Nov 2019 09:39:13 +0000 - rev 500540
Push 36766 by aiakab@mozilla.com at Tue, 05 Nov 2019 16:16:12 +0000
Bug 1585000 - Enable Samesite Cookies for Fission r=ckerschb,farre Differential Revision: https://phabricator.services.mozilla.com/D49424
ebc3ca33bc0cd34636b54999959db36b1454c6d5: Bug 1592975 - Re-enable XTCO per default r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 05 Nov 2019 09:39:22 +0000 - rev 500539
Push 36766 by aiakab@mozilla.com at Tue, 05 Nov 2019 16:16:12 +0000
Bug 1592975 - Re-enable XTCO per default r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D51292
23c113d65b48353d5ce085fd0c7f67d3604bd244: Bug 1587939 enforce addon content script CSP in eval r=ckerschb,robwu
Shane Caraveo <scaraveo@mozilla.com> - Fri, 01 Nov 2019 06:03:35 +0000 - rev 500084
Push 36754 by btara@mozilla.com at Fri, 01 Nov 2019 16:13:11 +0000
Bug 1587939 enforce addon content script CSP in eval r=ckerschb,robwu Differential Revision: https://phabricator.services.mozilla.com/D48924
53390b20df642d370124457623822d5dcde5a708: Bug 1581611 Part 2: apply content script csp r=robwu,ckerschb
Shane Caraveo <scaraveo@mozilla.com> - Fri, 01 Nov 2019 06:03:13 +0000 - rev 500083
Push 36754 by btara@mozilla.com at Fri, 01 Nov 2019 16:13:11 +0000
Bug 1581611 Part 2: apply content script csp r=robwu,ckerschb Manifest V3 functionality. This applies CSP on the webextension content scripts using either a default csp or an extension provided csp. It will remain pref'd off but is available for developers to test against, as well as for future validation of chrome compatibility. Differential Revision: https://phabricator.services.mozilla.com/D48107
e66da643d9bcbc594a9c09a99271ae4d9415e388: Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Wed, 30 Oct 2019 17:55:46 +0000 - rev 499841
Push 36749 by aiakab@mozilla.com at Thu, 31 Oct 2019 09:53:09 +0000
Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D51132
a3a5b8bf05dc9b91cbca15b1729c861e5ea5cae4: Bug 1586684 - Rewrite test_navigate_to.html to pass when fission enable r=ckerschb
Thomas Nguyen <tnguyen@mozilla.com> - Wed, 30 Oct 2019 17:14:56 +0000 - rev 499808
Push 36747 by aciure@mozilla.com at Wed, 30 Oct 2019 21:51:16 +0000
Bug 1586684 - Rewrite test_navigate_to.html to pass when fission enable r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D51096
8cce153f4722511b81123e289987a29c267b80fc: Bug 1584602 - Enforce eval restrictions in Workers and do not enforce restrictions in Release r=ckerschb
Tom Ritter <tom@mozilla.com> - Wed, 30 Oct 2019 15:21:57 +0000 - rev 499782
Push 36747 by aciure@mozilla.com at Wed, 30 Oct 2019 21:51:16 +0000
Bug 1584602 - Enforce eval restrictions in Workers and do not enforce restrictions in Release r=ckerschb This commit does two things. Firstly it enforces eval restrictions in Workers per Bug 1584602. We're collecting telemetry on these in Beta (and not seeing any) so we can let enforcement ride up to Beta. Secondly, it disables enforcement checks on Release (and late Beta, as explained in the comment) until we can gather data about what's happening in Release. This is a counterpart to Bug 1592349 for -central. We have two separate commits because the first part of this is a change in the same code and we'd have rebase problems if we tried to do them both separately. This does tie enforcement to a build-time constant instead of leaving it as a pref. This doesn't make me very happy inside, but I don't think the extra complexity is worth it... Differential Revision: https://phabricator.services.mozilla.com/D50970
a86e49e19b03e2c7e3f1bd4d41e97f74c92ad55b: Bug 1590917 - Extend telemetry of HTTP_CHANNEL_DISPOSITION_UPGRADE expiry to never r=ckerschb
Jonathan Kingston <jkt@mozilla.com> - Fri, 25 Oct 2019 16:33:54 +0000 - rev 499691
Push 36745 by ncsoregi@mozilla.com at Wed, 30 Oct 2019 05:03:08 +0000
Bug 1590917 - Extend telemetry of HTTP_CHANNEL_DISPOSITION_UPGRADE expiry to never r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50386
40d13b1dab183bd7821f6dcc091a79bcfc93b5c5: Bug 1590321 - Rewrite browser_test_referrer_loadInOtherProcess.js to work with fission enabled r=ckerschb
Thomas Nguyen <tnguyen@mozilla.com> - Mon, 28 Oct 2019 09:44:30 +0000 - rev 499411
Push 36740 by apavel@mozilla.com at Mon, 28 Oct 2019 16:08:07 +0000
Bug 1590321 - Rewrite browser_test_referrer_loadInOtherProcess.js to work with fission enabled r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50570
8e2882dd4caec9637e97d33eb3d1f4ca2461c815: Bug 1588461 - Added OA StripAttributes flag for privateBrowsingId. r=johannh,ckerschb
Paul Zuehlcke <pzuhlcke@mozilla.com> - Thu, 24 Oct 2019 14:18:54 +0000 - rev 498990
Push 36733 by dluca@mozilla.com at Fri, 25 Oct 2019 16:40:00 +0000
Bug 1588461 - Added OA StripAttributes flag for privateBrowsingId. r=johannh,ckerschb Differential Revision: https://phabricator.services.mozilla.com/D49174
9cfb573e3b2c09cd15b768520f129934c1fcceb7: Bug 1590322 - Enable Cache-Split-Test with fission r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 24 Oct 2019 14:50:06 +0000 - rev 498869
Push 36730 by btara@mozilla.com at Fri, 25 Oct 2019 03:46:30 +0000
Bug 1590322 - Enable Cache-Split-Test with fission r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50476
880dd7fed087a839f8e8ee351248a4e57e20a1b2: Bug 1590889: Stop warning on common failures in ThirdPartyUtil.cpp r=ckerschb
Dave Townsend <dtownsend@oxymoronical.com> - Thu, 24 Oct 2019 09:19:07 +0000 - rev 498833
Push 36729 by btara@mozilla.com at Thu, 24 Oct 2019 21:40:23 +0000
Bug 1590889: Stop warning on common failures in ThirdPartyUtil.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50365
57e190b02a52a557120f008fbc7fd2a305ba1096: Bug 1583700 - Pass the loading context of the cspToInherit when deserializing LoadInfo, since this isn't necessarily the same as the loading context of the LoadInfo. r=ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Tue, 22 Oct 2019 01:03:10 +0000 - rev 498605
Push 36722 by apavel@mozilla.com at Wed, 23 Oct 2019 09:48:16 +0000
Bug 1583700 - Pass the loading context of the cspToInherit when deserializing LoadInfo, since this isn't necessarily the same as the loading context of the LoadInfo. r=ckerschb Depends on D47358 Differential Revision: https://phabricator.services.mozilla.com/D47406
7ff126a6e02a5d048d3e149615bfa4397e62c05e: Bug 1583700 - Move CSP setup code to run in both processes. r=nika,ckerschb,mattwoodrow
Matt Woodrow <mwoodrow@mozilla.com> - Tue, 22 Oct 2019 01:03:18 +0000 - rev 498602
Push 36722 by apavel@mozilla.com at Wed, 23 Oct 2019 09:48:16 +0000
Bug 1583700 - Move CSP setup code to run in both processes. r=nika,ckerschb,mattwoodrow We want this to run in both processes so that we set the cspToInherit on the LoadInfo within the child as well as the parent. Differential Revision: https://phabricator.services.mozilla.com/D47355
c989dfe0d8132c9a46fb8606251cb7b9387f7b54: Bug 1585664 - Add GetAsciiSpecForLogging and update callers r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 22 Oct 2019 16:03:27 +0000 - rev 498587
Push 36721 by ccoroiu@mozilla.com at Wed, 23 Oct 2019 04:12:03 +0000
Bug 1585664 - Add GetAsciiSpecForLogging and update callers r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47909
47d7c18620c845c3a42610fea5468ccc50889bae: Bug 1590318 - Make browser_test_FTP_console_warning.js fission ready r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 22 Oct 2019 16:20:11 +0000 - rev 498579
Push 36720 by ccoroiu@mozilla.com at Tue, 22 Oct 2019 21:43:14 +0000
Bug 1590318 - Make browser_test_FTP_console_warning.js fission ready r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50075
4d52d68c7c46b3719f5b50e5f7c6142680f5ede8: Bug 1583553 - Make browser_CORS-console-warnings.js fission ready r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 22 Oct 2019 16:20:09 +0000 - rev 498578
Push 36720 by ccoroiu@mozilla.com at Tue, 22 Oct 2019 21:43:14 +0000
Bug 1583553 - Make browser_CORS-console-warnings.js fission ready r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D50080
dc9e317da307c0437689b3b36b2747b06e560c55: Bug 1583700 - Pass the loading context of the cspToInherit when deserializing LoadInfo, since this isn't necessarily the same as the loading context of the LoadInfo. r=ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Mon, 21 Oct 2019 02:03:24 +0000 - rev 498437
Push 36718 by ncsoregi@mozilla.com at Tue, 22 Oct 2019 09:46:06 +0000
Bug 1583700 - Pass the loading context of the cspToInherit when deserializing LoadInfo, since this isn't necessarily the same as the loading context of the LoadInfo. r=ckerschb Depends on D47358 Differential Revision: https://phabricator.services.mozilla.com/D47406
cfb571dd120aa797211c7422633875350f85a870: Bug 1583700 - Move CSP setup code to run in both processes. r=nika,ckerschb,mattwoodrow
Matt Woodrow <mwoodrow@mozilla.com> - Tue, 15 Oct 2019 07:52:09 +0000 - rev 498434
Push 36718 by ncsoregi@mozilla.com at Tue, 22 Oct 2019 09:46:06 +0000
Bug 1583700 - Move CSP setup code to run in both processes. r=nika,ckerschb,mattwoodrow We want this to run in both processes so that we set the cspToInherit on the LoadInfo within the child as well as the parent. Differential Revision: https://phabricator.services.mozilla.com/D47355
6e923be2cf6ac05eb6fcc38cd7dfe1fbb2948b30: Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Fri, 18 Oct 2019 11:07:14 +0000 - rev 498101
Push 36706 by aciure@mozilla.com at Fri, 18 Oct 2019 16:01:33 +0000
Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47255
9a67d60ec29da5f2a82b123aa93407eb2d2c6168: Bug 1585331 - Add nsIPrincipal::GetAboutModuleFlags r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 17 Oct 2019 13:54:41 +0000 - rev 498030
Push 36704 by dluca@mozilla.com at Fri, 18 Oct 2019 04:14:02 +0000
Bug 1585331 - Add nsIPrincipal::GetAboutModuleFlags r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47775
0115a701a8e77876bc70add73301448f62506b63: Bug 1587448 enable XTCO-nosniff by default r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Wed, 09 Oct 2019 17:24:33 +0000 - rev 497085
Push 36675 by ccoroiu@mozilla.com at Thu, 10 Oct 2019 16:23:37 +0000
Bug 1587448 enable XTCO-nosniff by default r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D48709
3e896e8ca6b7899fa2e256eb3a6b0c0a935bf5a7: Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku
Tom Ritter <tom@mozilla.com> - Tue, 08 Oct 2019 17:31:35 +0000 - rev 496792
Push 36668 by aiakab@mozilla.com at Wed, 09 Oct 2019 04:06:09 +0000
Bug 1583949 - Add a check for IsEvalAllowed to the worker callpath for eval() r=ckerschb,baku This patch does several things. Because Workers aren't on the main thread, many of the things done are in the name of off main thread access. 1) Changes a parameter in IsEvalAllowed from a nsIPrincipal to a bool. We only used the principal to determined if it was the System Principal. Principals aren't thread safe and can only be accessed on Main Thread, so if we passed a Principal in, we would be in error. Instead only pass in the bool which - for workers - comes from a thread-safe location. 2) Separates out the Telemetry Event Recording and sending a message to the console into a new function nsContentSecurityUtils::NotifyEvalUsage. (And creates a runnable that calls it.) We do this because we will need to only call this method on the main thread. Telemetry Event Recording has only ever been called on the Main Thread. While I possibly-successfully cut it over to happen Off Main Thread (OMT) by porting preferences to StaticPrefs, I don't know if there were other threading assumptions in the Telemetry Code. So it would be much safer to just continue recording Event Telemetry on the main thread. Sending a message to the console requires calling GetStringBundleService() which requires main thread. I didn't investigate if this could be made thread-safe, I just threw it onto the main thread too. If, in IsEvalAllowed, we are on the main thread - we call NotifyEvalUsage directly. If we are not, we create a runnable which will then call NotifyEvalUsage for us on the main thread. 3) Ports allow_eval_with_system_principal and allow_eval_in_parent_process from bools to RelaxedAtomicBool - because we now check these prefs OMT. 4) In RuntimeService.cpp, adds the call to IsEvalAllowed. 5) Add resource://gre/modules/workers/require.js to the allowlist of eval usage. This was the script that identified this gap in the first place. It uses eval (twice) for structural reasons (scope and line number massaging.) The contents of the eval are the result of a request to a uri (which may be internal, like resource://). The whole point of this is to implement a CommonJS require() api. This usage of eval is safe because the only way an attacker can inject into it is by either controlling the response of the uri request or controlling (or appending to) the argument. If they can do that, they are able to inject script into Firefox even if we cut this usage of eval over to some other type of safe(r) script loader. Bug 1584564 tracks making sure calls to require.js are safe. 6) Adds cld-worker.js to the allowlist. Bug 1584605 is for refactoring that eval usage, which is decidedly non-trivial. 7) Does _not_ enforce the eval restrictions for workers. While I've gotten try to be green and not throw up any instances of eval-usage by workers, it is much safer to deploy this is Telemetry-only mode for Workers for a little bit to see if anything pops up from the Nightly population. Bug 1584602 is for enforcing the checks. Differential Revision: https://phabricator.services.mozilla.com/D47480
eb8cc69904edc3c18e3c142d5ed3626637b8a2cd: Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Mon, 07 Oct 2019 12:05:36 +0000 - rev 496509
Push 36660 by rgurzau@mozilla.com at Mon, 07 Oct 2019 16:27:18 +0000
Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb *** Use Window.opener in test Differential Revision: https://phabricator.services.mozilla.com/D47635
f3804bb2592c3107beaea6ad0181c83cee42f56b: Bug 1585364 - Fix IsFrame check to work in fission. r=ckerschb,nika
Jonathan Kingston <jkt@mozilla.com> - Thu, 03 Oct 2019 16:42:25 +0000 - rev 496206
Push 36647 by nerli@mozilla.com at Fri, 04 Oct 2019 04:09:18 +0000
Bug 1585364 - Fix IsFrame check to work in fission. r=ckerschb,nika Differential Revision: https://phabricator.services.mozilla.com/D47783
a472d9f9c874774e5e65ed15c7da4a6fcb1d5ce9: Bug 1583871 Refactor ThirdpartyUtil.cpp r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Wed, 02 Oct 2019 15:10:40 +0000 - rev 496095
Push 36642 by dvarga@mozilla.com at Thu, 03 Oct 2019 04:38:57 +0000
Bug 1583871 Refactor ThirdpartyUtil.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47099
76668583a71f94ebe8ce3b86d71b6edd76ffdc2c: Bug 1585297- Use Principal->SchemeIs in nsGeolocation.cpp r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 01 Oct 2019 12:54:56 +0000 - rev 495911
Push 36639 by rgurzau@mozilla.com at Wed, 02 Oct 2019 16:35:54 +0000
Bug 1585297- Use Principal->SchemeIs in nsGeolocation.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47750
b1a61ab3019cd59eb07235097fca99cc48ca190f: Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb
Jonathan Kingston <jkt@mozilla.com> - Wed, 02 Oct 2019 11:17:28 +0000 - rev 495902
Push 36639 by rgurzau@mozilla.com at Wed, 02 Oct 2019 16:35:54 +0000
Bug 1585604 - Remove telemetry for mixed object subrequst counting. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47888
7978f68a53554de5a679c49e48719a7ac0eff4dc: Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 01 Oct 2019 09:43:36 +0000 - rev 495759
Push 36638 by shindli@mozilla.com at Wed, 02 Oct 2019 03:38:52 +0000
Bug 1585055 - Flip Pref for XTCO-NoSniff and update test to match r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47635
10c7400edbc1d7754b44e090e5a7685991ba16a6: Bug 1584543 - Make checks for in-content functionality depend on documentURI instead of principal URI. r=ckerschb,Gijs
Johann Hofmann <jhofmann@mozilla.com> - Tue, 01 Oct 2019 12:14:22 +0000 - rev 495726
Push 36638 by shindli@mozilla.com at Wed, 02 Oct 2019 03:38:52 +0000
Bug 1584543 - Make checks for in-content functionality depend on documentURI instead of principal URI. r=ckerschb,Gijs This is a necessary change that was done for Fluent access in bug 1573276. In almost all cases, we want to rely on the principal for making security decisions, but the principal does not store the original URI in cases where an about: page was sandboxed (it becomes a null principal URI), and thus we need to use the documentURI here. Differential Revision: https://phabricator.services.mozilla.com/D47582
494c7364c54462c856cead8a4d455effa4bf8127: Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Mon, 30 Sep 2019 13:42:23 +0000 - rev 495593
Push 36634 by apavel@mozilla.com at Mon, 30 Sep 2019 21:54:36 +0000
Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47255
bda8ceea80d0d53bfd79d5db5828c6a66dd2d221: Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Mon, 30 Sep 2019 10:46:27 +0000 - rev 495559
Push 36633 by dluca@mozilla.com at Mon, 30 Sep 2019 16:21:37 +0000
Bug 1584204 Remove requestingLocation from nsContentPolicy.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47255
6f8c20edadbacd0ce3978cd168883e6a33c39c3e: Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Mon, 30 Sep 2019 10:38:32 +0000 - rev 495558
Push 36633 by dluca@mozilla.com at Mon, 30 Sep 2019 16:21:37 +0000
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47125
04f75de35ca75a9edac37d7329b384ca9823cfb7: Bug 1583869 - Call Sniffers for application/* mime Types r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Mon, 30 Sep 2019 10:41:51 +0000 - rev 495557
Push 36633 by dluca@mozilla.com at Mon, 30 Sep 2019 16:21:37 +0000
Bug 1583869 - Call Sniffers for application/* mime Types r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47258
32932bd2857190460aec71e16f3016fe84b117fb: Bug 1581559 - Refresh script MIME type telemtry. r=ckerschb
Tom Schuster <evilpies@gmail.com> - Mon, 30 Sep 2019 09:45:07 +0000 - rev 495542
Push 36633 by dluca@mozilla.com at Mon, 30 Sep 2019 16:21:37 +0000
Bug 1581559 - Refresh script MIME type telemtry. r=ckerschb I think at this point we refreshed this probe often enough and we don't really have an idea if we ever manage to limit script MIMEs completely. Differential Revision: https://phabricator.services.mozilla.com/D47418
c3579f540cd7c4ba60530659205675fd9aa80cc9: Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 26 Sep 2019 12:34:17 +0000 - rev 495106
Push 36622 by shindli@mozilla.com at Thu, 26 Sep 2019 21:35:42 +0000
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47125
7eb799868e2bca66d5a647325242bc8a38cb0f8f: Bug 1580782 - Remove JS Callsites for Principal->GetURI->Schemeis r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 26 Sep 2019 10:47:33 +0000 - rev 495102
Push 36622 by shindli@mozilla.com at Thu, 26 Sep 2019 21:35:42 +0000
Bug 1580782 - Remove JS Callsites for Principal->GetURI->Schemeis r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D45685
253627be92f04af6efabb74f68a6d4f2c6ad0ec7: Bug 1580782 - Change Callsites to use nsIPrincipal->SchemeIs r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 26 Sep 2019 10:47:16 +0000 - rev 495101
Push 36622 by shindli@mozilla.com at Thu, 26 Sep 2019 21:35:42 +0000
Bug 1580782 - Change Callsites to use nsIPrincipal->SchemeIs r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D45654
e40e7df668835350b2e341663617dc580e92e01a: Bug 1580782 - Expose SchemeIs on nsIPrincipal r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 26 Sep 2019 10:47:03 +0000 - rev 495100
Push 36622 by shindli@mozilla.com at Thu, 26 Sep 2019 21:35:42 +0000
Bug 1580782 - Expose SchemeIs on nsIPrincipal r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D45653
af8ca81b90e4eabf5de4ccb669381271565fc15e: Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Thu, 26 Sep 2019 10:16:36 +0000 - rev 495084
Push 36622 by shindli@mozilla.com at Thu, 26 Sep 2019 21:35:42 +0000
Bug 1583932 - Remove aRequestOrigin from nsCSPContext::ShouldLoad r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D47125
bf2586dc82562136449ebe14bbc14b609c20c245: Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb
Jonas Allmann <jallmann@mozilla.com> - Wed, 25 Sep 2019 12:30:23 +0000 - rev 494913
Push 36617 by ccoroiu@mozilla.com at Wed, 25 Sep 2019 16:30:53 +0000
Bug 1419222, Add test for correct handling of iFrame CSPs, r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D46452
3f8fb4a68d7f918a8308537faacb06b91d2a2d3e: Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Wed, 25 Sep 2019 08:25:42 +0000 - rev 494885
Push 36617 by ccoroiu@mozilla.com at Wed, 25 Sep 2019 16:30:53 +0000
Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D46742
7ee838678e6ffaaf646a2abdab0beed1b1b59e8d: Bug 1583076 - Pass LoadInfo back for the current channel when confirming redirects. r=ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Wed, 25 Sep 2019 08:25:29 +0000 - rev 494884
Push 36617 by ccoroiu@mozilla.com at Wed, 25 Sep 2019 16:30:53 +0000
Bug 1583076 - Pass LoadInfo back for the current channel when confirming redirects. r=ckerschb We previously used the initial LoadInfo from when the DocumentChannel was created, but need the one from the most recent channel in the parent. Differential Revision: https://phabricator.services.mozilla.com/D46741
f62dc9ae3caf3a9417535981d771d1ab3c6a8eeb: Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb
Matt Woodrow <mwoodrow@mozilla.com> - Wed, 25 Sep 2019 08:25:22 +0000 - rev 494883
Push 36617 by ccoroiu@mozilla.com at Wed, 25 Sep 2019 16:30:53 +0000
Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D46740