searching for reviewer(ckerschb)
1491786f84021b12026f8570cb54eb02f2dfa450: Bug 1775194 - disable reporting API r=ckerschb,emilio
Frederik Braun <fbraun@mozilla.com> - Thu, 30 Jun 2022 10:41:48 +0000 - rev 622677
Push 39920 by smolnar@mozilla.com at Thu, 30 Jun 2022 21:24:30 +0000
Bug 1775194 - disable reporting API r=ckerschb,emilio This disables the outdated, incorrect implementation of the Reporting API. The current implementation was only enabled on Nightly builds, but given its current state it does not even make sense there. Differential Revision: https://phabricator.services.mozilla.com/D149873
068f148f46f25b5a1efb1191c8ddbb423f09eda2: Bug 1775194 - disable reporting API r=ckerschb,emilio
Frederik Braun <fbraun@mozilla.com> - Tue, 28 Jun 2022 15:12:03 +0000 - rev 622345
Push 39912 by mlaza@mozilla.com at Wed, 29 Jun 2022 03:44:30 +0000
Bug 1775194 - disable reporting API r=ckerschb,emilio This disables the outdated, incorrect implementation of the Reporting API. The current implementation was only enabled on Nightly builds, but given its current state it does not even make sense there. Differential Revision: https://phabricator.services.mozilla.com/D149873
c3682c83547e486e1e63da66784138d99e0ae82f: Bug 1775194 - disable reporting API r=ckerschb,emilio
Frederik Braun <fbraun@mozilla.com> - Tue, 28 Jun 2022 12:44:00 +0000 - rev 622325
Push 39912 by mlaza@mozilla.com at Wed, 29 Jun 2022 03:44:30 +0000
Bug 1775194 - disable reporting API r=ckerschb,emilio This disables the outdated, incorrect implementation of the Reporting API. The current implementation was only enabled on Nightly builds, but given its current state it does not even make sense there. Differential Revision: https://phabricator.services.mozilla.com/D149873
e883552f154d46c67531a8dd8f69fcbd0fa82382: Bug 1775194 - disable reporting API r=ckerschb,emilio
Frederik Braun <fbraun@mozilla.com> - Tue, 28 Jun 2022 09:40:44 +0000 - rev 622300
Push 39912 by mlaza@mozilla.com at Wed, 29 Jun 2022 03:44:30 +0000
Bug 1775194 - disable reporting API r=ckerschb,emilio This disables the outdated, incorrect implementation of the Reporting API. The current implementation was only enabled on Nightly builds, but given its current state it does not even make sense there. Differential Revision: https://phabricator.services.mozilla.com/D149873
b14241477254436c8f58894e30d154ce1747596f: Bug 1775119 - Make sure NSS is initialized before calling NS_NewCryptoHash from nsCSPHashSrc::allows. r=ckerschb
Luca Greco <lgreco@mozilla.com> - Fri, 24 Jun 2022 17:11:03 +0000 - rev 622060
Push 39897 by ncsoregi@mozilla.com at Sat, 25 Jun 2022 09:53:34 +0000
Bug 1775119 - Make sure NSS is initialized before calling NS_NewCryptoHash from nsCSPHashSrc::allows. r=ckerschb The intermittent failure tracked by Bug 1775119 is being triggered when nsCSPHashSrc::allows is called while NSS isn't initialized yet (which is what makes NS_NewCryptoHash to return a NS_ERROR_ILLEGAL_VALUE nsresult). After recording the test passing successfully with rr and looked into what did actually initialize NSS when the test pass, it seems that the NSS initialization (at least in the xpcshell test environment) happened just as a side effect of a call to `Performance::Now()` triggered by a call to `Document::HasRecentlyStartedForegroundLoads()`. This call is originated by the TaskController and so it may not be always triggered before the call to ns CSPHashSrc::allows and when that happens the inline script triggers an unexpected CSP violation and it is not executed. This also explains why the test was never failing in the in-process-webextensions, when the extensions are running on the parent browser process NSS is likely already initialized by some other Gecko internals. This patch adds an explicit call to EnsureNSSInitializedChromeOrContent right before the call to NS_NewCryptoHash, which is making sure NSS is always initialized before trying to create a new crypto hash instance (which then makes the test to pass consistently, included when executed with --verify). Depends on D150241 Differential Revision: https://phabricator.services.mozilla.com/D150242
485960624319f7058f00951f988e7d94af554de6: Bug 1775194 - disable reporting API r=ckerschb
Frederik Braun <fbraun@mozilla.com> - Wed, 22 Jun 2022 13:09:21 +0000 - rev 621743
Push 39885 by nfay@mozilla.com at Thu, 23 Jun 2022 03:54:50 +0000
Bug 1775194 - disable reporting API r=ckerschb This disables the outdated, incorrect implementation of the Reporting API. The current implementation was only enabled on Nightly builds, but given its current state it does not even make sense there. Differential Revision: https://phabricator.services.mozilla.com/D149873
e08c3654f938f901524c8d83998d8b7889ae6f1d: Bug 1775102 - Disable security.block_fileuri_script_with_wrong_mime outside of early beta or earlier. r=ckerschb
Tom Schuster <tschuster@mozilla.com> - Mon, 20 Jun 2022 15:39:20 +0000 - rev 621451
Push 39874 by csabou@mozilla.com at Mon, 20 Jun 2022 21:49:56 +0000
Bug 1775102 - Disable security.block_fileuri_script_with_wrong_mime outside of early beta or earlier. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D149774
e6471acf5208f3184d8efd08a3de127eab7dcbe1: Bug 1773797 - Replace do_CreateInstance for nsICryptoHash with NS_NewCryptoHash r=Gijs,media-playback-reviewers,padenot,nika,ckerschb
Barret Rennie <barret@brennie.ca> - Mon, 20 Jun 2022 13:57:29 +0000 - rev 621435
Push 39874 by csabou@mozilla.com at Mon, 20 Jun 2022 21:49:56 +0000
Bug 1773797 - Replace do_CreateInstance for nsICryptoHash with NS_NewCryptoHash r=Gijs,media-playback-reviewers,padenot,nika,ckerschb Differential Revision: https://phabricator.services.mozilla.com/D148968
0fcc34c4614e1d35074242150420419cbb246c26: Bug 1738694: Add sec-fetch tests for openening new windows. r=ckerschb
Niklas Goegge <ngogge@mozilla.com> - Wed, 15 Jun 2022 19:01:02 +0000 - rev 621016
Push 39858 by bszekely@mozilla.com at Thu, 16 Jun 2022 09:30:51 +0000
Bug 1738694: Add sec-fetch tests for openening new windows. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D130860
ea0291b77f361089c67d00e495fb2262397e4748: Bug 1744822 - Make early hint preloads also preload cross origin requests r=necko-reviewers,ckerschb,dragana
Manuel Bucher <mbucher@mozilla.com> - Wed, 15 Jun 2022 09:59:46 +0000 - rev 620960
Push 39856 by abutkovits@mozilla.com at Wed, 15 Jun 2022 21:49:08 +0000
Bug 1744822 - Make early hint preloads also preload cross origin requests r=necko-reviewers,ckerschb,dragana Differential Revision: https://phabricator.services.mozilla.com/D143739
96874008096689adc291e39a294922f5647a977d: Bug 1761242 - Generalize the EarlyHintPreloader to cover all assets intended to preload r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Wed, 15 Jun 2022 09:59:45 +0000 - rev 620957
Push 39856 by abutkovits@mozilla.com at Wed, 15 Jun 2022 21:49:08 +0000
Bug 1761242 - Generalize the EarlyHintPreloader to cover all assets intended to preload r=necko-reviewers,ckerschb,dragana,kershaw Previously covered: images Added: script, script modules, font, style, fetch Differential Revision: https://phabricator.services.mozilla.com/D142201
37b5dc69ab45965da01bfaccb3767f9ad2ded3b3: Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug
Manuel Bucher <mbucher@mozilla.com> - Wed, 15 Jun 2022 09:59:44 +0000 - rev 620956
Push 39856 by abutkovits@mozilla.com at Wed, 15 Jun 2022 21:49:08 +0000
Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug Differential Revision: https://phabricator.services.mozilla.com/D144798
33cc08eb51b30a023da889250f1195fdde822715: Bug 1744822 - Make early hint preloads also preload cross origin requests r=necko-reviewers,ckerschb,dragana
Manuel Bucher <mbucher@mozilla.com> - Wed, 08 Jun 2022 14:33:12 +0000 - rev 620117
Push 39819 by nbeleuzu@mozilla.com at Wed, 08 Jun 2022 21:48:24 +0000
Bug 1744822 - Make early hint preloads also preload cross origin requests r=necko-reviewers,ckerschb,dragana Differential Revision: https://phabricator.services.mozilla.com/D143739
7cda175b833d5ede670ba1a490a508ba8a130540: Bug 1761242 - Generalize the EarlyHintPreloader to cover all assets intended to preload r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Wed, 08 Jun 2022 14:33:11 +0000 - rev 620114
Push 39819 by nbeleuzu@mozilla.com at Wed, 08 Jun 2022 21:48:24 +0000
Bug 1761242 - Generalize the EarlyHintPreloader to cover all assets intended to preload r=necko-reviewers,ckerschb,dragana,kershaw Previously covered: images Added: script, script modules, font, style, fetch Differential Revision: https://phabricator.services.mozilla.com/D142201
4f5ed111093b2ca35a26d53a8d3828d26701a25a: Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug
Manuel Bucher <mbucher@mozilla.com> - Wed, 08 Jun 2022 14:33:10 +0000 - rev 620113
Push 39819 by nbeleuzu@mozilla.com at Wed, 08 Jun 2022 21:48:24 +0000
Bug 1761242 - Expose computing security flags for early hint preloader r=ckerschb,smaug Differential Revision: https://phabricator.services.mozilla.com/D144798
2f3bf2d5f1a66850239a153c79f308dcc637423f: Bug 1354248 - Part 4: Make PageIconProtocolHandler use RemoteStreamGetter. r=necko-reviewers,nika,mak,ckerschb,kershaw
Mike Conley <mconley@mozilla.com> - Fri, 03 Jun 2022 15:17:34 +0000 - rev 619656
Push 39793 by mlaza@mozilla.com at Fri, 03 Jun 2022 21:43:55 +0000
Bug 1354248 - Part 4: Make PageIconProtocolHandler use RemoteStreamGetter. r=necko-reviewers,nika,mak,ckerschb,kershaw This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the privileged about content process attempts to use the page-icon: protocol. This allows the parent to then remotely stream the favicons down to the privileged about content process. This also adds a test to check that only the privileged about content process can use this protocol, and that "normal" web content processes cannot. Differential Revision: https://phabricator.services.mozilla.com/D147335
9bf6a5eb2ed55b506b6239abdf7bee5c46537145: Bug 1770498: Simplify Principal-based ShouldRFP check r=ckerschb,freddyb
Tom Ritter <tom@mozilla.com> - Thu, 02 Jun 2022 15:31:24 +0000 - rev 619580
Push 39788 by nfay@mozilla.com at Fri, 03 Jun 2022 03:41:38 +0000
Bug 1770498: Simplify Principal-based ShouldRFP check r=ckerschb,freddyb Differential Revision: https://phabricator.services.mozilla.com/D146945
f5a1c9036ed8226fe1b82973a850851f355f8630: Bug 1769786 - test_user_suggestion_box.html doesn't check responses from the server r=ckerschb
lyavor <lyavor@mozilla.com> - Thu, 02 Jun 2022 11:46:45 +0000 - rev 619542
Push 39787 by imoraru@mozilla.com at Thu, 02 Jun 2022 21:46:37 +0000
Bug 1769786 - test_user_suggestion_box.html doesn't check responses from the server r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D147670
f9d3225a4e4c9c33b8f666070fc02f98a11d627b: Bug 1770468 - Report-only wasm-unsafe-eval in MV2 r=mixedpuppy,freddyb,ckerschb
Rob Wu <rob@robwu.nl> - Tue, 24 May 2022 13:56:22 +0000 - rev 618736
Push 39743 by mlaza@mozilla.com at Tue, 24 May 2022 21:44:48 +0000
Bug 1770468 - Report-only wasm-unsafe-eval in MV2 r=mixedpuppy,freddyb,ckerschb For backcompat, do not enforce wasm-unsafe-eval even if the extension has specified a custom CSP. Do report the errors though, to allow extension authors to discover the issue and fix it. Differential Revision: https://phabricator.services.mozilla.com/D147105
dfa79e842c0ca5fd572418842e967f37ea0424d9: Bug 1731614 - Clarify error phrasing in NoSupportedMediaSourceError; r=ckerschb,dveditz
june wilde <jewilde@mozilla.com> - Mon, 23 May 2022 21:27:48 +0000 - rev 618569
Push 39737 by imoraru@mozilla.com at Tue, 24 May 2022 03:33:01 +0000
Bug 1731614 - Clarify error phrasing in NoSupportedMediaSourceError; r=ckerschb,dveditz Differential Revision: https://phabricator.services.mozilla.com/D145576
9e1c758297d8d34c759fca9fb2a46e4b2e0c4538: Bug 1767581 - refactor systemprincipal restrictions, disallow loads without finaluri r=ckerschb,tjr
Frederik Braun <fbraun@mozilla.com> - Mon, 23 May 2022 20:22:52 +0000 - rev 618562
Push 39737 by imoraru@mozilla.com at Tue, 24 May 2022 03:33:01 +0000
Bug 1767581 - refactor systemprincipal restrictions, disallow loads without finaluri r=ckerschb,tjr This is a bit of a refactor. We'll keep the spagetthi code for existing checks, to be able to easily iterate and pref-flip if things fail later in the cycle. This also resolves bug 1638770 and removes the "disallow all" -pref that proved not be a useful approach anyway. Differential Revision: https://phabricator.services.mozilla.com/D145411
e1658a2c0baf9e6be85a5f31c493beb9adee5dcf: Bug 1740263 - CSP parser and context changes for wasm-unsafe-eval. r=ckerschb,freddyb
Frederik Braun <fbraun@mozilla.com> - Thu, 19 May 2022 14:13:48 +0000 - rev 618240
Push 39720 by nbeleuzu@mozilla.com at Thu, 19 May 2022 18:03:18 +0000
Bug 1740263 - CSP parser and context changes for wasm-unsafe-eval. r=ckerschb,freddyb Differential Revision: https://phabricator.services.mozilla.com/D136219
d923462c9cd0ba5ee58110fafbfee2028515e05e: Bug 1740263 - CSP parser and context changes for wasm-unsafe-eval. r=ckerschb,freddyb
Frederik Braun <fbraun@mozilla.com> - Wed, 18 May 2022 21:39:28 +0000 - rev 618171
Push 39718 by ccozmuta@mozilla.com at Thu, 19 May 2022 09:37:29 +0000
Bug 1740263 - CSP parser and context changes for wasm-unsafe-eval. r=ckerschb,freddyb Differential Revision: https://phabricator.services.mozilla.com/D136219
a21cc7514210a5f2b7465171289798920a532c6d: Bug 1753730 - Test that the cached image from the early hint preload is used r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Wed, 11 May 2022 15:41:39 +0000 - rev 616996
Push 39683 by ccozmuta@mozilla.com at Wed, 11 May 2022 21:49:30 +0000
Bug 1753730 - Test that the cached image from the early hint preload is used r=necko-reviewers,ckerschb,dragana,kershaw * Test that the preloaded image is actually used and that no preload requests are made if the resource shouldn't be preloaded Differential Revision: https://phabricator.services.mozilla.com/D139740
88bc7da6b963761d21333f35c4775115468319c1: Bug 1753730 - Add EarlyHintPreloader to load 103 Early Hint responses into the cache r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Wed, 11 May 2022 15:41:39 +0000 - rev 616995
Push 39683 by ccozmuta@mozilla.com at Wed, 11 May 2022 21:49:30 +0000
Bug 1753730 - Add EarlyHintPreloader to load 103 Early Hint responses into the cache r=necko-reviewers,ckerschb,dragana,kershaw Currently only same origin requests are preloaded and preloads in the secure context. This may change in the future to match W3C decisions and Chromes behavior. Also only images get preloaded. This will change in the future to cover asset types. Currently the anchor isn't parsed correctly yet[1], so this will be fixed in a future patch. On non-2xx responses of the main document all ongoing preloads get canceled. Already completed preloads don't get affected and are in the cache. It is currently untested whether unused preloads don't have side effects. Another future patch should cover adding the preload to the devtools. [1]: https://datatracker.ietf.org/doc/html/rfc8288#section-3.2 Differential Revision: https://phabricator.services.mozilla.com/D137885
70f5ae719af15755476beebb4a3672b917f5b085: Bug 1768176 - Update dom/security/featurepolicy/test/mochitest/ test files to use https. r=ckerschb
lyavor <lyavor@mozilla.com> - Mon, 09 May 2022 12:38:49 +0000 - rev 616657
Push 39671 by nfay@mozilla.com at Mon, 09 May 2022 15:57:28 +0000
Bug 1768176 - Update dom/security/featurepolicy/test/mochitest/ test files to use https. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D145719
0dc4682c5d14b86503c055526a66962a2b68769e: Bug 1767954 - csmlog should include process type r=ckerschb
Frederik Braun <fbraun@mozilla.com> - Thu, 05 May 2022 12:46:47 +0000 - rev 616281
Push 39657 by imoraru@mozilla.com at Fri, 06 May 2022 09:50:52 +0000
Bug 1767954 - csmlog should include process type r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D145575
94ee875dee2097b00d21e3efd2af3d39d6ab0286: Bug 1763943: Do not bust on the debugger filename in the Browser Console r=ckerschb
Tom Ritter <tom@mozilla.com> - Wed, 04 May 2022 15:01:22 +0000 - rev 616135
Push 39649 by mlaza@mozilla.com at Wed, 04 May 2022 23:45:51 +0000
Bug 1763943: Do not bust on the debugger filename in the Browser Console r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D145452
8f27dc8dbbe0509b76a8607dd598622e2e3cf785: Bug 1753730 - Test that the cached image from the early hint preload is used r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Tue, 03 May 2022 19:24:42 +0000 - rev 615991
Push 39645 by imoraru@mozilla.com at Wed, 04 May 2022 03:39:47 +0000
Bug 1753730 - Test that the cached image from the early hint preload is used r=necko-reviewers,ckerschb,dragana,kershaw * Test that the preloaded image is actually used and that no preload requests are made if the resource shouldn't be preloaded Differential Revision: https://phabricator.services.mozilla.com/D139740
3c25877d2660760b85bb54e8c989fe9e0a451b4a: Bug 1753730 - Add EarlyHintPreloader to load 103 Early Hint responses into the cache r=necko-reviewers,ckerschb,dragana,kershaw
Manuel Bucher <mbucher@mozilla.com> - Tue, 03 May 2022 19:24:42 +0000 - rev 615990
Push 39645 by imoraru@mozilla.com at Wed, 04 May 2022 03:39:47 +0000
Bug 1753730 - Add EarlyHintPreloader to load 103 Early Hint responses into the cache r=necko-reviewers,ckerschb,dragana,kershaw Currently only same origin requests are preloaded and preloads in the secure context. This may change in the future to match W3C decisions and Chromes behavior. Also only images get preloaded. This will change in the future to cover asset types. Currently the anchor isn't parsed correctly yet[1], so this will be fixed in a future patch. On non-2xx responses of the main document all ongoing preloads get canceled. Already completed preloads don't get affected and are in the cache. It is currently untested whether unused preloads don't have side effects. Another future patch should cover adding the preload to the devtools. [1]: https://datatracker.ietf.org/doc/html/rfc8288#section-3.2 Differential Revision: https://phabricator.services.mozilla.com/D137885
2f9156dc45d4055cfd31b7488f2f63f0bb82e220: Bug 1767395 disallow loading http/https scripts for systemprincipal r=ckerschb,tjr
Frederik Braun <fbraun@mozilla.com> - Tue, 03 May 2022 15:28:34 +0000 - rev 615967
Push 39645 by imoraru@mozilla.com at Wed, 04 May 2022 03:39:47 +0000
Bug 1767395 disallow loading http/https scripts for systemprincipal r=ckerschb,tjr This copies over the behavior for style & subdocument restrictions. Admittedly, with this if/else spagetthi, it would be preferable to turn this into restriction levels or lump some of the known-to-be-safe prefs together, but I would prefer we wait a couple of cycles to make sure this makes it all the way to release before we refactor. Differential Revision: https://phabricator.services.mozilla.com/D145306
c3f8f1bdd5cbc7a99037e2a034d2da1562083db9: Bug 1766828 - Enable external protocol sandbox restrictions in release config. r=ckerschb,annevk
Paul Zuehlcke <pbz@mozilla.com> - Tue, 03 May 2022 10:58:59 +0000 - rev 615936
Push 39643 by nbeleuzu@mozilla.com at Tue, 03 May 2022 15:57:51 +0000
Bug 1766828 - Enable external protocol sandbox restrictions in release config. r=ckerschb,annevk Differential Revision: https://phabricator.services.mozilla.com/D145073
47c396db5affab94ffbbae74daa9d94ba440bee6: Bug 1735565 - disabling erroneous https-only test case to isolate error r=ckerschb
Frederik Braun <fbraun@mozilla.com> - Wed, 27 Apr 2022 13:17:34 +0000 - rev 615452
Push 39622 by apavel@mozilla.com at Wed, 27 Apr 2022 21:34:31 +0000
Bug 1735565 - disabling erroneous https-only test case to isolate error r=ckerschb This iterates on the known-buggy https-only test, to ensure that we are sure that this is the only erroneous test case. Admittedly, this whole test should just not use documents/iframes for tests, but for now, this here will do. Differential Revision: https://phabricator.services.mozilla.com/D144797
d3235a8da090f45cabbea87754f3138c99860611: Bug 1762493 - Remove Ajv r=ckerschb,ahal
Barret Rennie <barret@brennie.ca> - Wed, 20 Apr 2022 15:23:28 +0000 - rev 614751
Push 39593 by ctuns@mozilla.com at Wed, 20 Apr 2022 21:53:00 +0000
Bug 1762493 - Remove Ajv r=ckerschb,ahal Differential Revision: https://phabricator.services.mozilla.com/D142881
2b26f37436f9efb016fa0a3559b5e056be651599: Bug 1735746 - Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb
Paul Zuehlcke <pbz@mozilla.com> - Wed, 20 Apr 2022 11:06:50 +0000 - rev 614714
Push 39593 by ctuns@mozilla.com at Wed, 20 Apr 2022 21:53:00 +0000
Bug 1735746 - Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb Depends on D141132 Differential Revision: https://phabricator.services.mozilla.com/D141133
853b1951f8f830b551ab61623cea7303c5e57f94: Bug 1735746 - Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre
Paul Zuehlcke <pbz@mozilla.com> - Wed, 20 Apr 2022 11:06:50 +0000 - rev 614713
Push 39593 by ctuns@mozilla.com at Wed, 20 Apr 2022 21:53:00 +0000
Bug 1735746 - Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre Depends on D141131 Differential Revision: https://phabricator.services.mozilla.com/D141132
ce3b938dce6162f171b28de4de144cdbb4b5286b: Bug 1735746 - Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug
Paul Zuehlcke <pbz@mozilla.com> - Wed, 20 Apr 2022 11:06:50 +0000 - rev 614712
Push 39593 by ctuns@mozilla.com at Wed, 20 Apr 2022 21:53:00 +0000
Bug 1735746 - Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug Differential Revision: https://phabricator.services.mozilla.com/D141131
85f40a1667d500c02c1c8df0f20b6331ef508901: Bug 1765114. Silence spammy warning in dom/security/ReferrerInfo.cpp. r=ckerschb
Timothy Nikkel <tnikkel@gmail.com> - Tue, 19 Apr 2022 08:24:37 +0000 - rev 614544
Push 39586 by smolnar@mozilla.com at Tue, 19 Apr 2022 16:03:23 +0000
Bug 1765114. Silence spammy warning in dom/security/ReferrerInfo.cpp. r=ckerschb Depends on D143892 Differential Revision: https://phabricator.services.mozilla.com/D143893
5562a716505990b97065b63f4e3a27376a40c44d: Bug 1764504 Remove obsolete comments about inadequacy of LoadTainting r=ckerschb,necko-reviewers,dragana DONTBUILD
Karl Tomlinson <karlt+@karlt.net> - Sat, 16 Apr 2022 04:58:36 +0000 - rev 614457
Push 39576 by mlaza@mozilla.com at Sun, 17 Apr 2022 09:39:01 +0000
Bug 1764504 Remove obsolete comments about inadequacy of LoadTainting r=ckerschb,necko-reviewers,dragana DONTBUILD tainting has been set with AsyncOpen2() since https://hg.mozilla.org/integration/mozilla-inbound/rev/989bbde310f5#l6.74 and AsyncOpen() was removed for https://bugzilla.mozilla.org/show_bug.cgi?id=1520868 The advice about checking final URL and CORS mode is misleading because the URL and CORS mode of an nsIHttpChannelInternal will reflect the URL and CORS mode of the request, which may differ from those of a ServiceWorker-synthesized Response, with null URL for example. Differential Revision: https://phabricator.services.mozilla.com/D143563
3c57d2b2f29d5a2c18b372353efce3f06ce0536e: Bug 1715785 - Trim redirect chain of excess information; r=necko-reviewers,ckerschb,tjr,dragana
june wilde <jewilde@mozilla.com> - Wed, 13 Apr 2022 13:33:49 +0000 - rev 614192
Push 39561 by imoraru@mozilla.com at Thu, 14 Apr 2022 03:45:41 +0000
Bug 1715785 - Trim redirect chain of excess information; r=necko-reviewers,ckerschb,tjr,dragana Differential Revision: https://phabricator.services.mozilla.com/D136885
ca23a4fb182d5a4b20e54898ce76b9495c23ce89: Bug 1755081 - Allow more containers to participate in FeaturePolicy r=smaug,ckerschb
Andreas Farre <farre@mozilla.com> - Tue, 12 Apr 2022 11:47:50 +0000 - rev 614050
Push 39553 by nfay@mozilla.com at Tue, 12 Apr 2022 15:57:11 +0000
Bug 1755081 - Allow more containers to participate in FeaturePolicy r=smaug,ckerschb Differential Revision: https://phabricator.services.mozilla.com/D142216
3b06ed08d93becda7cda6d5693224acdc0bd220b: Bug 1735746 - Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb
Paul Zuehlcke <pbz@mozilla.com> - Tue, 05 Apr 2022 11:31:54 +0000 - rev 613383
Push 39523 by ctuns@mozilla.com at Tue, 05 Apr 2022 21:23:13 +0000
Bug 1735746 - Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb Depends on D141132 Differential Revision: https://phabricator.services.mozilla.com/D141133
9968278b9efe5a69044a39446b05fbfb1f953e79: Bug 1735746 - Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre
Paul Zuehlcke <pbz@mozilla.com> - Tue, 05 Apr 2022 11:31:54 +0000 - rev 613382
Push 39523 by ctuns@mozilla.com at Tue, 05 Apr 2022 21:23:13 +0000
Bug 1735746 - Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre Depends on D141131 Differential Revision: https://phabricator.services.mozilla.com/D141132
49f2e283115d2fffeb183ad7a5f0be6f4be9365c: Bug 1735746 - Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug
Paul Zuehlcke <pbz@mozilla.com> - Tue, 05 Apr 2022 11:31:53 +0000 - rev 613381
Push 39523 by ctuns@mozilla.com at Tue, 05 Apr 2022 21:23:13 +0000
Bug 1735746 - Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug Differential Revision: https://phabricator.services.mozilla.com/D141131
4c091571c918b87adf99175b973781d73761a528: Bug 1760417 - Make ContentPrincipal more reliable for URIs in the form of scheme://.origin.tld. r=nika,ckerschb
Mike Conley <mconley@mozilla.com> - Mon, 04 Apr 2022 13:40:50 +0000 - rev 613269
Push 39518 by nbeleuzu@mozilla.com at Mon, 04 Apr 2022 21:49:47 +0000
Bug 1760417 - Make ContentPrincipal more reliable for URIs in the form of scheme://.origin.tld. r=nika,ckerschb Attempting to get the siteOrigin for a URI of something like "https://.mozilla.org" was returning NS_ERROR_ILLEGAL_VALUE, which caused breakage in parts of the browser UI when trying to initialize a window to point at that URI. It looks like the NS_ERROR_ILLEGAL_VALUE stuff was added back in bug 1491728 as part of an effort to better handle some IPv6 stuff. I tested the STR in bug 1491728 for the original bug, and I cannot reproduce the issue even witht his change. nika suggested that instead of returning NS_ERROR_ILLEGAL_VALUE for this form of URI, we return the same value as `nsIPrincipal.origin`. Differential Revision: https://phabricator.services.mozilla.com/D142493
454781280760b0e5e31549c4d8236302ba113e4d: Bug 1727301 - Part 3: Add tests for testing ETP toggle with the disallow relaxing referrer policy. r=ckerschb
Tim Huang <tihuang@mozilla.com> - Wed, 30 Mar 2022 19:45:29 +0000 - rev 612831
Push 39500 by nfay@mozilla.com at Thu, 31 Mar 2022 09:35:41 +0000
Bug 1727301 - Part 3: Add tests for testing ETP toggle with the disallow relaxing referrer policy. r=ckerschb This patch add tests for testing ETP toggle with the disallow relaxing referrer policies. In addition, it changes the test a little bit to improve the testing performance. Differential Revision: https://phabricator.services.mozilla.com/D142250
cf85158b21fd064429a6a6a4879e92dba7a24cce: Bug 1727301 - Part 2: The disallowing less restricted referrer policy can be disabled by ETP toggle. r=ckerschb,pbz,smaug
Tim Huang <tihuang@mozilla.com> - Wed, 30 Mar 2022 19:45:29 +0000 - rev 612830
Push 39500 by nfay@mozilla.com at Thu, 31 Mar 2022 09:35:41 +0000
Bug 1727301 - Part 2: The disallowing less restricted referrer policy can be disabled by ETP toggle. r=ckerschb,pbz,smaug This patch implements that the referrer protection can be disabled by the ETP toggle. When ETP is toggled off, it will stop the protection for iframe and sub-resource loads. Also, it will stop the protection for a loading to a site that has ETP disabled. This patch also makes CookieJarSettings::UpdateIsOnContentBlockingAllowList() be more efficient when calling it multiple times. Differential Revision: https://phabricator.services.mozilla.com/D142249
2e741cf304314e8e822b65812b20e0a5adaa53af: Bug 1727301 - Part 1: Remeber the original referrer policy in the ReferrerInfo. r=ckerschb,smaug
Tim Huang <tihuang@mozilla.com> - Wed, 30 Mar 2022 19:45:29 +0000 - rev 612829
Push 39500 by nfay@mozilla.com at Thu, 31 Mar 2022 09:35:41 +0000
Bug 1727301 - Part 1: Remeber the original referrer policy in the ReferrerInfo. r=ckerschb,smaug The referrer policy could be overridden in two cases; one is the referrer policy wasn't set, another is that the original policy was ignored. In order to recover the original policy if the ETP was off, we need to store the original referrer policy so that we can recompute the referrer policy based on that. Differential Revision: https://phabricator.services.mozilla.com/D142248
eff80f51f01449a48e78387a4c20850141f9c8da: Bug 1754320 - Re-escape existing escape sequences in precursor origins, r=ckerschb
Nika Layzell <nika@thelayzells.com> - Mon, 28 Mar 2022 15:12:36 +0000 - rev 612597
Push 39488 by nfay@mozilla.com at Tue, 29 Mar 2022 09:56:04 +0000
Bug 1754320 - Re-escape existing escape sequences in precursor origins, r=ckerschb Apparently the esc_NonASCIIOnly and esc_Forced flags to NS_EscapeURL are incompatible, meaning that the escaping and unescaping code was not handling existing escape sequences properly. This patch adds an explicit gtest to make sure sequences round-trip correctly, and switches serialization to use `esc_Query | esc_Forced` instead, which may escape more aggressively than required but should work correctly. Differential Revision: https://phabricator.services.mozilla.com/D142111
6b98e6bb7b8749cc42729d10296eabcfb0d070ad: Bug 1734328 - Part 3: Add tests in browser_referrer_disallow_cross_site_relaxing.js r=ckerschb
Tim Huang <tihuang@mozilla.com> - Mon, 28 Mar 2022 10:32:52 +0000 - rev 612573
Push 39484 by mlaza@mozilla.com at Mon, 28 Mar 2022 15:48:10 +0000
Bug 1734328 - Part 3: Add tests in browser_referrer_disallow_cross_site_relaxing.js r=ckerschb The patch modifies the browser_referrer_disallow_cross_site_relaxing.js to test the pref for controlling the disallowing less restricted referrer policies for top navigations. Differential Revision: https://phabricator.services.mozilla.com/D141868