Backed out changeset 3a087ad91d30 (bug 1626555) for build bustages. CLOSED TREE
authorBrindusan Cristian <cbrindusan@mozilla.com>
Mon, 09 Nov 2020 21:09:33 +0200
changeset 556459 6659b306f58551bc4b7414bba47b4e3c94da722d
parent 556458 92a9dddf064d2245f42b19e1d9e9d5d05ca41cd7
child 556460 eac6b57a5bf9b0f587b3dcecdd07edc1dd715e71
push id37935
push usernbeleuzu@mozilla.com
push dateMon, 09 Nov 2020 21:53:49 +0000
treeherdermozilla-central@6659b306f585 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1626555
milestone84.0a1
backs out3a087ad91d308a723d15b3b3ce0cc848a7a17b4e
first release with
nightly linux32
6659b306f585 / 84.0a1 / 20201109215349 / files
nightly linux64
6659b306f585 / 84.0a1 / 20201109215349 / files
nightly mac
6659b306f585 / 84.0a1 / 20201109215349 / files
nightly win32
6659b306f585 / 84.0a1 / 20201109215349 / files
nightly win64
6659b306f585 / 84.0a1 / 20201109215349 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 3a087ad91d30 (bug 1626555) for build bustages. CLOSED TREE
build/non-unified-compat
dom/security/DOMSecurityMonitor.cpp
dom/security/DOMSecurityMonitor.h
dom/security/FramingChecker.cpp
dom/security/PolicyTokenizer.cpp
dom/security/ReferrerInfo.cpp
dom/security/SRICheck.h
dom/security/SecFetch.cpp
dom/security/featurepolicy/FeaturePolicy.cpp
dom/security/featurepolicy/FeaturePolicyUtils.cpp
dom/security/nsCSPContext.cpp
dom/security/nsCSPParser.cpp
dom/security/nsCSPParser.h
dom/security/nsCSPService.cpp
dom/security/nsCSPService.h
dom/security/nsCSPUtils.cpp
dom/security/nsContentSecurityManager.cpp
dom/security/nsContentSecurityUtils.cpp
dom/security/nsContentSecurityUtils.h
dom/security/nsHTTPSOnlyUtils.cpp
netwerk/base/nsIOService.h
--- a/build/non-unified-compat
+++ b/build/non-unified-compat
@@ -46,10 +46,9 @@ dom/payments/
 dom/performance/
 dom/permission/
 dom/plugins/
 dom/power/
 dom/quota/
 dom/reporting/
 dom/res/
 dom/script/
-dom/security/
 dom/simpledb/
--- a/dom/security/DOMSecurityMonitor.cpp
+++ b/dom/security/DOMSecurityMonitor.cpp
@@ -6,17 +6,16 @@
 
 #include "DOMSecurityMonitor.h"
 #include "nsContentUtils.h"
 
 #include "nsIChannel.h"
 #include "nsILoadInfo.h"
 #include "nsIPrincipal.h"
 #include "nsIURI.h"
-#include "nsJSUtils.h"
 
 #include "mozilla/StaticPrefs_dom.h"
 
 /* static */
 void DOMSecurityMonitor::AuditParsingOfHTMLXMLFragments(
     nsIPrincipal* aPrincipal, const nsAString& aFragment) {
   // if the fragment parser (e.g. innerHTML()) is not called in chrome: code
   // or any of our about: pages, then there is nothing to do here.
@@ -37,17 +36,17 @@ void DOMSecurityMonitor::AuditParsingOfH
   uint32_t columnNum = 0;
   JSContext* cx = nsContentUtils::GetCurrentJSContext();
   if (!nsJSUtils::GetCallingLocation(cx, filename, &lineNum, &columnNum)) {
     return;
   }
 
   // check if we should skip assertion. Please only ever set this pref to
   // true if really needed for testing purposes.
-  if (mozilla::StaticPrefs::dom_security_skip_html_fragment_assertion()) {
+  if (StaticPrefs::dom_security_skip_html_fragment_assertion()) {
     return;
   }
 
   /*
    * WARNING: Do not add any new entries to the htmlFragmentAllowlist
    * withiout proper review from a dom:security peer!
    */
   static nsLiteralCString htmlFragmentAllowlist[] = {
--- a/dom/security/DOMSecurityMonitor.h
+++ b/dom/security/DOMSecurityMonitor.h
@@ -2,18 +2,16 @@
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_dom_DOMSecurityMonitor_h
 #define mozilla_dom_DOMSecurityMonitor_h
 
-#include "nsStringFwd.h"
-
 class nsIChannel;
 class nsIPrincipal;
 
 class DOMSecurityMonitor final {
  public:
   /* The fragment parser is triggered anytime JS calls innerHTML or similar
    * JS functions which can generate HTML fragments. This generation of
    * HTML might be dangerous, hence we should ensure that no new instances
--- a/dom/security/FramingChecker.cpp
+++ b/dom/security/FramingChecker.cpp
@@ -5,18 +5,16 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FramingChecker.h"
 #include "nsCharSeparatedTokenizer.h"
 #include "nsContentUtils.h"
 #include "nsCSPUtils.h"
 #include "nsDocShell.h"
 #include "nsHttpChannel.h"
-#include "nsContentSecurityUtils.h"
-#include "nsGlobalWindowOuter.h"
 #include "nsIChannel.h"
 #include "nsIConsoleReportCollector.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIScriptError.h"
 #include "nsNetUtil.h"
 #include "nsQueryObject.h"
 #include "nsTArray.h"
 #include "mozilla/BasePrincipal.h"
@@ -24,17 +22,16 @@
 #include "mozilla/dom/LoadURIOptionsBinding.h"
 #include "mozilla/dom/WindowGlobalParent.h"
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/net/HttpBaseChannel.h"
 
 #include "nsIObserverService.h"
 
 using namespace mozilla;
-using namespace mozilla::dom;
 
 /* static */
 void FramingChecker::ReportError(const char* aMessageTag,
                                  nsIHttpChannel* aChannel, nsIURI* aURI,
                                  const nsAString& aPolicy) {
   MOZ_ASSERT(aChannel);
   MOZ_ASSERT(aURI);
 
--- a/dom/security/PolicyTokenizer.cpp
+++ b/dom/security/PolicyTokenizer.cpp
@@ -1,18 +1,18 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "PolicyTokenizer.h"
 
-static mozilla::LogModule* GetPolicyTokenizerLog() {
-  static mozilla::LazyLogModule gPolicyTokenizerPRLog("PolicyTokenizer");
+static LogModule* GetPolicyTokenizerLog() {
+  static LazyLogModule gPolicyTokenizerPRLog("PolicyTokenizer");
   return gPolicyTokenizerPRLog;
 }
 
 #define POLICYTOKENIZERLOG(args) \
   MOZ_LOG(GetPolicyTokenizerLog(), mozilla::LogLevel::Debug, args)
 
 static const char16_t SEMICOL = ';';
 
--- a/dom/security/ReferrerInfo.cpp
+++ b/dom/security/ReferrerInfo.cpp
@@ -21,17 +21,16 @@
 
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/ContentBlocking.h"
 #include "mozilla/net/CookieJarSettings.h"
 #include "mozilla/net/HttpBaseChannel.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/StaticPrefs_network.h"
 #include "mozilla/StyleSheet.h"
-#include "nsIWebProgressListener.h"
 
 static mozilla::LazyLogModule gReferrerInfoLog("ReferrerInfo");
 #define LOG(msg) MOZ_LOG(gReferrerInfoLog, mozilla::LogLevel::Debug, msg)
 #define LOG_ENABLED() MOZ_LOG_TEST(gReferrerInfoLog, mozilla::LogLevel::Debug)
 
 using namespace mozilla::net;
 
 namespace mozilla {
--- a/dom/security/SRICheck.h
+++ b/dom/security/SRICheck.h
@@ -2,18 +2,16 @@
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_dom_SRICheck_h
 #define mozilla_dom_SRICheck_h
 
-#include "nsTString.h"
-#include "nsStringFwd.h"
 #include "nsCOMPtr.h"
 #include "nsICryptoHash.h"
 
 class nsIChannel;
 class nsIConsoleReportCollector;
 
 namespace mozilla {
 namespace dom {
--- a/dom/security/SecFetch.cpp
+++ b/dom/security/SecFetch.cpp
@@ -6,17 +6,16 @@
 
 #include "SecFetch.h"
 #include "nsIHttpChannel.h"
 #include "nsIRedirectHistoryEntry.h"
 #include "nsIReferrerInfo.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsMixedContentBlocker.h"
 #include "nsNetUtil.h"
-#include "mozilla/StaticPrefs_dom.h"
 
 // Helper function which maps an internal content policy type
 // to the corresponding destination for the context of SecFetch.
 nsCString MapInternalContentPolicyTypeToDest(nsContentPolicyType aType) {
   switch (aType) {
     case nsIContentPolicy::TYPE_OTHER:
       return "empty"_ns;
     case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
@@ -117,33 +116,33 @@ bool IsSameOrigin(nsIHttpChannel* aHTTPC
   nsCOMPtr<nsIURI> channelURI;
   NS_GetFinalChannelURI(aHTTPChannel, getter_AddRefs(channelURI));
 
   nsCOMPtr<nsILoadInfo> loadInfo = aHTTPChannel->LoadInfo();
   bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
   bool isSameOrigin = false;
   nsresult rv = loadInfo->TriggeringPrincipal()->IsSameOrigin(
       channelURI, isPrivateWin, &isSameOrigin);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 
   // if the initial request is not same-origin, we can return here
   // because we already know it's not a same-origin request
   if (!isSameOrigin) {
     return false;
   }
 
   // let's further check all the hoops in the redirectChain to
   // ensure all involved redirects are same-origin
   nsCOMPtr<nsIPrincipal> redirectPrincipal;
   for (nsIRedirectHistoryEntry* entry : loadInfo->RedirectChain()) {
     entry->GetPrincipal(getter_AddRefs(redirectPrincipal));
     if (redirectPrincipal) {
       rv = redirectPrincipal->IsSameOrigin(channelURI, isPrivateWin,
                                            &isSameOrigin);
-      mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+      Unused << NS_WARN_IF(NS_FAILED(rv));
       if (!isSameOrigin) {
         return false;
       }
     }
   }
 
   // must be a same-origin request
   return true;
@@ -156,23 +155,23 @@ bool IsSameSite(nsIChannel* aHTTPChannel
       do_GetService(THIRDPARTYUTIL_CONTRACTID);
   if (!thirdPartyUtil) {
     return false;
   }
 
   nsAutoCString hostDomain;
   nsCOMPtr<nsILoadInfo> loadInfo = aHTTPChannel->LoadInfo();
   nsresult rv = loadInfo->TriggeringPrincipal()->GetBaseDomain(hostDomain);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 
   nsAutoCString channelDomain;
   nsCOMPtr<nsIURI> channelURI;
   NS_GetFinalChannelURI(aHTTPChannel, getter_AddRefs(channelURI));
   rv = thirdPartyUtil->GetBaseDomain(channelURI, channelDomain);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 
   // if the initial request is not same-site, or not https, we can
   // return here because we already know it's not a same-site request
   if (!hostDomain.Equals(channelDomain) ||
       !loadInfo->TriggeringPrincipal()->SchemeIs("https")) {
     return false;
   }
 
@@ -218,27 +217,27 @@ bool IsUserTriggeredForSecFetchSite(nsIH
     if (originalReferrer) {
       return false;
     }
   }
 
   return true;
 }
 
-void mozilla::dom::SecFetch::AddSecFetchDest(nsIHttpChannel* aHTTPChannel) {
+void SecFetch::AddSecFetchDest(nsIHttpChannel* aHTTPChannel) {
   nsCOMPtr<nsILoadInfo> loadInfo = aHTTPChannel->LoadInfo();
   nsContentPolicyType contentType = loadInfo->InternalContentPolicyType();
   nsCString dest = MapInternalContentPolicyTypeToDest(contentType);
 
   nsresult rv =
       aHTTPChannel->SetRequestHeader("Sec-Fetch-Dest"_ns, dest, false);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 }
 
-void mozilla::dom::SecFetch::AddSecFetchMode(nsIHttpChannel* aHTTPChannel) {
+void SecFetch::AddSecFetchMode(nsIHttpChannel* aHTTPChannel) {
   nsAutoCString mode("no-cors");
 
   nsCOMPtr<nsILoadInfo> loadInfo = aHTTPChannel->LoadInfo();
   uint32_t securityMode = loadInfo->GetSecurityMode();
   nsContentPolicyType externalType = loadInfo->GetExternalContentPolicyType();
 
   if (securityMode ==
           nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
@@ -264,20 +263,20 @@ void mozilla::dom::SecFetch::AddSecFetch
       externalType == nsIContentPolicy::TYPE_OBJECT) {
     mode = "navigate"_ns;
   } else if (externalType == nsIContentPolicy::TYPE_WEBSOCKET) {
     mode = "websocket"_ns;
   }
 
   nsresult rv =
       aHTTPChannel->SetRequestHeader("Sec-Fetch-Mode"_ns, mode, false);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 }
 
-void mozilla::dom::SecFetch::AddSecFetchSite(nsIHttpChannel* aHTTPChannel) {
+void SecFetch::AddSecFetchSite(nsIHttpChannel* aHTTPChannel) {
   nsAutoCString site("same-origin");
 
   bool isSameOrigin = IsSameOrigin(aHTTPChannel);
   if (!isSameOrigin) {
     bool isSameSite = IsSameSite(aHTTPChannel);
     if (isSameSite) {
       site = "same-site"_ns;
     } else {
@@ -286,20 +285,20 @@ void mozilla::dom::SecFetch::AddSecFetch
   }
 
   if (IsUserTriggeredForSecFetchSite(aHTTPChannel)) {
     site = "none"_ns;
   }
 
   nsresult rv =
       aHTTPChannel->SetRequestHeader("Sec-Fetch-Site"_ns, site, false);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 }
 
-void mozilla::dom::SecFetch::AddSecFetchUser(nsIHttpChannel* aHTTPChannel) {
+void SecFetch::AddSecFetchUser(nsIHttpChannel* aHTTPChannel) {
   nsCOMPtr<nsILoadInfo> loadInfo = aHTTPChannel->LoadInfo();
   nsContentPolicyType externalType = loadInfo->GetExternalContentPolicyType();
 
   // sec-fetch-user only applies to loads of type document or subdocument
   if (externalType != nsIContentPolicy::TYPE_DOCUMENT &&
       externalType != nsIContentPolicy::TYPE_SUBDOCUMENT) {
     return;
   }
@@ -307,20 +306,20 @@ void mozilla::dom::SecFetch::AddSecFetch
   // sec-fetch-user only applies if the request is user triggered
   if (!loadInfo->GetHasValidUserGestureActivation()) {
     return;
   }
 
   nsAutoCString user("?1");
   nsresult rv =
       aHTTPChannel->SetRequestHeader("Sec-Fetch-User"_ns, user, false);
-  mozilla::Unused << NS_WARN_IF(NS_FAILED(rv));
+  Unused << NS_WARN_IF(NS_FAILED(rv));
 }
 
-void mozilla::dom::SecFetch::AddSecFetchHeader(nsIHttpChannel* aHTTPChannel) {
+void SecFetch::AddSecFetchHeader(nsIHttpChannel* aHTTPChannel) {
   // if sec-fetch-* is prefed off, then there is nothing to do
   if (!StaticPrefs::dom_security_secFetch_enabled()) {
     return;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = aHTTPChannel->GetURI(getter_AddRefs(uri));
   if (NS_WARN_IF(NS_FAILED(rv))) {
--- a/dom/security/featurepolicy/FeaturePolicy.cpp
+++ b/dom/security/featurepolicy/FeaturePolicy.cpp
@@ -1,16 +1,15 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "FeaturePolicy.h"
-#include "mozilla/dom/Feature.h"
 #include "mozilla/dom/FeaturePolicyBinding.h"
 #include "mozilla/dom/FeaturePolicyParser.h"
 #include "mozilla/dom/FeaturePolicyUtils.h"
 #include "mozilla/StaticPrefs_dom.h"
 #include "nsContentUtils.h"
 #include "nsNetUtil.h"
 
 namespace mozilla {
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@@ -8,17 +8,16 @@
 #include "nsIOService.h"
 
 #include "mozilla/dom/DOMTypes.h"
 #include "mozilla/ipc/IPDLParamTraits.h"
 #include "mozilla/dom/FeaturePolicyViolationReportBody.h"
 #include "mozilla/dom/ReportingUtils.h"
 #include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/dom/Document.h"
-#include "nsContentUtils.h"
 #include "nsJSUtils.h"
 
 namespace mozilla {
 namespace dom {
 
 struct FeatureMap {
   const char* mFeatureName;
   FeaturePolicyUtils::FeaturePolicyValue mDefaultAllowList;
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -8,17 +8,16 @@
 #include <unordered_set>
 
 #include "nsCOMPtr.h"
 #include "nsContentPolicyUtils.h"
 #include "nsContentUtils.h"
 #include "nsCSPContext.h"
 #include "nsCSPParser.h"
 #include "nsCSPService.h"
-#include "nsGlobalWindowOuter.h"
 #include "nsError.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
 #include "nsIClassInfoImpl.h"
 #include "mozilla/dom/Document.h"
 #include "nsIHttpChannel.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIObjectInputStream.h"
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -1,41 +1,62 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ArrayUtils.h"
-#include "mozilla/dom/Document.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/StaticPrefs_security.h"
 #include "nsCOMPtr.h"
 #include "nsContentUtils.h"
 #include "nsCSPParser.h"
 #include "nsCSPUtils.h"
 #include "nsIScriptError.h"
 #include "nsNetUtil.h"
 #include "nsReadableUtils.h"
 #include "nsServiceManagerUtils.h"
 #include "nsUnicharUtils.h"
 
 using namespace mozilla;
-using namespace mozilla::dom;
 
 static LogModule* GetCspParserLog() {
   static LazyLogModule gCspParserPRLog("CSPParser");
   return gCspParserPRLog;
 }
 
 #define CSPPARSERLOG(args) \
   MOZ_LOG(GetCspParserLog(), mozilla::LogLevel::Debug, args)
 #define CSPPARSERLOGENABLED() \
   MOZ_LOG_TEST(GetCspParserLog(), mozilla::LogLevel::Debug)
 
+// clang-format off
+static const char16_t COLON        = ':';
+static const char16_t SEMICOLON    = ';';
+static const char16_t SLASH        = '/';
+static const char16_t PLUS         = '+';
+static const char16_t DASH         = '-';
+static const char16_t DOT          = '.';
+static const char16_t UNDERLINE    = '_';
+static const char16_t TILDE        = '~';
+static const char16_t WILDCARD     = '*';
+static const char16_t SINGLEQUOTE  = '\'';
+static const char16_t NUMBER_SIGN  = '#';
+static const char16_t QUESTIONMARK = '?';
+static const char16_t PERCENT_SIGN = '%';
+static const char16_t EXCLAMATION  = '!';
+static const char16_t DOLLAR       = '$';
+static const char16_t AMPERSAND    = '&';
+static const char16_t OPENBRACE    = '(';
+static const char16_t CLOSINGBRACE = ')';
+static const char16_t EQUALS       = '=';
+static const char16_t ATSYMBOL     = '@';
+// clang-format on
+
 static const uint32_t kSubHostPathCharacterCutoff = 512;
 
 static const char* const kHashSourceValidFns[] = {"sha256", "sha384", "sha512"};
 static const uint32_t kHashSourceValidFnsLen = 3;
 
 /* ===== nsCSPParser ==================== */
 
 nsCSPParser::nsCSPParser(policyTokens& aTokens, nsIURI* aSelfURI,
@@ -60,17 +81,21 @@ nsCSPParser::nsCSPParser(policyTokens& a
 
 nsCSPParser::~nsCSPParser() { CSPPARSERLOG(("nsCSPParser::~nsCSPParser")); }
 
 static bool isCharacterToken(char16_t aSymbol) {
   return (aSymbol >= 'a' && aSymbol <= 'z') ||
          (aSymbol >= 'A' && aSymbol <= 'Z');
 }
 
-bool isValidHexDig(char16_t aHexDig) {
+static bool isNumberToken(char16_t aSymbol) {
+  return (aSymbol >= '0' && aSymbol <= '9');
+}
+
+static bool isValidHexDig(char16_t aHexDig) {
   return (isNumberToken(aHexDig) || (aHexDig >= 'A' && aHexDig <= 'F') ||
           (aHexDig >= 'a' && aHexDig <= 'f'));
 }
 
 static bool isValidBase64Value(const char16_t* cur, const char16_t* end) {
   // Using grammar at
   // https://w3c.github.io/webappsec-csp/#grammardef-nonce-source
 
--- a/dom/security/nsCSPParser.h
+++ b/dom/security/nsCSPParser.h
@@ -3,46 +3,19 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef nsCSPParser_h___
 #define nsCSPParser_h___
 
 #include "nsCSPUtils.h"
-#include "nsCSPContext.h"
 #include "nsIURI.h"
 #include "PolicyTokenizer.h"
 
-bool isNumberToken(char16_t aSymbol);
-bool isValidHexDig(char16_t aHexDig);
-
-// clang-format off
-const char16_t COLON        = ':';
-const char16_t SEMICOLON    = ';';
-const char16_t SLASH        = '/';
-const char16_t PLUS         = '+';
-const char16_t DASH         = '-';
-const char16_t DOT          = '.';
-const char16_t UNDERLINE    = '_';
-const char16_t TILDE        = '~';
-const char16_t WILDCARD     = '*';
-const char16_t SINGLEQUOTE  = '\'';
-const char16_t NUMBER_SIGN  = '#';
-const char16_t QUESTIONMARK = '?';
-const char16_t PERCENT_SIGN = '%';
-const char16_t EXCLAMATION  = '!';
-const char16_t DOLLAR       = '$';
-const char16_t AMPERSAND    = '&';
-const char16_t OPENBRACE    = '(';
-const char16_t CLOSINGBRACE = ')';
-const char16_t EQUALS       = '=';
-const char16_t ATSYMBOL     = '@';
-// clang-format on
-
 class nsCSPParser {
  public:
   /**
    * The CSP parser only has one publicly accessible function, which is
    * parseContentSecurityPolicy. Internally the input string is separated into
    * string tokens and policy() is called, which starts parsing the policy. The
    * parser calls one function after the other according the the source-list
    * from http://www.w3.org/TR/CSP11/#source-list. E.g., the parser can only
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -14,18 +14,16 @@
 #include "nsCSPService.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsError.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
 #include "nsAsyncRedirectVerifyHelper.h"
 #include "nsContentUtils.h"
 #include "nsContentPolicyUtils.h"
 #include "nsNetUtil.h"
-#include "nsIProtocolHandler.h"
-#include "nsQueryObject.h"
 #include "mozilla/net/DocumentLoadListener.h"
 #include "mozilla/net/DocumentChannel.h"
 
 using namespace mozilla;
 
 static LazyLogModule gCspPRLog("CSP");
 
 CSPService::CSPService() = default;
--- a/dom/security/nsCSPService.h
+++ b/dom/security/nsCSPService.h
@@ -35,14 +35,14 @@ class CSPService : public nsIContentPoli
                              int16_t* aDecision);
 
   // Static helper to check CSP when doing a channel redirect.
   // Returns the results to returns from
   // AsyncOnChannelRedirect/nsIAsyncVerifyRedirectCallback. Optionally returns
   // an nsresult to Cancel the old channel with.
   static nsresult ConsultCSPForRedirect(nsIURI* aOriginalURI, nsIURI* aNewURI,
                                         nsILoadInfo* aLoadInfo,
-                                        mozilla::Maybe<nsresult>& aCancelCode);
+                                        Maybe<nsresult>& aCancelCode);
 
  protected:
   virtual ~CSPService();
 };
 #endif /* nsCSPService_h___ */
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -4,27 +4,25 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsAttrValue.h"
 #include "nsCharSeparatedTokenizer.h"
 #include "nsContentUtils.h"
 #include "nsCSPUtils.h"
 #include "nsDebug.h"
-#include "nsCSPParser.h"
 #include "nsIConsoleService.h"
 #include "nsIChannel.h"
 #include "nsICryptoHash.h"
 #include "nsIScriptError.h"
 #include "nsIStringBundle.h"
 #include "nsIURL.h"
 #include "nsReadableUtils.h"
 #include "nsSandboxFlags.h"
 
-#include "mozilla/dom/CSPDictionariesBinding.h"
 #include "mozilla/dom/Document.h"
 #include "mozilla/StaticPrefs_security.h"
 
 #define DEFAULT_PORT -1
 
 static mozilla::LogModule* GetCspUtilsLog() {
   static mozilla::LazyLogModule gCspUtilsPRLog("CSPUtils");
   return gCspUtilsPRLog;
@@ -114,17 +112,17 @@ bool CSP_ShouldResponseInheritCSP(nsICha
   }
 
   return uri->SchemeIs("blob") || uri->SchemeIs("data") ||
          uri->SchemeIs("filesystem") || uri->SchemeIs("javascript");
 }
 
 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
                            const nsAString& aPolicyStr) {
-  if (!mozilla::StaticPrefs::security_csp_enable() || aDoc.IsLoadedAsData()) {
+  if (!StaticPrefs::security_csp_enable() || aDoc.IsLoadedAsData()) {
     return;
   }
 
   nsAutoString policyStr(
       nsContentUtils::TrimWhitespace<nsContentUtils::IsHTMLWhitespace>(
           aPolicyStr));
 
   if (policyStr.IsEmpty()) {
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -13,53 +13,49 @@
 #include "nsIChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsINode.h"
 #include "nsIStreamListener.h"
 #include "nsILoadInfo.h"
 #include "nsIOService.h"
 #include "nsContentUtils.h"
 #include "nsCORSListenerProxy.h"
-#include "nsIParentChannel.h"
 #include "nsIStreamListener.h"
 #include "nsIRedirectHistoryEntry.h"
 #include "nsReadableUtils.h"
 #include "nsIXPConnect.h"
 
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/CmdLineAndEnvUtils.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/nsMixedContentBlocker.h"
 #include "mozilla/dom/BrowserChild.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/ContentParent.h"
-#include "mozilla/dom/Document.h"
 #include "mozilla/Components.h"
 #include "mozilla/Logging.h"
 #include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/StaticPrefs_security.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TelemetryComms.h"
 #include "xpcpublic.h"
 #include "nsMimeTypes.h"
 
 #include "jsapi.h"
 #include "js/RegExp.h"
 
-using namespace mozilla;
-using namespace mozilla::dom;
 using namespace mozilla::Telemetry;
 
 NS_IMPL_ISUPPORTS(nsContentSecurityManager, nsIContentSecurityManager,
                   nsIChannelEventSink)
 
-mozilla::LazyLogModule sCSMLog("CSMLog");
+static mozilla::LazyLogModule sCSMLog("CSMLog");
 
-Atomic<bool, mozilla::Relaxed> sTelemetryEventEnabled(false);
+static Atomic<bool, mozilla::Relaxed> sTelemetryEventEnabled(false);
 
 /* static */
 bool nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
     nsIChannel* aChannel) {
   // Let's block all toplevel document navigations to a data: URI.
   // In all cases where the toplevel document is navigated to a
   // data: URI the triggeringPrincipal is a contentPrincipal, or
   // a NullPrincipal. In other cases, e.g. typing a data: URL into
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@@ -3,54 +3,34 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* A namespace class for static content security utilities. */
 
 #include "nsContentSecurityUtils.h"
 
-#include "mozilla/dom/nsMixedContentBlocker.h"
-#include "mozilla/dom/ScriptSettings.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIChannel.h"
 #include "nsIHttpChannel.h"
 #include "nsIMultiPartChannel.h"
 #include "nsIURI.h"
 #include "nsITransfer.h"
-#include "nsSandboxFlags.h"
 #if defined(XP_WIN)
 #  include "WinUtils.h"
 #  include <wininet.h>
 #endif
 
-#include "FramingChecker.h"
 #include "js/Array.h"  // JS::GetArrayLength
-#include "js/RegExp.h"
-#include "js/RegExpFlags.h"  // JS::RegExpFlags
 #include "mozilla/ExtensionPolicyService.h"
 #include "mozilla/Logging.h"
 #include "mozilla/dom/Document.h"
-#include "mozilla/dom/nsCSPContext.h"
-#include "mozilla/StaticPrefs_security.h"
 #include "LoadInfo.h"
 #include "mozilla/StaticPrefs_extensions.h"
 #include "mozilla/StaticPrefs_dom.h"
-#include "mozilla/Telemetry.h"
-#include "mozilla/TelemetryComms.h"
-#include "mozilla/TelemetryEventEnums.h"
-#include "nsIConsoleService.h"
-#include "nsIStringBundle.h"
-
-using namespace mozilla;
-using namespace mozilla::dom;
-using namespace mozilla::Telemetry;
-
-extern mozilla::LazyLogModule sCSMLog;
-extern Atomic<bool, mozilla::Relaxed> sTelemetryEventEnabled;
 
 // Helper function for IsConsideredSameOriginForUIR which makes
 // Principals of scheme 'http' return Principals of scheme 'https'.
 static already_AddRefed<nsIPrincipal> MakeHTTPPrincipalHTTPS(
     nsIPrincipal* aPrincipal) {
   nsCOMPtr<nsIPrincipal> principal = aPrincipal;
   // if the principal is not http, then it can also not be upgraded
   // to https.
@@ -119,21 +99,21 @@ bool nsContentSecurityUtils::IsConsidere
  * @returns nsresult indicating correct function operation or error
  */
 nsresult RegexEval(const nsAString& aPattern, const nsAString& aString,
                    bool aOnlyMatch, bool& aMatchResult,
                    nsTArray<nsString>* aRegexResults = nullptr) {
   MOZ_ASSERT(NS_IsMainThread());
   aMatchResult = false;
 
-  mozilla::dom::AutoJSAPI jsapi;
+  AutoJSAPI jsapi;
   jsapi.Init();
 
   JSContext* cx = jsapi.cx();
-  mozilla::AutoDisableJSInterruptCallback disabler(cx);
+  AutoDisableJSInterruptCallback disabler(cx);
 
   // We can use the junk scope here, because we're just using it for regexp
   // evaluation, not actual script execution, and we disable statics so that the
   // evaluation does not interact with the execution global.
   JSAutoRealm ar(cx, xpc::PrivilegedJunkScope());
 
   JS::RootedObject regexp(
       cx, JS::NewUCRegExpObject(cx, aPattern.BeginReading(), aPattern.Length(),
@@ -1119,20 +1099,20 @@ long nsContentSecurityUtils::ClassifyDow
   nsCOMPtr<nsIURI> contentLocation;
   aChannel->GetURI(getter_AddRefs(contentLocation));
 
   nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
   if (!loadingPrincipal) {
     loadingPrincipal = loadInfo->TriggeringPrincipal();
   }
   // Creating a fake Loadinfo that is just used for the MCB check.
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new mozilla::net::LoadInfo(
-      loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
-      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-      nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD);
+  nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
+      new LoadInfo(loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
+                   nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+                   nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD);
 
   int16_t decission = nsIContentPolicy::ACCEPT;
   nsMixedContentBlocker::ShouldLoad(false,  //  aHadInsecureImageRedirect
                                     contentLocation,   //  aContentLocation,
                                     secCheckLoadInfo,  //  aLoadinfo
                                     aMimeTypeGuess,    //  aMimeGuess,
                                     false,             //  aReportError
                                     &decission         // aDecision
--- a/dom/security/nsContentSecurityUtils.h
+++ b/dom/security/nsContentSecurityUtils.h
@@ -4,25 +4,18 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* A namespace class for static content security utilities. */
 
 #ifndef nsContentSecurityUtils_h___
 #define nsContentSecurityUtils_h___
 
-#include <utility>
-#include "mozilla/Maybe.h"
-#include "nsStringFwd.h"
-
-struct JSContext;
 class nsIChannel;
 class nsIHttpChannel;
-class nsIPrincipal;
-class NS_ConvertUTF8toUTF16;
 
 namespace mozilla {
 namespace dom {
 class Document;
 }  // namespace dom
 }  // namespace mozilla
 
 typedef std::pair<nsCString, mozilla::Maybe<nsString>> FilenameTypeAndDetails;
--- a/dom/security/nsHTTPSOnlyUtils.cpp
+++ b/dom/security/nsHTTPSOnlyUtils.cpp
@@ -430,17 +430,17 @@ TestHTTPAnswerRunnable::OnStartRequest(n
     nsCOMPtr<nsILoadInfo> loadInfo = httpsOnlyChannel->LoadInfo();
     uint32_t topLevelLoadInProgress =
         loadInfo->GetHttpsOnlyStatus() &
         nsILoadInfo::HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS;
 
     nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal =
         do_QueryInterface(httpsOnlyChannel);
     bool isAuthChannel = false;
-    mozilla::Unused << httpChannelInternal->GetIsAuthChannel(&isAuthChannel);
+    Unused << httpChannelInternal->GetIsAuthChannel(&isAuthChannel);
     if (!topLevelLoadInProgress && !isAuthChannel) {
       // Only really cancel the original top-level channel if it's
       // status is still NS_OK, otherwise it might have already
       // encountered some other error and was cancelled.
       nsresult httpsOnlyChannelStatus;
       httpsOnlyChannel->GetStatus(&httpsOnlyChannelStatus);
       if (httpsOnlyChannelStatus == NS_OK) {
         httpsOnlyChannel->Cancel(NS_ERROR_NET_TIMEOUT);
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@@ -12,17 +12,16 @@
 #include "nsCOMPtr.h"
 #include "nsIObserver.h"
 #include "nsIWeakReferenceUtils.h"
 #include "nsINetUtil.h"
 #include "nsIChannelEventSink.h"
 #include "nsCategoryCache.h"
 #include "nsISpeculativeConnect.h"
 #include "nsDataHashtable.h"
-#include "nsWeakReference.h"
 #include "mozilla/Atomics.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/Mutex.h"
 #include "prtime.h"
 #include "nsICaptivePortalService.h"
 #include "nsIObserverService.h"
 
 #define NS_N(x) (sizeof(x) / sizeof(*x))