content/base/src/CSPUtils.jsm
3a34bf944379d919f064d705b93b36aaf7df57ff
created 2014-07-07 11:59 -0700
pushed 2014-07-21 21:23 +0000
Sid Stamm Sid Stamm - Bug 991466 - remove the specCompliant flag from CSP since it's no longer needed. (r=ckerschb,jst)
2a3662513dd78fa8693f097391f57ee6a6b37ed0
created 2014-06-25 12:07 -0700
pushed 2014-07-21 21:23 +0000
Sid Stamm Sid Stamm - Bug 949533 - Remove uses of x-content-security-policy and pre-spec-compliant parsing/enforcement (file changes). r=jst,grobinson
4be0c027d10646c04947452737ed17e13be03008
created 2014-04-02 10:57 -0700
pushed 2014-04-28 18:43 +0000
Garrett Robinson Garrett Robinson - Bug 971341: Fix infinite tab loading due to missing characters in CSP's path regexes r=sstamm
b96e8768536971a917a442395f6c9274727838f7
created 2014-03-21 14:24 -0700
pushed 2014-04-28 18:43 +0000
Garrett Robinson Garrett Robinson - Bug 979580: Enable CSP 1.1 {nonce,hash}-source by default r=sstamm
b0f6b063188e5dd45afe7081d4b652c4cbaa2357
created 2014-04-02 10:57 -0700
pushed 2014-04-07 16:51 +0000
Garrett Robinson Garrett Robinson - Bug 971341 - Fix infinite tab loading due to missing characters in CSP's path regexes. r=sstamm, a=lsblakk
4bc1a1d739f4e5826ffe86615bd84e973e862cbd
created 2014-02-13 10:10 -0500
pushed 2014-03-17 23:08 +0000
Yeuk Hon Wong Yeuk Hon Wong - Bug 847081 - Throw a warning when a '*-report-only' header doesn't contain a 'report-uri' directive. r=geekboy
618319a4d21dac9f6467835207770b3bf97f5ca6
created 2014-01-30 22:22 +0100
pushed 2014-03-17 23:08 +0000
Antonio M. Amaya Antonio M. Amaya - Bug 965273 - CSP: Fix serialization and deserialization and add support for the {} characters on the host name. r=sstamm
d0b0160601f7c484a7a16861c520088ddc0d878c
created 2014-01-31 21:54 -0500
pushed 2014-02-04 01:47 +0000
Garrett Robinson Garrett Robinson - Bug 963901 - Fix variable format error. r=sstamm
65dbffad01e1d258d6819faaf728e099635991b6
created 2013-10-13 21:12 -0700
pushed 2014-02-04 01:47 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 916054 - URLs with path are ignored by FF's CSP parser. r=grobinson
84802a40e62d5db5f9ca3225170a48828cd83570
created 2014-01-24 10:24 -0800
pushed 2014-02-04 01:47 +0000
Sid Stamm Sid Stamm - Bug 843311 - update CSP report-uri parsing to be spec compliant. r=grobinson
c04f78be70b8a36c6bba29d5115f4aa11584d43d
created 2014-01-22 13:18 -0800
pushed 2014-02-04 01:47 +0000
Yeuk Hon Wong Yeuk Hon Wong - Bug 938652 - CSP directives and source expressions should do case-insensitive matching and comparison. r=geekboy
1f71357d7de13f2805261d5faba73d5bcd87452b
created 2014-01-17 11:10 -0500
pushed 2014-02-04 01:47 +0000
Yeuk Hon Wong Yeuk Hon Wong - Bug 587377 - Display CSP warning in the web console if a hostname is a quoteless CSP keyword match. r=sstamm
d570802145c998d4002af2e186f9860c46eb3144
created 2014-01-02 11:14 -0800
pushed 2014-02-04 01:47 +0000
Garrett Robinson Garrett Robinson - Bug 883975 - CSP 1.1 hash-source. r=sstamm, r=dholbert, r=mrbkap
1bf867ff42154ad80095c6b814004a7dd29e280a
created 2013-11-08 15:44 -0800
pushed 2013-12-09 20:24 +0000
Garrett Robinson Garrett Robinson - Bug 855326 - CSP 1.1 nonce-source for scripts and styles r=mrbkap r=dholbert r=geekboy
c450394551653e6a24d97ae2987d41becf40a1a8
created 2013-11-08 11:22 -0800
pushed 2013-12-09 20:24 +0000
Daniel Holbert Daniel Holbert - backout 57213b64023b (bug 855326) for build bustage in debug builds
57213b64023b7ad16014b296c5817d39a29c3907
created 2013-11-08 09:20 -0800
pushed 2013-12-09 20:24 +0000
Garrett Robinson Garrett Robinson - Bug 855326 - CSP 1.1 nonce-source for scripts and styles. r=mrbkap r=dholbert r=geekboy
3c9f15727c3161b416c6254f287c5ea574185b7c
created 2013-10-28 11:25 -0700
pushed 2013-11-06 20:48 +0000
Garrett Robinson Garrett Robinson - Bug 924708 - Fix regression of report-only CSP's that use policy-uri. r=sstamm, a=lsblakk
ae8e54262630dc54743de7e33e9e5139b72d2316
created 2013-10-23 14:49 -0700
pushed 2013-10-28 22:18 +0000
Garrett Robinson Garrett Robinson - Bug 909029 - Fix incorrect parsing of CSP source list due to early return
33be4ad3a7208e6b4c1af75fcb03764df9982e44
created 2013-10-03 14:35 -0700
pushed 2013-10-28 22:18 +0000
Sid Stamm Sid Stamm - Bug 916881 - remove stray refinePolicy in CSPUtils.jsm. r=grobinson
1ac76a8ec55a9c39d87ac8731115a07f3131d3c7
created 2013-09-27 12:12 -0700
pushed 2013-10-28 22:18 +0000
Wes Kocher Wes Kocher - Backed out changeset 1b86035e7da0 (bug 916881) for CSP-related test failures on a CLOSED TREE
1b86035e7da074d2f6d85ff8fce8eba39cc491db
created 2013-09-27 10:43 -0700
pushed 2013-10-28 22:18 +0000
Sid Stamm Sid Stamm - Bug 916881 - remove stray refinePolicy in CSPUtils.jsm. r=grobinson
960bd69797360e9933a21a45a29ab112f2955217
created 2013-09-19 17:31 -0400
pushed 2013-10-28 22:18 +0000
Garrett Robinson Garrett Robinson - Bug 916446 -Pass reportOnly to CSPRep.fromString so invalid pre-1.0 CSP headers aren't accidentally enforced. r=sstamm
d7d304e28da9962bab1c9233fee36e03c1e241d8
created 2013-09-17 20:25 -0400
pushed 2013-10-28 22:18 +0000
Ryan VanderMeulen Ryan VanderMeulen - Backed out changeset d63424e06b3e (bug 916446) for B2G mochitest-1 failures.
500b46d8c38ac08d89b4d642e4dae5960e0e8a2c
created 2013-09-19 17:31 -0400
pushed 2013-09-30 14:03 +0000
Garrett Robinson Garrett Robinson - Bug 916446 - Pass reportOnly to CSPRep.fromString so invalid pre-1.0 CSP headers aren't accidentally enforced. r=sstamm, a=lsblakk
1a475fdee12b899962f76fd92b763686c7e349b5
created 2013-09-12 09:25 -0700
pushed 2013-09-17 14:18 +0000
Sid Stamm Sid Stamm - bug 836922 - (CSP) remove intersectWith once multiple policies are supported. r=grobinson
1d23736e3779e38e38f2b81126872d449763f5a2
created 2013-09-12 09:25 -0700
pushed 2013-09-17 14:18 +0000
Sid Stamm Sid Stamm - bug 836922 - support mulitiple CSP policies at the same time. r=jst,grobinson
58305759794a4ca91d7b14ef03d81ebebc83f233
created 2013-08-12 12:34 +0200
pushed 2013-09-17 14:18 +0000
Frederik Braun Frederik Braun - Bug 607067 - Improve CSP violation messages for base restrictions and fix affected testcases. r=imelven, r=sstamm
249fdcaeac5ae3f8534562b3d199c35896e2df0a
created 2013-07-24 17:48 -0400
pushed 2013-07-25 18:07 +0000
Garrett Robinson Garrett Robinson - Bug 888172 - CSP 1.0 does not process 'unsafe-inline' or 'unsafe-eval' for default-src. r=imelven, a=lsblakk
589121b50d01dd13f1bda0e4f2837c30333c672f
created 2013-07-03 13:11 -0700
pushed 2013-07-03 20:25 +0000
Garrett Robinson Garrett Robinson - Bug 885433 - CSP should not block inline scripts or eval unless script-src or default-src are included (r=imelven a=bajaj)
3f9d6dbaf66974cf2ba8e077ac638458f73dad42
created 2013-07-01 18:04 -0700
pushed 2013-07-02 01:04 +0000
Garrett Robinson Garrett Robinson - Bug 887974 - CSP: when script-src has both 'unsafe-inline' and 'unsafe-eval' directives present, eval() is still not allowed (r=sstamm a=bbajaj)
bb9825ad154ff7364cf5230951c3d4a47e6578bd
created 2013-06-21 16:43 -0700
pushed 2013-06-24 20:17 +0000
Sid Stamm Sid Stamm - Bug 780978 - remove makeExplicit() from CSPUtils.jsm. (r=imelven)
8e1c229ed6c624df131e4bf3ae6ffd2e51c68705
created 2013-06-21 16:43 -0700
pushed 2013-06-24 20:17 +0000
Sid Stamm Sid Stamm - Bug 764937 - make sure CSP 1.0 compliant parser infers "default-src *" when a default-src isn't specified (r=tanvi)
3890895968afc5cfe57e08824fcb884fb29fff91
created 2013-05-15 11:30 +0200
pushed 2013-06-24 20:17 +0000
Frederik Braun Frederik Braun - Bug 879316 - Clean up CSP logging code. r=imelven
9eb574cd8faf9fda76094811db2efffebbcdbeb3
created 2012-08-30 10:58 -0700
pushed 2013-06-24 20:17 +0000
Ian Melven Ian Melven - Bug 763879 - implement inline stylesheet blocking for CSP (r=dbaron)
8be85024c3150ba97342b31b3367adc85860f9f0
created 2013-05-16 11:15 -0400
pushed 2013-06-24 20:17 +0000
Ryan VanderMeulen Ryan VanderMeulen - Backed out 2 changesets (bug 763879, bug 842657) for landing with an r-. DONTBUILD
a5adc5997af895a13bd308c20d5c925e11f9422a
created 2012-08-30 10:58 -0700
pushed 2013-05-28 19:41 +0000
Ian Melven Ian Melven - Bug 763879 - Implement inline stylesheet blocking for CSP. r=dbaron, a=lsblakk
c1d4ca637c6107a5a56b38ff2ca0a0993869da06
created 2013-03-28 10:05 -0700
pushed 2013-04-01 20:50 +0000
Sid Stamm Sid Stamm - Bug 832398 - change default-source to default-src in CSP error messages. r=l10n
baa90816699d5c38dc1a76ae99ac40614e797079
created 2013-03-18 12:43 -0700
pushed 2013-04-01 20:50 +0000
Ian Melven Ian Melven - Bug 846458 - intermittent TEST-UNEXPECTED-PASS | /tests/content/base/test/test_bug548193.html | Assertion count 0 is less than expected range 1-1 assertions. (r=sstamm)
be239b15a0f1334b216985bd91e6f89834c43b48
created 2013-02-22 20:40 -0800
pushed 2013-04-01 20:50 +0000
Phil Ringnalda Phil Ringnalda - Back out 5520e123f526 (bug 763879) for b2g mochitest-8 and mochitest-9 failures
5520e123f52693457d943af9c23fbf18bf2a6f54
created 2012-08-30 10:58 -0700
pushed 2013-04-01 20:50 +0000
Sid Stamm Sid Stamm - Bug 763879 - implement inline stylesheet blocking for CSP (r=dbaron)
3b9a168fc0b7ff2606fdccbf1bd943cb7faf4167
created 2013-02-01 11:51 -0800
pushed 2013-02-19 18:42 +0000
Sid Stamm Sid Stamm - Bug 779918 - disregard auth credentials in URLs when doing CSP policy checks. (r=imelven)
4285b55dfb2d5436dbfb82a718b5e0ed06f98d86
created 2013-02-01 10:53 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 832193 - Content Security Policy: a source of *.something.com is mistakenly interpreted as a source of http://*:80 (r=sstamm)
eb9e62dc084bdbca33db99855575bd1980e5dd5f
created 2013-01-09 10:57 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 746978 - sync CSP directive parsing and directive names with w3c CSP 1.0 spec - part 6 - fix up toString (r=sstamm)
3ff903c405aa260fef6db265496014d351cfcb79
created 2013-01-09 10:57 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 746978 - sync CSP directive parsing and directive names with w3c CSP 1.0 spec - Part 5 - unsafe-eval (r=sstamm)
11732b70b74d48ef79a8d85e6cb2fd01dffaab3d
created 2013-01-09 10:57 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 746978 - sync CSP directive parsing and directive names with w3c CSP 1.0 spec - Part 4 - unsafe-inline (r=sstamm)
a16f8c77ab42dc4577f16f5f004d193587e23679
created 2013-01-09 10:57 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 746978 - sync CSP directive parsing and directive names with w3c spec - Part 1 (r=sstamm)
1569edaba5fc36c9b99a3164629bf8eb44fe6edf
created 2013-01-09 10:57 -0800
pushed 2013-02-19 18:42 +0000
Ian Melven Ian Melven - Bug 783049 - CSP : use existing/old parser for X-Content-Security-Policy header, new/CSP 1.0 spec compliant parser for Content-Security-Policy header - Part 1 (r=bz)
f76aba08813d591f201d10adea68bf0886c96446
created 2013-02-04 16:50 -0800
pushed 2013-02-05 00:51 +0000
Ian Melven Ian Melven - Bug 832193 - Content Security Policy: a source of *.something.com is mistakenly interpreted as a source of http://*:80 (r=sstamm a=lsblakk)
60cca0a957d8c162b829bc4ecaa8f2a3c2af6eac
created 2012-12-21 10:48 -0800
pushed 2012-12-21 19:49 +0000
Fabrice Desré Fabrice Desré - Bug 820196 - Add caching to CSP policy checks to speed up CSP on B2G apps. r=sstamm a=sicking
3daa224d61172702627a6c7dedc7a5d4d7909528
created 2012-12-17 22:27 -0500
pushed 2012-12-18 03:27 +0000
Ryan VanderMeulen Ryan VanderMeulen - Backed out changeset 083ea967f797 (bug 820196) for build bustage. a=backout
083ea967f7979e897eb6081bc21a4fcbb6c1aa2f
created 2012-12-14 14:53 -0800
pushed 2012-12-18 03:08 +0000
Fabrice Desré Fabrice Desré - Bug 820196 - CSP slows down app startup by ~12%. r=sstamm, a=sicking
5ce71981e005a52d4cb0b831ad3db9284f2fb356
created 2012-10-31 09:13 -0700
pushed 2012-11-19 23:12 +0000
Kyle Huey Kyle Huey - Bug 798491: Add an option to stick all chrome JSMs/JS components in the same compartment. r=mrbkap,philikon
5bf3abe91210f94d5d92ba95e114181e366d82ea
created 2012-10-31 16:35 +0800
pushed 2012-11-19 23:12 +0000
Vicamo Yang Vicamo Yang - Backout 67cb43bb8865: Breaks B2G Marionette
67cb43bb8865ecbcb79c2ea04a0494fd223cc69d
created 2012-10-30 12:28 -0700
pushed 2012-11-19 23:12 +0000
Kyle Huey Kyle Huey - Bug 798491: Add an option to stick all chrome JSMs/JS components in the same compartment. r=mrbkap,philikon
ad1d720d82b7f84d3c7e50f4b02b7c3201662ddb
created 2012-10-30 17:02 +0000
pushed 2012-11-19 23:12 +0000
Ed Morley Ed Morley - Backout a145ded68994, e0cf397089ec & 1545e91c658e (bug 798491) for bustage on a CLOSED TREE
658d1cf59d3817414e3549c19f0f279de750d48d
created 2012-11-11 10:28 -0800
pushed 2012-11-11 18:29 +0000
Kyle Huey Kyle Huey - Bug 798491: Add an option to stick all chrome JSMs/JS components in the same compartment. r=mrbkap,philikon a=bajaj
b8e4333af38a36a76c1d018c446734c3ba3f1121
created 2012-10-02 15:12 -0400
pushed 2012-10-08 19:23 +0000
Josh Matthews Josh Matthews - Bug 792542 - Make CSP report channel respect the privacy status of the original request. r=sstamm
1f0367f9f1b6e0f6123165dda95ae6b7cdee6c6d
created 2012-10-01 10:10 +0100
pushed 2012-10-08 19:23 +0000
Mark Goodwin Mark Goodwin - Bug 770099 - Send CSP policy and report information to Web Console (Part 1); r=dveditz,msucan,jwalker
ccbb115f91b73fe8c8623cd1db4b302c2670b798
created 2012-09-19 13:41 -0700
pushed 2012-10-08 19:23 +0000
Lucas Adamski Lucas Adamski - Bug 634778 - Warn and skip when duplicate CSP directives are detected. (r=geekboy)
3227b2f0e9ef3c797d93673bf20db0926bc1f0ab
created 2012-09-24 12:39 -0700
pushed 2012-09-24 19:48 +0000
Marshall Moutenot Marshall Moutenot - Bug 784315 - CSP parser not correctly parsing single token hosts (r=geekboy a=akeybl)
less more (0) -60 tip