searching for reviewer(Neil)
3eefe4256a08b60ddb8fca92b2d1e652d9c431e4: Bug 1596000 - Avoid double pre-flight OPTIONS request when not necessary. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Thu, 14 Nov 2019 18:21:07 +0100 - rev 81609
Push 9832 by gds@chartertn.net at Tue, 19 Nov 2019 20:26:37 +0000
Bug 1596000 - Avoid double pre-flight OPTIONS request when not necessary. r=Neil a=jorgk Even though they could theoretically on different hostnames, they are in reality both on the same host, so avoid the second OPTIONS request, if it's on the same host.
1a34f9a12a417dc36de212bcc6fa3d46ca6d53bf: Bug 1594366 - Move OPTIONS requests for connection priming to avoid repeated execution. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Thu, 14 Nov 2019 18:19:56 +0100 - rev 81608
Push 9832 by gds@chartertn.net at Tue, 19 Nov 2019 20:26:37 +0000
Bug 1594366 - Move OPTIONS requests for connection priming to avoid repeated execution. r=Neil a=jorgk
e30f761b54db70a1b830b890d360ba3606636c9b: Bug 1185366 - check the full domain of the MX server to differentiate between Outlook.com and Office365. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Thu, 14 Nov 2019 15:52:05 +0100 - rev 81607
Push 9832 by gds@chartertn.net at Tue, 19 Nov 2019 20:26:37 +0000
Bug 1185366 - check the full domain of the MX server to differentiate between Outlook.com and Office365. r=Neil a=jorgk
0402e4370a3cb4093a253970c3b396b43791e783: Bug 1596000 - Avoid double pre-flight OPTIONS request when not necessary. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 13 Nov 2019 18:13:02 +0100 - rev 81386
Push 9785 by alessandro@thunderbird.net at Wed, 13 Nov 2019 19:33:35 +0000
Bug 1596000 - Avoid double pre-flight OPTIONS request when not necessary. r=Neil Even though they could theoretically on different hostnames, they are in reality both on the same host, so avoid the second OPTIONS request, if it's on the same host.
7c97fc48c124033f04fb912755b5f2e1309e2354: Bug 1594366 - Move OPTIONS requests for connection priming to avoid repeated execution. r=Neil DONTBUILD
Ben Bucksch <ben.bucksch@beonex.com> - Tue, 12 Nov 2019 11:19:47 +0100 - rev 81280
Push 9770 by mozilla@jorgk.com at Tue, 12 Nov 2019 19:08:42 +0000
Bug 1594366 - Move OPTIONS requests for connection priming to avoid repeated execution. r=Neil DONTBUILD
8caa76852c2c73c348822f6430782fb2cd8a7146: Bug 1185366 - check the full domain of the MX server to differentiate between Outlook.com and Office365. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Mon, 11 Nov 2019 02:01:43 +0100 - rev 81278
Push 9770 by mozilla@jorgk.com at Tue, 12 Nov 2019 19:08:42 +0000
Bug 1185366 - check the full domain of the MX server to differentiate between Outlook.com and Office365. r=Neil
492bea4ded8961c2171ba05a185555c5e6deb7af: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
Ben Bucksch <ben.bucksch> - Thu, 10 Jan 2019 08:18:00 +0100 - rev 74294
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
d90827241325c5d38974e01ea61bdac3c7cd1fbb: Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 16 Jan 2019 14:32:33 +0100 - rev 74293
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk
a68ee343e490c89dcf226229ad99247e8dfdfe01: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 74266
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk * * * Bug 1516229 - Follow-up: Fix linting errors. r=me DONTBUILD
7f685897fe309ac256c3e591e4b14332c536a9e6: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 74265
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
42dfab681c409905c0d84cd86d100452cd603e1a: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 14 Dec 2018 12:05:14 +0100 - rev 74262
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk Summary: * Parallelize network calls * Exchange AutoDiscover protocol implementation * Try to find IMAP servers in the server response * Offer to install an extension which supports the Exchange protocol to get mails Runs all the ISP config lookup network calls in parallel. Class PriorityOrderAbortable (subclass of ParallelAbortable) implements a policy that waits until one of the calls returns successfully, then takes that result and cancels all pending less desirable calls. Implements the Exchange AutoDiscover protocol to detect Exchange servers. If the server gives an IMAP configuration, we offer that to the user. Alternatively, we offer a compatible verified extension that implements the specific Exchange protocol that the Exchange server returned. Exchange has at least 7 protocols, and we show extensions that support the protocols that the server listed and that are known to work well and actively maintained. The setup process then continues without interruption. Test plan: Exchange autoconfig: 1. To test Exchange AutoDiscover with an hotmail/outlook.com account (which has an IMAP config in our ISPDB), set these prefs: mailnews.auto_config.guess.enabled = false mailnews.auto_config_url = "" mailnews.mx_service_url = "" 2. Enter you@outlook.com and a valid password (it will not work without valid password, due to the Exchange AutoDiscover protocol design) 3. [Continue] 4. -> TB should find an Exchange server with hostname 5. -> TB will offer you to install an extension that supports this protocol type, with explanatory text and a link 6. Click [Install] 7. -> The password is checked, the dialog closes, and the account appears, and your emails are downloaded. Parallel network calls: 1. Open account creation dialog 2. Enter "foo@gmail.com", "foo@yahoo.com", "foo@sys4.de", "foo@example.com", or any other domain 3. -> It works functionally as before, see https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration 4. -> It's faster than before Differential Revision: https://phabricator.services.mozilla.com/D9215
886ee22a3f85d1a7f55c7fa1e5813470be99d88a: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 74243
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
60a1cefdf2afe240abc3558542a8237276e7f000: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 14 Dec 2018 12:05:14 +0100 - rev 74241
Push 8564 by richard.marti@gmail.com at Sun, 02 Jun 2019 14:16:18 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk Summary: * Parallelize network calls * Exchange AutoDiscover protocol implementation * Try to find IMAP servers in the server response * Offer to install an extension which supports the Exchange protocol to get mails Runs all the ISP config lookup network calls in parallel. Class PriorityOrderAbortable (subclass of ParallelAbortable) implements a policy that waits until one of the calls returns successfully, then takes that result and cancels all pending less desirable calls. Implements the Exchange AutoDiscover protocol to detect Exchange servers. If the server gives an IMAP configuration, we offer that to the user. Alternatively, we offer a compatible verified extension that implements the specific Exchange protocol that the Exchange server returned. Exchange has at least 7 protocols, and we show extensions that support the protocols that the server listed and that are known to work well and actively maintained. The setup process then continues without interruption. Test plan: Exchange autoconfig: 1. To test Exchange AutoDiscover with an hotmail/outlook.com account (which has an IMAP config in our ISPDB), set these prefs: mailnews.auto_config.guess.enabled = false mailnews.auto_config_url = "" mailnews.mx_service_url = "" 2. Enter you@outlook.com and a valid password (it will not work without valid password, due to the Exchange AutoDiscover protocol design) 3. [Continue] 4. -> TB should find an Exchange server with hostname 5. -> TB will offer you to install an extension that supports this protocol type, with explanatory text and a link 6. Click [Install] 7. -> The password is checked, the dialog closes, and the account appears, and your emails are downloaded. Parallel network calls: 1. Open account creation dialog 2. Enter "foo@gmail.com", "foo@yahoo.com", "foo@sys4.de", "foo@example.com", or any other domain 3. -> It works functionally as before, see https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration 4. -> It's faster than before Differential Revision: https://phabricator.services.mozilla.com/D9215
164c011c89855c703d299865724962532f6b705b: Bug 555448 - [autoconfig] Show real error message during account verification. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Tue, 14 May 2019 19:06:28 +0200 - rev 73683
Push 8451 by geoff@darktrojan.net at Wed, 15 May 2019 01:56:07 +0000
Bug 555448 - [autoconfig] Show real error message during account verification. r=Neil Summary: The account creation dialog verifies the password before creating the account, by contacting the real server and attempting a login. The bug is that it always says "Verify username or password", it always blames the password, no matter what error there was. This is not only wrong and misleading for end users, because they hunt the wrong end. It's also dangerous, because they will re-attempt the password multiple times, then try other passwords, thereby exposing other passwords to the server. Now we show the correct and real error message. More specifically: If it's a wrong username or password, we maintain the same error message as before. If it's any other error, we show the real error message. Reproduction: 1. File | New | Mail account... 2. Enter foo@gmx.com and continue 3. Disconnect your local network, or provoke any other error 4. Click on "Create account" Old result: Dialog says "username and/or password invalid" New result: The actual error is shown, whatever was the cause for the failed verification.
776ab126cc9b4d28318256fb3f150433ec4f712e: Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 13 Feb 2019 12:43:54 +0100 - rev 71696
Push 7939 by mozilla@jorgk.com at Sat, 09 Mar 2019 10:33:26 +0000
Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil a=jorgk
bf09891616a48952acec87cef9d37861bc5fbacc: Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 13 Feb 2019 12:43:54 +0100 - rev 71570
Push 7911 by mozilla@jorgk.com at Tue, 05 Mar 2019 23:28:45 +0000
Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil a=jorgk
ed4c04ff19d9650216f19d88348a6a6af0ec6d0f: Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 13 Feb 2019 12:43:54 +0100 - rev 71034
Push 7788 by mozilla@jorgk.com at Wed, 13 Feb 2019 16:03:04 +0000
Bug 1527173 - [autoconfig] Fix race condition in addOneFinishedObserver. r=Neil
858bcc0951038087b8c87ecd790cb123c64fdb86: Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 16 Jan 2019 14:32:33 +0100 - rev 70426
Push 7648 by mozilla@jorgk.com at Mon, 21 Jan 2019 20:16:24 +0000
Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk
794569c5127d5eb3d7cbdcc0a2c7c2a71a8557fd: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 18 Jan 2019 14:54:14 +0000 - rev 70425
Push 7648 by mozilla@jorgk.com at Mon, 21 Jan 2019 20:16:24 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
2e41ec4a6a37e96dd741245cb51c2a75d58f4217: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 70424
Push 7648 by mozilla@jorgk.com at Mon, 21 Jan 2019 20:16:24 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk * * * Bug 1516229 - Follow-up: Fix linting errors. r=me DONTBUILD * * * Bug 1516229 - Follow-up: Remove fetchhttp debug output. r+a=jorgk
3b7edc029d1e33dd69ded77fa83489aede3b70e0: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 70423
Push 7648 by mozilla@jorgk.com at Mon, 21 Jan 2019 20:16:24 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
c728c1579f04d8c596c1224dc62ef1e6cd39cae6: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 18 Jan 2019 11:03:00 +0100 - rev 70421
Push 7648 by mozilla@jorgk.com at Mon, 21 Jan 2019 20:16:24 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
9f455490fcc625488523ccbc19b379e45d6d1a9b: Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 16 Jan 2019 14:32:33 +0100 - rev 70349
Push 7634 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 14:54:27 +0000
Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil a=jorgk
df1ce2c3c40d35eb598d6896adaf72da25f851a0: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 18 Jan 2019 14:54:14 +0000 - rev 70348
Push 7634 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 14:54:27 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
ad12065d5af0b2c88bc7fa89f047f0ed3aa96170: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 70347
Push 7634 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 14:54:27 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil a=jorgk
55d27db1e7cd232be8373d2bd36ef0cebe009bd1: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 70346
Push 7634 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 14:54:27 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
d067cd12593b981f0357f1715f0def629b9209c2: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 18 Jan 2019 11:20:22 +0000 - rev 70342
Push 7633 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 11:23:11 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
07774f718c42c51b7aa139edd376b05e67d799ab: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 70341
Push 7633 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 11:23:11 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil
bd87c0f98deef6d8fd9314237efe693f13e31029: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 70340
Push 7633 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 11:23:11 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
6fc11777b9cf578b60141a91de1a2a13278f6ea2: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 12 Dec 2018 14:02:52 +0000 - rev 70337
Push 7633 by neil@parkwaycc.co.uk at Fri, 18 Jan 2019 11:23:11 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
01d973b810f7a8ba8741d13f69887e0c501a486e: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 16 Jan 2019 17:29:53 +0000 - rev 70299
Push 7624 by neil@parkwaycc.co.uk at Wed, 16 Jan 2019 17:39:17 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil a=jorgk
b6d84d0170c24b0b9c19ad89e9b6a85c38dfcbf6: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 70298
Push 7624 by neil@parkwaycc.co.uk at Wed, 16 Jan 2019 17:39:17 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil
fc47a3f3ca936fcc64540d8fa528ff23e481c199: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 70297
Push 7624 by neil@parkwaycc.co.uk at Wed, 16 Jan 2019 17:39:17 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil a=jorgk Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
df29a6d4527c977595099ce46e6dd902d2ca1599: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk draft
Ben Bucksch <ben.bucksch@beonex.com> - Wed, 12 Dec 2018 14:02:52 +0000 - rev 70294
Push 7624 by neil@parkwaycc.co.uk at Wed, 16 Jan 2019 17:39:17 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil a=jorgk
1ff4cbc59aae01ffd7fbb94852cbf07223e7806b: Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil
Ben Bucksch <ben.bucksch> - Thu, 10 Jan 2019 08:18:00 +0100 - rev 70125
Push 7594 by mozilla@jorgk.com at Thu, 10 Jan 2019 22:35:34 +0000
Bug 1518890 - [autoconfig] Pass Exchange URL from account creation dialog to addon. r=Neil
130e9b3087d79100c46fa00b54150d36267bf788: Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil
Ben Bucksch <ben.bucksch> - Thu, 10 Jan 2019 08:01:00 +0100 - rev 70124
Push 7594 by mozilla@jorgk.com at Thu, 10 Jan 2019 22:35:34 +0000
Bug 1518155 - [autoconfig] Exchange AutoDiscover: Ask for username only if necessary. r=Neil
1cb168d17d1b89b99e2549d633e3db084362e56c: Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 04 Jan 2019 06:58:00 +0100 - rev 70008
Push 7571 by acelists@atlas.sk at Sat, 05 Jan 2019 15:53:08 +0000
Bug 1516229 - [autoconfig] Beautify the account config debug output and avoid logging the password. r=Neil
1f255495f7a15d5b8094512f76cf8078b2a61e76: Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 21 Dec 2018 15:44:48 +0100 - rev 69805
Push 7509 by acelists@atlas.sk at Fri, 21 Dec 2018 19:40:48 +0000
Bug 1515903 - [autoconfig] Allow PNG and JPEG image data: URLs. r=Neil Bug 1514628 changed the icon URL from http: to data:image/png;. However, data: URLs are forbidden, so the addon doesn't show up at all. data: URLs are highly dangerous in chrome code. They can contain anything, including javascript, e.g. data:text/javascript; and data:text/html; and similar. If these come from the network, and they are run from chrome code, they allow the attacker to run arbitrary code with system privileges, i.e. a remote code execution bug, a critical security bug. These are one of the most dangerous URLs in chrome. These should be avoided at all costs. However, I guess that data:image/png; and data:image/jpeg; are fine, because they cannot contain code. Then again, SVG can contain JS and must be forbidden. This change opens this up a little bit, allowing specifically PNG and JPEG image data: URLs, and only those. That allows icons to be inline.
1403c0fa3d1ac8b10ec74adb92b245575059298f: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 14 Dec 2018 12:05:14 +0100 - rev 69685
Push 7486 by mozilla@jorgk.com at Fri, 14 Dec 2018 18:12:19 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil Summary: * Parallelize network calls * Exchange AutoDiscover protocol implementation * Try to find IMAP servers in the server response * Offer to install an extension which supports the Exchange protocol to get mails Runs all the ISP config lookup network calls in parallel. Class PriorityOrderAbortable (subclass of ParallelAbortable) implements a policy that waits until one of the calls returns successfully, then takes that result and cancels all pending less desirable calls. Implements the Exchange AutoDiscover protocol to detect Exchange servers. If the server gives an IMAP configuration, we offer that to the user. Alternatively, we offer a compatible verified extension that implements the specific Exchange protocol that the Exchange server returned. Exchange has at least 7 protocols, and we show extensions that support the protocols that the server listed and that are known to work well and actively maintained. The setup process then continues without interruption. Test plan: Exchange autoconfig: 1. To test Exchange AutoDiscover with an hotmail/outlook.com account (which has an IMAP config in our ISPDB), set these prefs: mailnews.auto_config.guess.enabled = false mailnews.auto_config_url = "" mailnews.mx_service_url = "" 2. Enter you@outlook.com and a valid password (it will not work without valid password, due to the Exchange AutoDiscover protocol design) 3. [Continue] 4. -> TB should find an Exchange server with hostname 5. -> TB will offer you to install an extension that supports this protocol type, with explanatory text and a link 6. Click [Install] 7. -> The password is checked, the dialog closes, and the account appears, and your emails are downloaded. Parallel network calls: 1. Open account creation dialog 2. Enter "foo@gmail.com", "foo@yahoo.com", "foo@sys4.de", "foo@example.com", or any other domain 3. -> It works functionally as before, see https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration 4. -> It's faster than before Differential Revision: https://phabricator.services.mozilla.com/D9215
ee301f665c6c8ddfae0664df6222219dc182dabe: Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil draft
Ben Bucksch <ben.bucksch@beonex.com> - Fri, 14 Dec 2018 12:05:14 +0100 - rev 69682
Push 7485 by mozilla@jorgk.com at Fri, 14 Dec 2018 14:42:44 +0000
Bug 1500105 - Support Exchange AutoDiscover and parallelize network calls. r=aceman,mkmelin,Neil * Parallelize network calls * Exchange AutoDiscover protocol implementation * Try to find IMAP servers in the server response * Offer to install an extension which supports the Exchange protocol to get mails Runs all the ISP config lookup network calls in parallel. Class PriorityOrderAbortable (subclass of ParallelAbortable) implements a policy that waits until one of the calls returns successfully, then takes that result and cancels all pending less desirable calls. Implements the Exchange AutoDiscover protocol to detect Exchange servers. If the server gives an IMAP configuration, we offer that to the user. Alternatively, we offer a compatible verified extension that implements the specific Exchange protocol that the Exchange server returned. Exchange has at least 4-5 proprietary protocols, and we show extensions that support the protocols that the server listed and that are known to work well and actively maintained. The setup process then continues without interruption. Test Plan: Exchange autoconfig: 1. To test Exchange AutoDiscover with an hotmail/outlook.com account (which has an IMAP config in our ISPDB), set these prefs: mailnews.auto_config.guess.enabled = false mailnews.auto_config_url = "" mailnews.mx_service_url = "" 2. Enter you@outlook.com and a valid password (it will not work without valid password, due to the Exchange AutoDiscover protocol design) 3. [Continue] 4. -> TB should find an Exchange server with hostname 5. -> TB will offer you to install an extension that supports this protocol type, with explanatory text and a link 6. Click [Install] 7. -> The password is checked, the dialog closes, and the account appears, and your emails are downloaded. Parallel network calls: 1. Open account creation dialog 2. Enter "foo@gmail.com", "foo@yahoo.com", "foo@sys4.de", "foo@example.com", or any other domain 3. -> It works functionally as before, see https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration 4. -> It's faster than before Differential Revision: https://phabricator.services.mozilla.com/D9215
e3a599bf7d540a475f30b807ed6711bce1f16cfb: Bug 409458 - nsIMsgFolder.AddFolderListener should hold a reference to the listener. r=standard8,neil,darktrojan,jorgk a=jorgk
Hiroyuki Ikezoe <hiikezoe@mozilla-japan.org> - Thu, 30 Aug 2018 15:42:58 +1200 - rev 69299
Push 7380 by mozilla@jorgk.com at Tue, 27 Nov 2018 20:52:59 +0000
Bug 409458 - nsIMsgFolder.AddFolderListener should hold a reference to the listener. r=standard8,neil,darktrojan,jorgk a=jorgk
bb4e382d52fb98e5d0b07aa144d3a4a7ad03e10c: Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil draft
aceman <acelists@atlas.sk> - Mon, 19 Nov 2018 22:46:01 +0100 - rev 69138
Push 7340 by acelists@atlas.sk at Mon, 19 Nov 2018 21:46:16 +0000
Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil
a05aa87daef8fce8dbcf7045b5300674c9b67057: Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil draft
aceman <acelists@atlas.sk> - Tue, 30 Oct 2018 15:16:54 +0100 - rev 68654
Push 7221 by acelists@atlas.sk at Tue, 30 Oct 2018 14:17:18 +0000
Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil
2dcbb79d45f4c37da8836889ffe9f5142cd28a0c: Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil draft
aceman <acelists@atlas.sk> - Sun, 28 Oct 2018 02:58:42 +0100 - rev 68593
Push 7204 by acelists@atlas.sk at Sun, 28 Oct 2018 01:58:56 +0000
Bug 880602 - test that nsMsgAccountManager::GetDefaultAccount() picks a better default account/server as soon as it becomes available. r?Neil
c5985d8d29c0f21f514298ee0e8b422f3b8e2d9e: Bug 880602 - make nsMsgAccountManager::GetDefaultAccount pick a better (than the first available one) default server as soon as it becomes available. r?Neil draft
aceman <acelists@atlas.sk> - Sun, 28 Oct 2018 02:25:15 +0100 - rev 68585
Push 7203 by acelists@atlas.sk at Sun, 28 Oct 2018 01:25:36 +0000
Bug 880602 - make nsMsgAccountManager::GetDefaultAccount pick a better (than the first available one) default server as soon as it becomes available. r?Neil
b3c6370e3822c105107c7cf5c781e9731b19d596: Bug 880602 - make nsMsgAccountManager::GetDefaultAccount pick a better (than the first available one) default server as soon as it becomes available. r?Neil draft
aceman <acelists@atlas.sk> - Sat, 27 Oct 2018 22:49:14 +0200 - rev 68563
Push 7202 by acelists@atlas.sk at Sat, 27 Oct 2018 20:49:31 +0000
Bug 880602 - make nsMsgAccountManager::GetDefaultAccount pick a better (than the first available one) default server as soon as it becomes available. r?Neil
c1dd72120969a6a6e3892e285fb3db3fcc94c388: Bug 1493143 - "Allow folder move/copies to fail gracefully" [r=neil] draft
neil@parkwaycc.co.uk <neil> - Fri, 21 Sep 2018 05:50:00 +0200 - rev 67558
Push 6923 by mozilla@jorgk.com at Fri, 21 Sep 2018 17:20:02 +0000
Bug 1493143 - "Allow folder move/copies to fail gracefully" [r=neil]
2cfa24cfd1ac6984457e9bd952fb2e347670faba: Bug 409458 - nsIMsgFolder.AddFolderListener should hold a reference to the listener. r=standard8,neil,darktrojan,jorgk
Hiroyuki Ikezoe <hiikezoe@mozilla-japan.org> - Thu, 30 Aug 2018 15:42:58 +1200 - rev 67272
Push 6839 by mozilla@jorgk.com at Mon, 10 Sep 2018 14:48:51 +0000
Bug 409458 - nsIMsgFolder.AddFolderListener should hold a reference to the listener. r=standard8,neil,darktrojan,jorgk
a2d8017bd833b406f9eb6e5ccc21a64fa5e543b3: Bug 1149775 TypeError: tabbrowser.(getTabForBrowser|getBrowserForOuterWindowID) is not a function r=Neil a=ewong CLOSED TREE a=IanN comm-aurora and comm-beta
Philip Chee <philip.chee@gmail.com> - Wed, 18 Nov 2015 14:05:18 +0800 - rev 66112
Push 6676 by richard.marti@gmail.com at Mon, 13 Aug 2018 12:38:12 +0000
Bug 1149775 TypeError: tabbrowser.(getTabForBrowser|getBrowserForOuterWindowID) is not a function r=Neil a=ewong CLOSED TREE a=IanN comm-aurora and comm-beta
83f2af2ad036b15789010f3b460751fe5c1962c8: Bug 1192276 Restore about:privatebrowsing UI to before it was messed up by Project Chameleon styles r=Neil ui-r=stefanh f=alfredkayser a=IanN for comm-aurora comm-beta and comm-release CLOSED TREE RELEASE_40_END
Philip Chee <philip.chee@gmail.com> - Fri, 18 Sep 2015 23:30:52 +0800 - rev 66093
Push 6676 by richard.marti@gmail.com at Mon, 13 Aug 2018 12:38:12 +0000
Bug 1192276 Restore about:privatebrowsing UI to before it was messed up by Project Chameleon styles r=Neil ui-r=stefanh f=alfredkayser a=IanN for comm-aurora comm-beta and comm-release CLOSED TREE