dom/security/nsContentSecurityManager.cpp
1143474b901d0752f19a6bc38e79892f7aeb1baf
created 2018-10-26 17:00 -0700
pushed 2018-10-27 01:06 +0000
Francois Marier Francois Marier - Bug 1207775 - Classify channels associated with a content window. r?ckerschb draft
76763ce5587582f94bcdebd9efb3ce6f625085ea
created 2018-10-22 12:49 +0000
pushed 2018-10-27 01:06 +0000
Frederik Braun Frederik Braun - Bug 1499384: add debug logging for expandedprincipals r=ckerschb
bec29f2634a5dade8baef3df1759d508d14ab94a
created 2018-09-28 16:06 +0300
pushed 2018-10-13 00:15 +0000
Frederik Braun Frederik Braun - Bug 1491825: add MOZ_LOG for content security checks r=ckerschb
10d5143647cfda21649cf254adcb21d116524c5d
created 2018-09-07 14:47 +0000
pushed 2018-09-10 17:01 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1489454 - Remove all trailing whitespaces (again) r=Ehsan
54b5db87eb7e86b8f05c9e94c8e2353b87e78403
created 2018-06-21 23:31 +0200
pushed 2018-07-04 00:35 +0000
Tom Schuster Tom Schuster - Bug 1470295 - Allow save-as download of FTP files on HTTP pages. r=ckerschb
f74ec48ebf55495740420b08f149048ad047a50d
created 2018-06-19 13:58 +0200
pushed 2018-07-04 00:35 +0000
Tom Schuster Tom Schuster - Bug 1469536 - Allow the system principal to load FTP subresources. r=ckerschb
aa4238ab9742f63672f8345acb5fb545e293620e
created 2018-05-31 07:51 +0200
pushed 2018-06-04 18:38 +0000
Kate McKinley Kate McKinley - Bug 1328695 - Use protocol flags to determine if a URI is potentially trustworthy r=ckerschb, r=dveditz, r=mcmanus, r=bz
f4a183ab4f48924081637f8bd33c0023fdd29a8f
created 2018-05-30 21:21 +0200
pushed 2018-06-04 18:38 +0000
Andrea Marchesini Andrea Marchesini - Bug 1446937 - Have ContextForTopLevelLoad return already_AddRefed<nsISupports> within LoadInfo, r=qdot
33db56e4ee574eda93a88223f4a7a52294054bd1
created 2018-05-02 13:32 +0200
pushed 2018-05-10 00:43 +0000
Tom Schuster Tom Schuster - Bug 1458449 - Allow FTP subresource in FTP documents. r=ckerschb
5549460a119efc3884b3f1abc8387967978d1b15
created 2018-04-23 09:43 -0700
pushed 2018-04-30 23:50 +0000
Ben Kelly Ben Kelly - Bug 1422710 Block opaque tainted requests that do not follow redirects. r=ckerschb
70ab5d0f6da37783913e39857edf488ccfc2ab7b
created 2018-04-09 21:07 +0200
pushed 2018-04-12 17:56 +0000
Tom Schuster Tom Schuster - Bug 1452701 - Add pref to allow FTP subresources. r=ckerschb
b2c0699b9bd405300986bc26f256e8bb9c0c53a7
created 2018-04-06 00:27 +0200
pushed 2018-04-10 02:28 +0000
Tom Schuster Tom Schuster - Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb
11ff93811572dbf11ceb485a0536108c6eff092d
created 2018-03-26 21:05 +0200
pushed 2018-04-10 02:28 +0000
Tom Schuster Tom Schuster - Bug 1404744 - Block loading FTP as a subresource everywhere. r=ckerschb
ae5f6843bb631a32869fa29beb24a36498ed205a
created 2018-03-23 15:27 -0700
pushed 2018-04-05 22:59 +0000
Dave Townsend Dave Townsend - Bug 1448500: Add speculative request content policy type. r=bz, r=kmag
22d7899c79f85237e8590843efd729e69996deb2
created 2018-03-29 12:16 +0200
pushed 2018-04-05 22:59 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1439713 - Change nsIContentPolicy shouldLoad to take an <uri, loadInfo> pair instead of the various args. r=bz
1c3f6b9e4bf7de6f8abab900634e6ea59a14c9b3
created 2018-03-01 09:44 +0100
pushed 2018-03-29 23:06 +0000
Georg Koppen Georg Koppen - Bug 1382359: Treat .onion as a secure context
416adbc7c8e71938dd28da6cecd92c4930238090
created 2018-02-18 19:52 +0100
pushed 2018-02-23 02:24 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer
49142eb85e3c75c3e2b7bc3db147932042187232
created 2018-01-29 23:10 -0500
pushed 2018-02-01 01:20 +0000
Boris Zbarsky Boris Zbarsky - Bug 1432186 part 19. Remove the nsIDOMNode::*_NODE constants. r=mccr8
bb6f3f1ffb411c7adeb7403264999a4600919b40
created 2018-01-23 09:57 +0100
pushed 2018-01-30 01:38 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1428793: Block insecure redirects to data: URIs. r=smaug
c5e3aeaa3c3cfeed01b3725cd6593deb1e691a70
created 2018-01-10 11:07 -0500
pushed 2018-01-30 01:38 +0000
Kate McKinley Kate McKinley - Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb
6b4cebf12e3fd1d1603f03b84a6cfdeb200204fc
created 2017-11-16 12:27 +0100
pushed 2017-11-28 20:17 +0000
Andrea Marchesini Andrea Marchesini - Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb, r=tanvi
b58d7dbfcf60e3dabbca270ff0c4c4d1b233edf0
created 2017-11-15 20:49 +0200
pushed 2017-11-28 20:17 +0000
Sebastian Hengst Sebastian Hengst - Backed out 3 changesets (bug 1398229) for failing own browser-chrome browser/components/contextualidentity/test/browser/browser_saveLink.js. r=backout on a CLOSED TREE
5b3b0a38b2d1827f4fc9af6f32e9fb939789d6c8
created 2017-11-15 18:16 +0100
pushed 2017-11-28 20:17 +0000
Andrea Marchesini Andrea Marchesini - Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb
4017a9d65a94457f05df28569d9ac69439dcd566
created 2017-11-13 21:25 +0100
pushed 2017-11-28 20:17 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1415612: Allow all plain text types when navigating top-level data URIs. r=bz
69e828da2238c01a3ab7c449d8c13b23792a7555
created 2017-11-08 20:01 +0100
pushed 2017-11-28 20:17 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1407891: Allow view-image to open a data: URI by setting a flag on the loadinfo. r=bz
4acac146285e05979767dbab0296aad8e1ea0ddd
created 2017-11-03 13:26 +0100
pushed 2017-11-28 20:17 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1403870: Allow toplevel data URI navigation data:application/json. r=smaug
0c4ecb84046395afd7c5ed4a250b64991c9b0da7
created 2017-11-03 13:23 +0100
pushed 2017-11-28 20:17 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug
87e4233eab278e1828a2b07e27e2702173b8e3de
created 2017-09-26 10:21 +1000
pushed 2017-11-15 09:57 +0000
Xidorn Quan Xidorn Quan - Bug 1403024 - Part 1: Add nsContentUtils::SchemeIs helper function. r=bholley, a=sledru
8e2976d8a5e1c776e94774b4cc09087940bd8166
created 2017-10-26 14:54 -0700
pushed 2017-11-03 18:37 +0000
Andrew McCreight Andrew McCreight - Bug 1412125, part 1 - Manually add mode lines and MPL to files that were missing them entirely. r=qdot
8719c44ef3e2df2124137938d61d7ef83dfac0e9
created 2017-10-16 14:18 +0200
pushed 2017-10-24 22:56 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz
197ce71943518bfb260f2b2cb3f91b55e58f9341
created 2017-10-12 15:43 -0700
pushed 2017-10-24 22:56 +0000
Kris Maglione Kris Maglione - Bug 1407056: Part 1 - Provide more consistent principal/origin URL to content policies. r=bz,ckerschb
dcdbe0c04f23aa33586976911340a9d8ce750529
created 2017-10-04 08:43 +0200
pushed 2017-10-14 01:12 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1403641: Allow data: URI downloads even if data: URI navigations are blocked. r=bz
cf08f9815613d8ad1676eaa22febcd2473d53924
created 2017-09-26 10:21 +1000
pushed 2017-09-29 23:18 +0000
Xidorn Quan Xidorn Quan - Bug 1403024 part 1 - Add nsContentUtils::SchemeIs helper function. r=bholley
245dfda695c252ecb702d85f5c49e2bf4be9e985
created 2017-09-06 01:13 -0700
pushed 2017-09-25 23:45 +0000
Chris Peterson Chris Peterson - Bug 870698 - Part 4: Replace Equals("") with EqualsLiteral(""). r=erahm
0b67372c4de0f5087149897d4829bc5d5c86fc26
created 2017-09-14 07:34 +0200
pushed 2017-09-23 00:09 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
ba39904a38ebdde78a04b792172254c3ddb1dd1b
created 2017-09-12 07:06 +0200
pushed 2017-09-23 00:09 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1398691 - Unescape data: URI for console message when blocking toplevel data: URI navigations. r=smaug
ff412c116b9baabf094ab4e97065d5d7dedf921f
created 2017-09-06 16:27 +0200
pushed 2017-09-08 01:10 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1396798: Do not block toplevel data: navigation to image (except svgs). r=smaug
bb932a1656cd4f8850457d85f4916030afbdcdc8
created 2017-09-06 09:33 +0200
pushed 2017-09-08 01:10 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug
807e9eadd5c1a63419ae951b95f8e043d573b458
created 2017-09-05 18:01 +0200
pushed 2017-09-08 01:10 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1331740: Pass correct context for TYPE_DOCUMENT loads within docshell. r=smaug
2b347fb55a9965acec727f6e40671ba859636603
created 2017-07-31 14:28 +1000
pushed 2017-08-01 03:32 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
88e14ba4308e1ca878548a2b1616276c7b543c39
created 2017-07-28 10:29 +0200
pushed 2017-07-28 23:02 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset ef5feef07bed (bug 1384835)
ef5feef07bed07583c52e434dbc5e4b9a2545deb
created 2017-07-27 16:45 +1000
pushed 2017-07-28 23:02 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
185f5128f55610ba8718caed0d2597ad8c33e563
created 2017-07-10 15:00 -0700
pushed 2017-07-25 22:37 +0000
Andrew McCreight Andrew McCreight - Bug 1379786, part 4 - Use GetIsSystemPrincipal() method instead of going through secman in CHECK_PRINCIPAL_AND_DATA. r=mrbkap
5c8f80d7790924ee01d3473bf905985826dc738e
created 2017-07-13 05:51 +0200
pushed 2017-07-25 22:37 +0000
Honza Bambas Honza Bambas - Bug 1367814 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
e8dd724b3cdf515dcf3e219c6597c01c0adf66ca
created 2017-07-13 15:41 +0200
pushed 2017-07-25 22:37 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 13a9e2bbb96a (bug 1256122) for landing with wrong bug number in commit message
13a9e2bbb96ac089ee2fabd2f02c9f7e1fcbc5a0
created 2017-07-13 05:51 +0200
pushed 2017-07-25 22:37 +0000
Honza Bambas Honza Bambas - Bug 1256122 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
6352096eb0de303cba9440092279e4254a1ec586
created 2017-06-20 19:19 +1000
pushed 2017-06-24 00:05 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
8feacdbd43fa5756246fa62f9b27c36727a53ce6
created 2017-02-03 11:49 +0800
pushed 2017-06-24 00:05 +0000
Yoshi Huang Yoshi Huang - Bug 1267075 - Part 1: call SetBlockedRequest when CSP check failed. r=bz
3ee9312263c7ffcc83949291181a12b0de0e56c7
created 2017-05-10 18:40 +0200
pushed 2017-05-19 22:38 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug a=gchang
e7a7df04f9ba559fdc8c849a353a52e361c87b96
created 2017-05-10 18:40 +0200
pushed 2017-05-15 17:28 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug
828e8f37ba26aca276952462baa176fc02e79975
created 2016-12-20 11:49 +0800
pushed 2017-03-23 21:01 +0000
Wei-Cheng Pan Wei-Cheng Pan - Bug 1310127 - Part 17: Use MOZ_MUST_USE in netwerk/protocol/http r=smaug
81f9670a6b33796c1cbc49773d0588820581b5d5
created 2017-01-03 20:59 +0100
pushed 2017-01-13 22:14 +0000
Christoph Kerschbaumer Christoph Kerschbaumer - Bug 1182569: Update ContentSecurityManager to handle docshell loads. r=smaug
4639ff15be811f874da20838f8102067ada62a49
created 2016-10-13 15:43 +0800
pushed 2016-11-11 01:36 +0000
Tim Huang Tim Huang - Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
22be4ae74653b25186665f22e52a50e7027fd36b
created 2016-10-12 14:26 -0700
pushed 2016-11-11 01:36 +0000
Wes Kocher Wes Kocher - Backed out 8 changesets (bug 1277803) for browser-chrome test failures a=backout
be767a6f7ecdf902cc6434d60c47ac638d1c866a
created 2016-10-12 17:32 +0800
pushed 2016-11-11 01:36 +0000
Tim Huang Tim Huang - Bug 1277803 - Part 1 : Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
cfb9de0c9f2af044c256bfbcfff8a9925224966c
created 2016-10-10 11:32 -0400
pushed 2016-11-11 01:36 +0000
Richard Barnes Richard Barnes - Bug 1308951 - Add a pref to whitelist specific domains as SecureContexts r=ckerschb,jcj
ef962d8857009eff3a2df14c06e4bc72acb13691
created 2016-10-07 18:41 -0700
pushed 2016-11-11 01:36 +0000
Phil Ringnalda Phil Ringnalda - Backed out 8 changesets (bug 1277803) for frequent failures in browser_privatebrowsing_favicon.js
f29f88c5c1b9c9ac080f233bb4ecfd80b50af3d3
created 2016-10-04 11:56 +0800
pushed 2016-11-11 01:36 +0000
Tim Huang Tim Huang - Bug 1277803 - Part 1: Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
d7790b3df5921e31f1a7cdf49475e97133892f1c
created 2016-10-07 11:24 +0800
pushed 2016-10-08 19:06 +0000
Iris Hsiao Iris Hsiao - Backed out changeset d283c59402ce (bug 1277803)
d283c59402ce1c63bae3b89457abe9238fb75e1a
created 2016-09-07 00:38 -0400
pushed 2016-10-08 19:06 +0000
Tim Huang Tim Huang - Bug 1277803 - Part 1: Add a new ContentPolicy TYPE_INTERNAL_IMAGE_FAVICON for indicating a favicon loading. r=ckerschb
less more (0) -100 -60 tip