9ad680cfc4
Issue #2736 - Part 1: Provide more consistent principals to CSP.
...
We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.
Our existing content policy implementations which require or expect a
loading principal currently retrieve it from the context node.
Since no current callers require the principal to be the loading
principal, and some already expect it to be the triggering principal
(which there's currently no other way to retrieve), a choice was made
to pass the triggering principal whenever possible, but use the loading
principal to determine the origin URL.
2025-05-14 14:21:46 +08:00
3caca43d30
Issue #1710 - Check for triggering principal URI in FTP subresource check.
...
Resolves #1710
2021-01-14 22:19:17 +08:00
b6d9a013c8
Issue #80 - De-unify dom/security
...
Exception: CSPUtils relies on something in CSPContext, but on
Windows it throws in an MSVC include which provides no hints.
2020-05-02 08:25:00 +08:00
e6f376f5ef
Convert dom/base/nsImageLoadingContent.cpp to use AsyncOpen2 and followups along with it (1445670 and 1373780 part 2 and 3)
...
Convert dom/base/nsImageLoadingContent.cpp to use AsyncOpen2 and followups along with it (1445670 and 1373780 part 2 and 3)
2019-08-10 06:26:08 +08:00
e4273a3c58
Selectively allow ftp subresources in the blocked mode.
...
- Allow "Save As..." downloads
- Allow subresource use if the top-level document is also on FTP
2019-07-19 10:03:19 +08:00
797f3eae35
Add preference to allow the loading of FTP subresources for corner cases
2019-07-19 10:03:17 +08:00
59ee48bfb0
Prevent loading of document subresources over FTP.
2019-03-16 07:01:31 +08:00
df880ae53f
nsIContentPolicy::TYPE_DOCUMENT - Use "aLoadInfo->ContextForTopLevelLoad()" instead of "aLoadInfo->LoadingNode()"
...
Issue #600
2019-02-16 00:07:41 +08:00
97c6ecff55
Bug 1398229 - Save-link-as feature should use the loading principal - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD
2019-02-16 00:03:18 +08:00
d4ac94cf3e
Remove support and tests for HSTS priming from the tree. Fixes #384
2019-02-15 23:59:39 +08:00
69c0760b8b
Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager
2019-02-15 23:54:50 +08:00
846daf6d3b
Bug 1182569: Update ContentSecurityManager to handle docshell loads
2019-02-15 23:54:22 +08:00
7f09dee539
moebius#187: DOM - nsIContentPolicy - context (document)
...
https://github.com/MoonchildProductions/moebius/pull/187
2019-02-15 23:49:47 +08:00
850879535a
Revert "Bug 1182569: Update ContentSecurityManager to handle docshell loads"
...
This reverts commit 2e33335820b2816bee111e78588ac82e401c86ae.
2019-02-15 23:49:44 +08:00
983926cce7
Bug 1182569: Update ContentSecurityManager to handle docshell loads
...
native in moebius
2019-02-15 23:49:30 +08:00
18d312235d
moebius#230: Consider blocking top level window data: URIs (part 3/3 without tests)
...
https://github.com/MoonchildProductions/moebius/pull/230
2019-02-15 23:49:20 +08:00
73f89fe562
moebius#226: Consider blocking top level window data: URIs (part 2/2 without tests)
...
https://github.com/MoonchildProductions/moebius/pull/226
2019-02-15 23:49:19 +08:00
712d19e1b7
moebius#223: Consider blocking top level window data: URIs (part 1/3 without tests)
...
https://github.com/MoonchildProductions/moebius/pull/223
2019-02-15 23:49:17 +08:00
roytam1
dcd9973243
import FIREFOX_52_6_0esr_RELEASE from mozilla-esr52 hg repo
2018-01-19 03:59:58 +08:00
Moonchild
win7-7
wolfbeast
janekptacijarabaci
Gaming4JC
roytam1