0d00c84033
Revert "Issue #2258 - Part 1: Support XCTO:nosniff when navigating."
...
This reverts commit f48c770701e62c382631620f4caa1fdc5ab1d7ae.
2025-09-26 23:15:31 +08:00
73c9c1dd73
Revert "Issue #2258 - Part 2: Move XCTO:nosniff check into sniffers."
...
This reverts commit 51e1650d42b2c033d5d55750b4ea497053524c93.
2025-09-26 23:15:12 +08:00
2d4d48db72
Revert "Issue #2258 - Part 3: Allow sniffing with XCTO:nosniff + empty MIME type."
...
This reverts commit a56f978f70e2d96ba501d6a944be33460afc481a.
2025-09-26 23:14:52 +08:00
707c3e3fa8
Issue #2258 - Part 3: Allow sniffing with XCTO:nosniff + empty MIME type.
...
This moves the checking code back to NS_SniffContent and specifically
checks requests for either:
- Empty `Content-type` header, OR
- A known JSON MIME type
If present, sniffing is allowed despite `nosniff` because in the first
case this is webmaster error (conflicting `nosniff` without MIME type
would always fail, so sniff it), and in the second case we need this
carveout or our json viewer will break.
2025-08-18 09:47:36 +08:00
cca20ae131
Issue #2258 - Part 2: Move XCTO:nosniff check into sniffers.
...
This fixes a regression for the JSON viewer from part 1 as it relies on
sniffing to prettify (and should carve out the exception even if `nosniff`
headers are sent).
No real functional changes otherwise. Just catering to a corner case.
2025-08-18 09:47:21 +08:00
e56e5d6cb1
Issue #2258 - Part 1: Support XCTO:nosniff when navigating.
2025-08-18 09:46:58 +08:00
fffe6c4996
Issue #2542 - Part 7: Move SecFetch.* to /netwerk where it belongs.
2024-07-10 14:49:06 +08:00
8076de8965
Issue #2542 - Part 2: Base implementation of Sec-Fetch-* header code.
...
Currently following Mozilla putting stuff in /dom for additional porting,
but it's actually the wrong location since it belongs in /netwerk with
the other code that deals with http headers.
2024-07-10 14:45:39 +08:00
811bcbefd4
Issue #2402 - Optionally strictly enforce the MIME type of scripts loaded by importScripts(). https://bugzilla.mozilla.org/show_bug.cgi?id=1514680 This is default on in Firefox 67 but Moonchild requested it be set off by default.
2024-01-11 09:46:39 +08:00
50ad087351
Issue #1721 - Implement GlobalPrivacyControl
...
(and get rid of failed DoNotTrack)
2023-10-18 10:17:23 +08:00
faa778ec9d
Issue #1975 - Implement Origin header CSRF mitigation.
...
Backported from Mozilla bug 446344.
2022-07-30 08:43:44 +08:00
roytam1
9f078ac580
[network] fix build
2022-04-28 11:40:11 +08:00
eaf9e756a0
Issue #21 - Remove remaining telemetry structs, callers and flags.
2022-04-28 10:33:44 +08:00
8d800b1cb0
Issue #21 - Remove Telemetry plumbing and fix build.
...
Note this won't give working applications. Requires FE changes and
additional js module changes (next part).
2022-04-28 10:25:48 +08:00
be78f46bae
Issue #80 - De-unify netwerk/protocol/http
2020-05-23 06:52:58 +08:00
052b2e70a3
Issue #1280 - Un-bust certerror pages and ForgetAboutSite
2020-04-03 09:30:07 +08:00
8346f7c082
Implement a threadsafe & revised version of http2PushedStream.
...
This re-applies the patch for this with added typename declaration.
2019-07-22 19:56:01 +08:00
6666e772e0
Revert "Implement a threadsafe & revised version of http2PushedStream."
...
Backed out because of gcc build failures.
This reverts commit 66fae1d81013a2321e7d607a426f834a01b847ce.
2019-07-22 19:55:58 +08:00
28e15ed590
Implement a threadsafe & revised version of http2PushedStream.
2019-07-19 10:04:43 +08:00
c8412ad501
Part 1: network component changes.
2019-03-16 07:02:11 +08:00
aea50f182f
Telemetry: Remove stubs and related code
2019-02-16 00:24:04 +08:00
a56a6ca1d1
#863 Part 1: Make sending of http upgrade-insecure-requests optional
...
Defaults to false if not configured.
2019-02-16 00:19:00 +08:00
e53942ffe8
Backout opportunistic encryption changes.
...
Apparently there is some functional and naming confusion here.
Backing out to re-land after evaluation and possible changes.
Tag #863 .
2019-02-16 00:18:57 +08:00
363a47c4c1
Make opportunistic encryption configurable.
...
This adds a pref "network.http.opportunistic-encryption" that controls whether
we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not.
This patch modifies the platform network parts. Default for the platform is "true".
Part 1 for #863
2019-02-16 00:18:51 +08:00
8c8145e620
Remove all C++ Telemetry Accumulation calls.
...
This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables).
Stub resolution/removal should be a follow-up to this.
2019-02-16 00:12:32 +08:00
d330e7e8fc
Issue #686 : Un-deprecate the Application Cache API
2019-02-16 00:10:43 +08:00
7b82a2ece4
Remove SSL Error Reporting telemetry
2019-02-16 00:06:16 +08:00
d4ac94cf3e
Remove support and tests for HSTS priming from the tree. Fixes #384
2019-02-15 23:59:39 +08:00
0aeb4a7e15
Revert incorrect UAO optimization that broke SSUAO
2019-02-15 23:57:29 +08:00
6885700c5b
moebius#158: The Performance Resource Timing (added support for "workerStart")
...
https://github.com/MoonchildProductions/moebius/pull/158
2019-02-15 23:53:25 +08:00
8f4e22e819
Bug 1431095 - Change Content-Type-Options: nosniff allowed script MIME types to match the spec
2019-02-15 23:42:44 +08:00
54f2e6eafd
DevTools - network - implement the secureConnectionStart property for the PerformanceTiming
...
https://github.com/MoonchildProductions/moebius/pull/116
("/testing" and "/toolkit" in in the previous commit)
2019-02-15 23:34:40 +08:00
6bc6b34976
Two (and more) extensions together - http resume - basilisk crashes
2019-02-15 23:32:29 +08:00
roytam1
dcd9973243
import FIREFOX_52_6_0esr_RELEASE from mozilla-esr52 hg repo
2018-01-19 03:59:58 +08:00
Moonchild
Brian Smith
Job Bautista
roytam1
wolfbeast
adeshkp
wolfbeast
SpockMan02
Gaming4JC
JustOff
janekptacijarabaci