diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-11-07 06:01:03 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-11-07 06:01:03 +0100 |
commit | 63635e38ff9341c02fae7f4557d230ec710947b6 (patch) | |
tree | 007459a8c21a0ed58051b177eb60a2e67aa429c5 | |
parent | 1626b5d7041ea9c3db92200f91542da46e49dde6 (diff) | |
parent | 3c5a34c90075c8cee4be7d316f4b2d7390f7bc29 (diff) | |
download | UXP-63635e38ff9341c02fae7f4557d230ec710947b6.tar UXP-63635e38ff9341c02fae7f4557d230ec710947b6.tar.gz UXP-63635e38ff9341c02fae7f4557d230ec710947b6.tar.lz UXP-63635e38ff9341c02fae7f4557d230ec710947b6.tar.xz UXP-63635e38ff9341c02fae7f4557d230ec710947b6.zip |
Merge branch 'master' into Basilisk-releasev2018.11.07
-rw-r--r-- | application/basilisk/app/profile/basilisk.js | 4 | ||||
-rw-r--r-- | application/palemoon/components/places/content/editBookmarkOverlay.js | 5 | ||||
-rw-r--r-- | application/palemoon/components/preferences/security.xul | 19 | ||||
-rw-r--r-- | application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd | 4 | ||||
-rw-r--r-- | media/libvpx/vpx_config_x86-win32-vs12.h | 3 | ||||
-rw-r--r-- | media/libvpx/vpx_config_x86_64-win64-vs12.h | 3 | ||||
-rw-r--r-- | modules/libjar/nsJARChannel.cpp | 19 | ||||
-rw-r--r-- | modules/libpref/init/all.js | 7 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.cpp | 9 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.h | 4 |
10 files changed, 54 insertions, 23 deletions
diff --git a/application/basilisk/app/profile/basilisk.js b/application/basilisk/app/profile/basilisk.js index eeec29eb9..cff5f599f 100644 --- a/application/basilisk/app/profile/basilisk.js +++ b/application/basilisk/app/profile/basilisk.js @@ -580,6 +580,10 @@ pref("network.captive-portal-service.enabled", true); // If true, network link events will change the value of navigator.onLine pref("network.manage-offline-status", true); +// Enable opportunistic encryption by default +pref("network.http.altsvc.oe", true); +pref("network.http.upgrade-insecure-requests", true); + // We want to make sure mail URLs are handled externally... pref("network.protocol-handler.external.mailto", true); // for mail pref("network.protocol-handler.external.news", true); // for news diff --git a/application/palemoon/components/places/content/editBookmarkOverlay.js b/application/palemoon/components/places/content/editBookmarkOverlay.js index 69d7d32eb..e3d4537c7 100644 --- a/application/palemoon/components/places/content/editBookmarkOverlay.js +++ b/application/palemoon/components/places/content/editBookmarkOverlay.js @@ -222,6 +222,11 @@ var gEditItemOverlay = { } let focusElement = () => { + let elt = document.querySelector("textbox:not([collapsed=true])"); + if (elt) { + elt.focus(); + elt.select(); + } this._initialized = true; }; diff --git a/application/palemoon/components/preferences/security.xul b/application/palemoon/components/preferences/security.xul index d3d321b16..b12946f2a 100644 --- a/application/palemoon/components/preferences/security.xul +++ b/application/palemoon/components/preferences/security.xul @@ -50,6 +50,15 @@ name="security.cert_pinning.enforcement_level" type="int"/> + <!-- Opportunistic Encryption --> + + <preference id="network.http.upgrade-insecure-requests" + name="network.http.upgrade-insecure-requests" + type="bool"/> + <preference id="network.http.altsvc.oe" + name="network.http.altsvc.oe" + type="bool"/> + <!-- XSS Filter --> <!-- <preference id="security.xssfilter.enable" name="security.xssfilter.enable" type="bool"/> @@ -144,6 +153,16 @@ oncommand="gSecurityPane.updateHPKPPref();"/> </vbox> </groupbox> + + <groupbox id="OpportunisticEncryption"> + <caption label="&OpEnc.label;"/> + <checkbox id="enableUIROpEnc" + label="&enableUIROpEnc.label;" + preference="network.http.upgrade-insecure-requests" /> + <checkbox id="enableAltSvcOpEnc" + label="&enableAltSvcOpEnc.label;" + preference="network.http.altsvc.oe" /> + </groupbox> <!-- XSS Filter --> <!-- diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd b/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd index 2bd3b3aec..930736d56 100644 --- a/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd +++ b/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd @@ -40,6 +40,10 @@ <!ENTITY enableHPKP.label "Enable Certificate Key Pinning (HPKP)"> <!ENTITY enableHPKP.accesskey "C"> +<!ENTITY OpEnc.label "Opportunistic Encryption (OE)"> +<!ENTITY enableUIROpEnc.label "Enable Upgrade Insecure Requests"> +<!ENTITY enableAltSvcOpEnc.label "Enable HTTP Alternative Services for OE"> + <!ENTITY XSSFilt.label "XSS Filter"> <!ENTITY enableXSSFilt.label "Enable XSS filter"> <!ENTITY enableXSSFilt.accesskey "f"> diff --git a/media/libvpx/vpx_config_x86-win32-vs12.h b/media/libvpx/vpx_config_x86-win32-vs12.h index 42525a303..9ec6a90be 100644 --- a/media/libvpx/vpx_config_x86-win32-vs12.h +++ b/media/libvpx/vpx_config_x86-win32-vs12.h @@ -31,6 +31,9 @@ #define HAVE_AVX 1 #define HAVE_AVX2 1 #define HAVE_VPX_PORTS 1 +#ifdef HAVE_STDINT_H +#undef HAVE_STDINT_H +#endif #define HAVE_STDINT_H 0 #define HAVE_PTHREAD_H 0 #define HAVE_SYS_MMAN_H 0 diff --git a/media/libvpx/vpx_config_x86_64-win64-vs12.h b/media/libvpx/vpx_config_x86_64-win64-vs12.h index 65e45f5ba..afbaf2e43 100644 --- a/media/libvpx/vpx_config_x86_64-win64-vs12.h +++ b/media/libvpx/vpx_config_x86_64-win64-vs12.h @@ -31,6 +31,9 @@ #define HAVE_AVX 1 #define HAVE_AVX2 1 #define HAVE_VPX_PORTS 1 +#ifdef HAVE_STDINT_H +#undef HAVE_STDINT_H +#endif #define HAVE_STDINT_H 0 #define HAVE_PTHREAD_H 0 #define HAVE_SYS_MMAN_H 0 diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index 2f721fa3f..ee60602da 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -995,25 +995,6 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx) mRequest = req; nsresult rv = mListener->OnStartRequest(this, mListenerContext); mRequest = nullptr; - NS_ENSURE_SUCCESS(rv, rv); - - // Restrict loadable content types. - nsAutoCString contentType; - GetContentType(contentType); - auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType(); - if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) && - contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT && - contentPolicyType != nsIContentPolicy::TYPE_FETCH) { - return NS_ERROR_CORRUPTED_CONTENT; - } - if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET && - !contentType.EqualsLiteral(TEXT_CSS)) { - return NS_ERROR_CORRUPTED_CONTENT; - } - if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT && - !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) { - return NS_ERROR_CORRUPTED_CONTENT; - } return rv; } diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 957affa79..378745ea4 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1593,7 +1593,10 @@ pref("network.http.spdy.default-hpack-buffer", 65536); // 64k // alt-svc allows separation of transport routing from // the origin host without using a proxy. pref("network.http.altsvc.enabled", true); -pref("network.http.altsvc.oe", true); +// Opportunistic encryption use of alt-svc +pref("network.http.altsvc.oe", false); +// Send upgrade-insecure-requests HTTP header? +pref("network.http.upgrade-insecure-requests", false); pref("network.http.diagnostics", false); @@ -4977,7 +4980,7 @@ pref("network.captive-portal-service.maxInterval", 1500000); // 25 minutes pref("network.captive-portal-service.backoffFactor", "5.0"); pref("network.captive-portal-service.enabled", false); -pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/success.txt"); +pref("captivedetect.canonicalURL", "http://detectportal.palemoon.org/success.txt"); pref("captivedetect.canonicalContent", "success\n"); pref("captivedetect.maxWaitingTime", 5000); pref("captivedetect.pollingTime", 3000); diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index bb0b3ca77..be5539a02 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel() , mPushedStream(nullptr) , mLocalBlocklist(false) , mWarningReporter(nullptr) + , mSendUpgradeRequest(false) , mDidReval(false) { LOG(("Creating nsHttpChannel [this=%p]\n", this)); mChannelCreationTime = PR_Now(); mChannelCreationTimestamp = TimeStamp::Now(); + + mSendUpgradeRequest = + Preferences::GetBool("network.http.upgrade-insecure-requests", false); } nsHttpChannel::~nsHttpChannel() @@ -377,8 +381,9 @@ nsHttpChannel::Connect() mLoadInfo->GetExternalContentPolicyType() : nsIContentPolicy::TYPE_OTHER; - if (type == nsIContentPolicy::TYPE_DOCUMENT || - type == nsIContentPolicy::TYPE_SUBDOCUMENT) { + if (mSendUpgradeRequest && + (type == nsIContentPolicy::TYPE_DOCUMENT || + type == nsIContentPolicy::TYPE_SUBDOCUMENT)) { rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"), NS_LITERAL_CSTRING("1"), false); NS_ENSURE_SUCCESS(rv, rv); diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 2e24d6e81..152cf1503 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -597,6 +597,10 @@ private: HttpChannelSecurityWarningReporter* mWarningReporter; RefPtr<ADivertableParentChannel> mParentChannel; + + // Whether we send opportunistic encryption requests. + bool mSendUpgradeRequest; + protected: virtual void DoNotifyListenerCleanup() override; |