summaryrefslogtreecommitdiffstats
path: root/dom/security
Commit message (Collapse)AuthorAgeLines
* moebius#230: Consider blocking top level window data: URIs (part 3/3 without ↵janekptacijarabaci2018-04-22-0/+49
| | | | | | tests) https://github.com/MoonchildProductions/moebius/pull/230
* moebius#226: Consider blocking top level window data: URIs (part 2/2 without ↵janekptacijarabaci2018-04-22-57/+149
| | | | | | tests) https://github.com/MoonchildProductions/moebius/pull/226
* moebius#223: Consider blocking top level window data: URIs (part 1/3 without ↵janekptacijarabaci2018-04-22-0/+476
| | | | | | tests) https://github.com/MoonchildProductions/moebius/pull/223
* moebius#159: CSP - support for "frame-ancestors" in ↵janekptacijarabaci2018-04-14-8/+74
| | | | | | "Content-Security-Policy-Report-Only" https://github.com/MoonchildProductions/moebius/pull/159
* Bug 1288768 - Better error reporting for network errors in workersjanekptacijarabaci2018-04-04-11/+2
|
* Add support for CSP v3 "worker-src" directivewolfbeast2018-03-03-44/+463
|
* CSP: connect-src 'self' should always include https: and wss: schemesjanekptacijarabaci2018-02-22-11/+168
|
* CSP: Support IDNs in connect-srcjanekptacijarabaci2018-02-22-2/+135
|
* CSP: Ignore nonces on <img> per specjanekptacijarabaci2018-02-22-4/+111
|
* CSP: Upgrade SO navigational requests per spec.janekptacijarabaci2018-02-22-0/+184
|
* CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors directive existsjanekptacijarabaci2018-02-22-0/+104
|
* Explicitly cancel channel after mixed content redirect.wolfbeast2018-02-08-1/+6
|
* CSP should only check host (not including path) when performing frame ↵wolfbeast2018-02-06-0/+19
| | | | | | ancestors checks. This has been explicitly stated in the CSP-3 spec.
* Add m-esr52 at 52.6.0Matt A. Tobin2018-02-02-0/+31574