| Commit message (Expand) | Author | Age | Lines |
* | Prevent loading of document subresources over FTP. | wolfbeast | 2019-03-09 | -0/+57 |
* | Telemetry: Remove stubs and related code | adeshkp | 2019-01-12 | -17/+1 |
* | backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across or... | Gaming4JC | 2018-09-25 | -1/+1 |
* | Remove all C++ Telemetry Accumulation calls. | wolfbeast | 2018-09-03 | -40/+1 |
* | nsIContentPolicy::TYPE_DOCUMENT - Use "aLoadInfo->ContextForTopLevelLoad()" i... | janekptacijarabaci | 2018-07-05 | -1/+1 |
* | Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects is f... | janekptacijarabaci | 2018-06-23 | -2/+2 |
* | Bug 1469150 - Tests added to check scripts with valid nonce is allowed if URL... | janekptacijarabaci | 2018-06-23 | -0/+0 |
* | Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects | janekptacijarabaci | 2018-06-21 | -1/+100 |
* | Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD | janekptacijarabaci | 2018-06-17 | -0/+3 |
* | Bug 1398229 - Save-link-as feature should use the loading principal - impleme... | janekptacijarabaci | 2018-06-17 | -0/+13 |
* | Remove support and tests for HSTS priming from the tree. Fixes #384 | Gaming4JC | 2018-05-26 | -948/+8 |
* | Remove MOZ_B2G leftovers and some dead B2G-only components. | wolfbeast | 2018-05-12 | -9/+0 |
* | Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityM... | janekptacijarabaci | 2018-04-30 | -7/+0 |
* | Bug 1182569: Update ContentSecurityManager to handle docshell loads | janekptacijarabaci | 2018-04-30 | -17/+64 |
* | moebius#187: DOM - nsIContentPolicy - context (document) | janekptacijarabaci | 2018-04-23 | -20/+43 |
* | Revert "Bug 1182569: Update ContentSecurityManager to handle docshell loads" | janekptacijarabaci | 2018-04-22 | -64/+17 |
* | Bug 1182569: Update ContentSecurityManager to handle docshell loads | janekptacijarabaci | 2018-04-22 | -17/+64 |
* | Bug 1329288: Allow content policy consumers to identify contentPolicy checks ... | janekptacijarabaci | 2018-04-22 | -2/+3 |
* | Bug 1329288 - Test ContentPolicy blocks opening a new window | janekptacijarabaci | 2018-04-22 | -0/+1 |
* | moebius#230: Consider blocking top level window data: URIs (part 3/3 without ... | janekptacijarabaci | 2018-04-22 | -0/+49 |
* | moebius#226: Consider blocking top level window data: URIs (part 2/2 without ... | janekptacijarabaci | 2018-04-22 | -57/+149 |
* | moebius#223: Consider blocking top level window data: URIs (part 1/3 without ... | janekptacijarabaci | 2018-04-22 | -0/+476 |
* | moebius#159: CSP - support for "frame-ancestors" in "Content-Security-Policy-... | janekptacijarabaci | 2018-04-14 | -8/+74 |
* | Bug 1288768 - Better error reporting for network errors in workers | janekptacijarabaci | 2018-04-04 | -11/+2 |
* | Add support for CSP v3 "worker-src" directive | wolfbeast | 2018-03-03 | -44/+463 |
* | CSP: connect-src 'self' should always include https: and wss: schemes | janekptacijarabaci | 2018-02-22 | -11/+168 |
* | CSP: Support IDNs in connect-src | janekptacijarabaci | 2018-02-22 | -2/+135 |
* | CSP: Ignore nonces on <img> per spec | janekptacijarabaci | 2018-02-22 | -4/+111 |
* | CSP: Upgrade SO navigational requests per spec. | janekptacijarabaci | 2018-02-22 | -0/+184 |
* | CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors directive exists | janekptacijarabaci | 2018-02-22 | -0/+104 |
* | Explicitly cancel channel after mixed content redirect. | wolfbeast | 2018-02-08 | -1/+6 |
* | CSP should only check host (not including path) when performing frame ancesto... | wolfbeast | 2018-02-06 | -0/+19 |
* | Add m-esr52 at 52.6.0 | Matt A. Tobin | 2018-02-02 | -0/+31574 |