summaryrefslogtreecommitdiffstats
path: root/dom/security
Commit message (Expand)AuthorAgeLines
* Issue #80 - De-unify dom/securityMoonchild2020-04-23-3/+47
* [CSP] Allow not having a Port for RessourceURI if the Scheme has nowolfbeast2020-02-11-1/+15
* Fix whitelisting of JavaScript-uris by CSP hash.wolfbeast2019-09-05-2/+13
* Add checks to respect CSP-wildcard + Ports.Sebastian Streich2019-09-05-14/+18
* Convert dom/base/nsImageLoadingContent.cpp to use AsyncOpen2 and followups al...win7-72019-08-08-1/+4
* Selectively allow ftp subresources in the blocked mode.wolfbeast2019-07-15-1/+21
* Add preference to allow the loading of FTP subresources for corner caseswolfbeast2019-07-14-0/+3
* Prevent loading of document subresources over FTP.wolfbeast2019-03-09-0/+57
* Telemetry: Remove stubs and related codeadeshkp2019-01-12-17/+1
* backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across or...Gaming4JC2018-09-25-1/+1
* Remove all C++ Telemetry Accumulation calls.wolfbeast2018-09-03-40/+1
* nsIContentPolicy::TYPE_DOCUMENT - Use "aLoadInfo->ContextForTopLevelLoad()" i...janekptacijarabaci2018-07-05-1/+1
* Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects is f...janekptacijarabaci2018-06-23-2/+2
* Bug 1469150 - Tests added to check scripts with valid nonce is allowed if URL...janekptacijarabaci2018-06-23-0/+0
* Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirectsjanekptacijarabaci2018-06-21-1/+100
* Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOADjanekptacijarabaci2018-06-17-0/+3
* Bug 1398229 - Save-link-as feature should use the loading principal - impleme...janekptacijarabaci2018-06-17-0/+13
* Remove support and tests for HSTS priming from the tree. Fixes #384Gaming4JC2018-05-26-948/+8
* Remove MOZ_B2G leftovers and some dead B2G-only components.wolfbeast2018-05-12-9/+0
* Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityM...janekptacijarabaci2018-04-30-7/+0
* Bug 1182569: Update ContentSecurityManager to handle docshell loadsjanekptacijarabaci2018-04-30-17/+64
* moebius#187: DOM - nsIContentPolicy - context (document)janekptacijarabaci2018-04-23-20/+43
* Revert "Bug 1182569: Update ContentSecurityManager to handle docshell loads"janekptacijarabaci2018-04-22-64/+17
* Bug 1182569: Update ContentSecurityManager to handle docshell loadsjanekptacijarabaci2018-04-22-17/+64
* Bug 1329288: Allow content policy consumers to identify contentPolicy checks ...janekptacijarabaci2018-04-22-2/+3
* Bug 1329288 - Test ContentPolicy blocks opening a new windowjanekptacijarabaci2018-04-22-0/+1
* moebius#230: Consider blocking top level window data: URIs (part 3/3 without ...janekptacijarabaci2018-04-22-0/+49
* moebius#226: Consider blocking top level window data: URIs (part 2/2 without ...janekptacijarabaci2018-04-22-57/+149
* moebius#223: Consider blocking top level window data: URIs (part 1/3 without ...janekptacijarabaci2018-04-22-0/+476
* moebius#159: CSP - support for "frame-ancestors" in "Content-Security-Policy-...janekptacijarabaci2018-04-14-8/+74
* Bug 1288768 - Better error reporting for network errors in workersjanekptacijarabaci2018-04-04-11/+2
* Add support for CSP v3 "worker-src" directivewolfbeast2018-03-03-44/+463
* CSP: connect-src 'self' should always include https: and wss: schemesjanekptacijarabaci2018-02-22-11/+168
* CSP: Support IDNs in connect-srcjanekptacijarabaci2018-02-22-2/+135
* CSP: Ignore nonces on <img> per specjanekptacijarabaci2018-02-22-4/+111
* CSP: Upgrade SO navigational requests per spec.janekptacijarabaci2018-02-22-0/+184
* CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors directive existsjanekptacijarabaci2018-02-22-0/+104
* Explicitly cancel channel after mixed content redirect.wolfbeast2018-02-08-1/+6
* CSP should only check host (not including path) when performing frame ancesto...wolfbeast2018-02-06-0/+19
* Add m-esr52 at 52.6.0Matt A. Tobin2018-02-02-0/+31574