summaryrefslogtreecommitdiffstats
path: root/netwerk/protocol/http/HttpBaseChannel.cpp
Commit message (Collapse)AuthorAgeLines
* [network/dom] Improve sanitization of download filenames.Moonchild2020-07-29-0/+6
|
* Issue #80 - De-unify netwerk/protocol/httpMoonchild2020-05-20-0/+1
|
* Issue #1288 - Use NS_DECL_THREADSAFE_ISUPPORTS in HttpBaseChannel.cppGaming4JC2019-11-16-1/+1
| | | | Fixes a regression in Part 1b which caused HTML5 parser to fall off the main thread.
* Part 1: network component changes.wolfbeast2019-03-07-2/+3
|
* Telemetry: Remove stubs and related codeadeshkp2019-01-12-10/+0
|
* Do not report resource-timing subdocument loads triggered by that subdocument.wolfbeast2018-12-14-4/+7
|
* backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across ↵Gaming4JC2018-09-25-15/+3
| | | | | | | | | | | | | | | origins Potential attack: session supercookie. [Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5): "The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name *globally*. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that. What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak." [Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8): "nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers). So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char*. If it is a new header name the char* will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders."
* Remove all C++ Telemetry Accumulation calls.wolfbeast2018-09-03-2/+0
| | | | | This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables). Stub resolution/removal should be a follow-up to this.
* moebius#158: The Performance Resource Timing (added support for "workerStart")janekptacijarabaci2018-04-29-18/+138
| | | | https://github.com/MoonchildProductions/moebius/pull/158
* Bug 1440775 - Make fetch API force-cache and only-if-cached use ↵Ben Kelly2018-03-14-4/+4
| | | | | | | | | | VALIDATE_NEVER instead of LOAD_FROM_CACHE. r=mayhemer, a=RyanVM --HG-- extra : source : 60fb09de57ec145923da102f856399d3323f632b extra : amend_source : b42db87defcc5615773cfa4659af9ff5b9cd4b72 extra : intermediate-source : 599641c7992def734cb352d9413aa51bf0e9793f extra : histedit_source : 1d42c837225bdf000d3a68bef46a862be87d4044
* DevTools - network - implement the secureConnectionStart property for the ↵janekptacijarabaci2018-03-01-0/+7
| | | | | | | PerformanceTiming https://github.com/MoonchildProductions/moebius/pull/116 ("/testing" and "/toolkit" in in the previous commit)
* Add m-esr52 at 52.6.0Matt A. Tobin2018-02-02-0/+3715