Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | Revert "Issue #1473 - Add `%OS_SLICE%` macro to SSUAO to refine OS info"RELBASE_20200324 | wolfbeast | 2020-03-24 | -4/+1 |
| | | | | This reverts commit 3c8bc3da7cd537680288e8b870c21e1ae789a541. | |||
* | Revert "Issue #1482 - Give dynamic SSUAO rules priority over static ones" | wolfbeast | 2020-03-24 | -19/+7 |
| | | | | This reverts commit a20f208834b87dfdd10dee3267056a8492a2b649. | |||
* | Issue #1482 - Give dynamic SSUAO rules priority over static ones | JustOff | 2020-03-15 | -7/+19 |
| | ||||
* | Issue #1053 - Remove no longer used function and modules from ↵ | JustOff | 2020-03-11 | -30/+0 |
| | | | | `UserAgentUpdates.jsm` | |||
* | Issue #1473 - Add `%OS_SLICE%` macro to SSUAO to refine OS info | JustOff | 2020-03-10 | -1/+4 |
| | ||||
* | Issue #1053 - Remove android support from ↵ | Matt A. Tobin | 2020-02-22 | -55/+0 |
| | | | | netwerk/protocol/http/nsHttpHandler.cpp | |||
* | Issue #1053 - Remove android support from netwerk | Matt A. Tobin | 2020-02-22 | -33/+2 |
| | ||||
* | [Network] Bump http channel default Firefox CompatMode init value. | wolfbeast | 2020-02-14 | -1/+1 |
| | ||||
* | Fix preprocessor directive in UserAgentUpdates.jsm | New Tobin Paradigm | 2020-02-02 | -1/+1 |
| | ||||
* | Issue #65 - Remove AppConstants from netwerk/ | Matt A. Tobin | 2020-02-01 | -10/+9 |
| | ||||
* | No issue - Fix unsafe http methods on HTTP/2 with TLSv1.3 0RTT. | wolfbeast | 2020-01-18 | -2/+6 |
| | ||||
* | Revert "No issue - Fix unsafe http methods on HTTP/2 with TLSv1.3 0RTT." | wolfbeast | 2020-01-18 | -6/+2 |
| | | | | This reverts commit 67d336a6f27889bdef4723194b6611d049830266. | |||
* | No issue - Fix unsafe http methods on HTTP/2 with TLSv1.3 0RTT. | wolfbeast | 2020-01-17 | -2/+6 |
| | ||||
* | Handle missing base64 challenge in NegotiateAuth and NTLMAuth. | wolfbeast | 2020-01-09 | -2/+2 |
| | ||||
* | Issue #1288 - Use NS_DECL_THREADSAFE_ISUPPORTS in HttpBaseChannel.cpp | Gaming4JC | 2019-11-16 | -1/+1 |
| | | | | Fixes a regression in Part 1b which caused HTML5 parser to fall off the main thread. | |||
* | Issue #1275 - Add pref to disable warning prompts for SuperfluousAuth | wolfbeast | 2019-11-07 | -3/+15 |
| | | | | | | and AutomaticAuth, and default to not prompting. This resolves #1275. | |||
* | Add null check in Http2Session::RecvAltSvc | wolfbeast | 2019-10-23 | -0/+1 |
| | ||||
* | Convert dom/base/nsImageLoadingContent.cpp to use AsyncOpen2 and followups ↵ | win7-7 | 2019-08-08 | -0/+3 |
| | | | | | | along with it (1445670 and 1373780 part 2 and 3) Convert dom/base/nsImageLoadingContent.cpp to use AsyncOpen2 and followups along with it (1445670 and 1373780 part 2 and 3) | |||
* | Implement a threadsafe & revised version of http2PushedStream. | wolfbeast | 2019-07-22 | -32/+145 |
| | | | | This re-applies the patch for this with added typename declaration. | |||
* | Revert "Implement a threadsafe & revised version of http2PushedStream." | wolfbeast | 2019-07-21 | -144/+32 |
| | | | | | | Backed out because of gcc build failures. This reverts commit 66fae1d81013a2321e7d607a426f834a01b847ce. | |||
* | Bug 1548822. | Honza Bambas | 2019-07-20 | -3/+7 |
| | ||||
* | Check port safety for AltSvc | wolfbeast | 2019-07-20 | -0/+5 |
| | ||||
* | Bug 1550498. | Honza Bambas | 2019-07-19 | -3/+8 |
| | ||||
* | Implement a threadsafe & revised version of http2PushedStream. | wolfbeast | 2019-07-18 | -32/+144 |
| | ||||
* | Block http auth prompt for cross-origin image subresources by default. | wolfbeast | 2019-07-15 | -7/+21 |
| | | | | | | Still allow this to be bypassed with a pref for those really rare corner cases where images are loaded cross-origin by design and the session hasn't been/can't be authenticated ahead of time. | |||
* | Return proper error if the nss layer encounters an error on the http | wolfbeast | 2019-03-22 | -26/+30 |
| | | | | tunnel. | |||
* | Close the transaction if PR_Read/PR_Write failed. | wolfbeast | 2019-03-22 | -15/+51 |
| | | | | | | When PR_Read/PR_White returns -1, we have to use ErrorAccordingToNSPR to get the error code. We need to close the transaction if a real error happens. | |||
* | Part 1: network component changes. | wolfbeast | 2019-03-07 | -19/+100 |
| | ||||
* | Make `AllowExperiments` return `false` as it is not useful without telemetry | adeshkp | 2019-01-14 | -1/+4 |
| | ||||
* | Telemetry: Remove stubs and related code | adeshkp | 2019-01-12 | -146/+3 |
| | ||||
* | Do not report resource-timing subdocument loads triggered by that subdocument. | wolfbeast | 2018-12-14 | -4/+7 |
| | ||||
* | Add a nullcheck on pipelined HTTP connections' pushback. | wolfbeast | 2018-11-20 | -0/+5 |
| | ||||
* | #863 Part 1: Make sending of http upgrade-insecure-requests optional | wolfbeast | 2018-11-05 | -2/+11 |
| | | | | Defaults to false if not configured. | |||
* | Backout opportunistic encryption changes. | wolfbeast | 2018-11-04 | -11/+2 |
| | | | | | | Apparently there is some functional and naming confusion here. Backing out to re-land after evaluation and possible changes. Tag #863. | |||
* | Make opportunistic encryption configurable. | wolfbeast | 2018-11-04 | -2/+11 |
| | | | | | | | This adds a pref "network.http.opportunistic-encryption" that controls whether we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not. This patch modifies the platform network parts. Default for the platform is "true". Part 1 for #863 | |||
* | Make HTTP/2 compressor more resilient to bad data. | wolfbeast | 2018-11-01 | -3/+23 |
| | ||||
* | Merge pull request #791 from g4jc/session_supercookie | Moonchild | 2018-09-27 | -57/+194 |
|\ | | | | | Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins | |||
| * | backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across ↵ | Gaming4JC | 2018-09-25 | -57/+194 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | origins Potential attack: session supercookie. [Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5): "The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name *globally*. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that. What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak." [Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8): "nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers). So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char*. If it is a new header name the char* will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders." | |||
* | | backport mozbug 1444532 - fix a leak in SHA256 in nsHttpConnectionInfo.cpp ↵ | Gaming4JC | 2018-09-26 | -14/+8 |
|/ | | | | | | | | r=mayhemer The original code (from bug 1200802) declared an XPCOM object as a static bare pointer, which for future reference is probably never the right thing to do. It might have worked if it was cleared before shutdown but it never was. | |||
* | Add a null check in nsHttpTransaction::Close. | wolfbeast | 2018-09-19 | -1/+3 |
| | | | | This resolves #776. | |||
* | Remove all C++ Telemetry Accumulation calls. | wolfbeast | 2018-09-03 | -342/+3 |
| | | | | | This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables). Stub resolution/removal should be a follow-up to this. | |||
* | Refresh nsStringBundleService and nsHttpHandler when the browser locale is ↵ | JustOff | 2018-08-25 | -15/+25 |
| | | | | changed | |||
* | Issue #686: Un-deprecate the Application Cache API | SpockMan02 | 2018-08-05 | -25/+0 |
| | ||||
* | Fixed misleading console error message for multiple CORS headers | janekptacijarabaci | 2018-07-31 | -1/+1 |
| | ||||
* | Remove SSL Error Reporting telemetry | wolfbeast | 2018-06-29 | -55/+0 |
| | ||||
* | Build - throws a warning: 'rv': unreferenced local variable | janekptacijarabaci | 2018-05-31 | -1/+0 |
| | | | | PR #412 | |||
* | Remove support and tests for HSTS priming from the tree. Fixes #384 | Gaming4JC | 2018-05-26 | -607/+4 |
| | ||||
* | Revert incorrect UAO optimization that broke SSUAO | JustOff | 2018-05-15 | -67/+4 |
| | ||||
* | Remove MOZ_WIDGET_GONK [2/2] | wolfbeast | 2018-05-13 | -79/+0 |
| | | | | Tag #288 | |||
* | moebius#158: The Performance Resource Timing (added support for "workerStart") | janekptacijarabaci | 2018-04-29 | -26/+374 |
| | | | | https://github.com/MoonchildProductions/moebius/pull/158 |