summaryrefslogtreecommitdiffstats
path: root/netwerk
Commit message (Collapse)AuthorAgeLines
* Do not allow the ^ character to appear in the hostname.wolfbeast2019-07-20-1/+1
|
* Bug 1548822.Honza Bambas2019-07-20-3/+7
|
* Treat all file: URIs as having a unique origin.wolfbeast2019-07-20-24/+32
| | | | | | | | | | | This prevents cross-file access from files loaded into the browser from the local file system, further restricting the origin policy of file: URIs. Added a pref to control this behavior for local file access if required for certain applications, since this change might break using the browser to run applications on the local file system that require access to local files.
* Check port safety for AltSvcwolfbeast2019-07-20-0/+5
|
* Bug 1550498.Honza Bambas2019-07-19-3/+8
|
* Implement a threadsafe & revised version of http2PushedStream.wolfbeast2019-07-18-32/+144
|
* Block http auth prompt for cross-origin image subresources by default.wolfbeast2019-07-15-7/+21
| | | | | | Still allow this to be bypassed with a pref for those really rare corner cases where images are loaded cross-origin by design and the session hasn't been/can't be authenticated ahead of time.
* Add preference to allow the loading of FTP subresources for corner caseswolfbeast2019-07-14-0/+13
|
* Remove deprecated appending of #-moz-resolution from Pale Moon and left over ↵Matt A. Tobin2019-05-12-1/+0
| | | | | | | | from nsMediaFragmentURIParser.h This also magically makes Aero Peek work properly with Pale Moon thus: Resolves #809
* Merge branch 'master' into default-prefAscrod2019-04-18-3/+3
|\
| * Remove some BEOS 1st party code leftovers.wolfbeast2019-04-14-3/+3
| |
* | Issue #991 Part 4: Network and URILoaderAscrod2019-04-13-24/+4
|/
* Remove some HPUX leftovers.wolfbeast2019-04-01-1/+0
| | | | Resolves #185
* WebRTC: Add explicit mutex on callback receiver for cases it's notwolfbeast2019-03-23-1/+10
| | | | already locked.
* Convert UI-dictating FTP errors to console errors.wolfbeast2019-03-23-118/+4
|
* Return proper error if the nss layer encounters an error on the httpwolfbeast2019-03-22-26/+30
| | | | tunnel.
* Close the transaction if PR_Read/PR_Write failed.wolfbeast2019-03-22-15/+51
| | | | | | When PR_Read/PR_White returns -1, we have to use ErrorAccordingToNSPR to get the error code. We need to close the transaction if a real error happens.
* Remove unused SSL errorReporting prefswolfbeast2019-03-14-4/+0
| | | | Resolves #1003.
* Part 2: Add testswolfbeast2019-03-07-0/+156
| | | | Tag #993.
* Part 1: network component changes.wolfbeast2019-03-07-19/+100
|
* Expose TLS 1.3 cipher suite prefs.wolfbeast2019-02-10-1/+9
|
* Use existing image decoders to handle clipboard BMP data.wolfbeast2019-02-07-0/+3
| | | | | This gets rid of the old nsImageClipboard widget code in favor of using the nsBMPDecoder in imglib.
* Never let "localhost" get sent to a proxy.wolfbeast2019-02-07-0/+7
| | | | Also make "No proxy for" editable always when usable.
* Remove NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTSwolfbeast2019-01-18-1/+0
|
* Make `AllowExperiments` return `false` as it is not useful without telemetryadeshkp2019-01-14-1/+4
|
* Telemetry: Remove stubs and related codeadeshkp2019-01-12-616/+17
|
* Do not report resource-timing subdocument loads triggered by that subdocument.wolfbeast2018-12-14-4/+39
|
* Add a nullcheck on pipelined HTTP connections' pushback.wolfbeast2018-11-20-0/+5
|
* #863 Part 1: Make sending of http upgrade-insecure-requests optionalwolfbeast2018-11-05-2/+11
| | | | Defaults to false if not configured.
* Backout opportunistic encryption changes.wolfbeast2018-11-04-11/+2
| | | | | | Apparently there is some functional and naming confusion here. Backing out to re-land after evaluation and possible changes. Tag #863.
* Make opportunistic encryption configurable.wolfbeast2018-11-04-2/+11
| | | | | | | This adds a pref "network.http.opportunistic-encryption" that controls whether we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not. This patch modifies the platform network parts. Default for the platform is "true". Part 1 for #863
* WebRTC: Drop DataChannelListener on Destroy().wolfbeast2018-11-02-0/+1
|
* Remove Query/Ref from the directory listing URI.wolfbeast2018-11-01-5/+15
| | | | Port of Bug 1488061.
* Make HTTP/2 compressor more resilient to bad data.wolfbeast2018-11-01-3/+23
|
* backport m-c bug 1333172 - Avoid 1100 warnings by replacing ↵Gaming4JC2018-10-23-1/+3
| | | | NS_ENSURE_SUCCESS in nsNetUtilInlines.h:180
* backport m-c bug 1333174 - Don't use NS_ENSURE_SUCCESS at nsIOService:793Gaming4JC2018-10-22-1/+3
| | | | Log spam fix. Suppresses 1,100 instances of NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520012 emitted from netwerk/base/nsIOService.cpp during linux64 debug testing. Backports [m-c 1333174](https://bugzilla.mozilla.org/show_bug.cgi?id=1333174).
* Remove telemetry from cache v1 service locking (part2).wolfbeast2018-10-01-81/+65
| | | | | | | - Fold Lock(TelemetryID) into Lock(); - Fold nsCacheServiceAutoLock(TelemetryID) into nsCacheServiceAutoLock(); Tag #21.
* Remove telemetry from cache v1 service locking (part1).wolfbeast2018-10-01-11/+2
| | | | Tag #21.
* Remove unused telemetry functions/variables.wolfbeast2018-10-01-27/+0
| | | | Tag #21.
* Remove cache I/O telemetry.wolfbeast2018-09-30-54/+0
| | | | Tag #21.
* Remove telemetry probes to get detailed disk cache hit rate.wolfbeast2018-09-30-195/+0
| | | | Tag #21.
* Remove telemetry probes for cache file system.wolfbeast2018-09-29-82/+0
|
* Clean up a number of unused variables.wolfbeast2018-09-29-49/+0
| | | | Tag #21.
* Remove telemetry to find optimal cache entry hash sizewolfbeast2018-09-29-111/+0
| | | | Tag #21.
* Merge pull request #791 from g4jc/session_supercookieMoonchild2018-09-27-67/+204
|\ | | | | Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
| * backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across ↵Gaming4JC2018-09-25-67/+204
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | origins Potential attack: session supercookie. [Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5): "The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name *globally*. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that. What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak." [Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8): "nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers). So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char*. If it is a new header name the char* will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders."
* | Merge pull request #789 from g4jc/sha256_leakfixMoonchild2018-09-27-14/+8
|\ \ | | | | | | backport mozbug 1444532 - fix a leak in SHA256 in nsHttpConnectionInfo.cpp r=mayhemer
| * | backport mozbug 1444532 - fix a leak in SHA256 in nsHttpConnectionInfo.cpp ↵Gaming4JC2018-09-26-14/+8
| |/ | | | | | | | | | | | | | | r=mayhemer The original code (from bug 1200802) declared an XPCOM object as a static bare pointer, which for future reference is probably never the right thing to do. It might have worked if it was cleared before shutdown but it never was.
* / backport mozbug 1344613 - Avoid possibility of null pointer crash in ↵Gaming4JC2018-09-25-0/+1
|/ | | | nsSOCKSIOLayer.cpp r=mayhemer
* Add a null check in nsHttpTransaction::Close.wolfbeast2018-09-19-1/+3
| | | | This resolves #776.