Bug 1863246 - Make the page that enters BFCache not asking the parent process to update the active browsing context r=peterv,dom-core a=RyanVM

Currently, when a page enters BFCache, it updates the parent process
for the active BC; however, the page that is about to show will do the
same. These two operations are triggered in different processes with
different active id, they are racy and problematic.

This patch fixes the above issue by not updating the parent process
when a page enters BFCache.

This only applies to BFCacheInParent is enabled.

Differential Revision: https://phabricator.services.mozilla.com/D215818

Previously this load would be allowed due to the "web-controlled" check
failing to reject the load. This patch instead bases it on the
docshell.newWindowTarget flag, which is set for the first load in a new
DocShell due to a call to window.open or target=_blank.

This required making the external protocol channel be a property bag so
that the flag can be set on the channel. In the future we may want to
switch this flag to being set in a more generic way which is less
specific to the channel.

Differential Revision: https://phabricator.services.mozilla.com/D217484

Bug 1834864 - Select BCG more consistently during COOP+COEP process switches, r=smaug,tabbrowser-reviewers,mak, a=dmeehan

Previously it was possible to bypass specific BCG selection based on
cross-origin isolated status if the site was allowed to load file URIs
using enterprise policies, which could lead to a crash.

This patch changes the behaviour such that BCG selection now happens
correctly. The site will still not be cross-origin isolated due to being
loaded into a file content process.

Differential Revision: https://phabricator.services.mozilla.com/D217007

Bug 1747230 - Fix IsUpgradeDowngradeEndlessLoop blocking legitimate redirects when redirecting to different query parameters  a=dmeehan

This changes where the IsUpgradeDowngradeEndlessLoop check triggers.
Before this patch, it triggered during the redirect caused by the https
upgrade. With this patch, it triggers during the downgrade for http
redirects. META and JS redirect are still detected during upgrade.
This should be fixed as a follow up (See Bug 1896691).
Downgrade in this context means same url, except with the scheme http
instead of https.

Different query parameters normally lead to different responses by web servers.
Don't consider the '#ref' part of the uri, because it doesn't get send to
the server and therefore can't change the server response.

We can't use the redirect chain anymore, because the query parameters
are trimmed since Bug 1715785.

This also removes the config option dom.security.https_only_check_path_upgrade_downgrade_endless_loop,
because it adds unnecessary complexity. Removing it for this patch is
easier.

https-only, https-first and httpssvc_https_upgrade tests had to be
modified, because they depended on the incorrect handling of query
strings in loop detection.

Original Revision: https://phabricator.services.mozilla.com/D193672

Differential Revision: https://phabricator.services.mozilla.com/D214977

Bug 1890748 - Move responsibility of FeaturePolicy initialization to nsILoadInfo. r=freddyb,necko-reviewers,jesup,dom-core,sefeng, a=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D207140

This patch addresses the problem that we currently collect HTTPS-First telemetry
for sites that are not reachable at all, be it through always causing a error or
through always timing out.

- On a downgrade, do not collect telemetry instantly, but instead save the
  telemetry data in the load state for the downgraded request
- That telemetry data will then be copied over into the document load listener
  of the new request
- On a successful request, if we have downgrade data in the load listener, we
  collect the downgrade telemetry, as the downgrade seems to have been
  successful
- Similar to the downgrade case, we only count the upgrade metric once we
  encounter a successful request annotated with the information that it was
  upgraded by HTTPS-First, instead of counting it instantly on the decision to
  upgrade. This also means the upgrade metric will not include loads that are
  downgraded again anymore
- Add a testcase for a site which is neither reachable via HTTP nor HTTPS, and
  ensure no telemetry is collected

Original Revision: https://phabricator.services.mozilla.com/D210792

Differential Revision: https://phabricator.services.mozilla.com/D211999

Backed out changeset b234ba179483 (bug 1747230) for causing mochitest failures on browser_target_blank.js. CLOSED TREE

Bug 1747230 - Fix IsUpgradeDowngradeEndlessLoop blocking legitimate redirects when redirecting to different query parameters r=necko-reviewers,kershaw,simonf,maltejur

This changes where the IsUpgradeDowngradeEndlessLoop check triggers.
Before this patch, it triggered during the redirect caused by the https
upgrade. With this patch, it triggers during the downgrade for http
redirects. META and JS redirect are still detected during upgrade.
This should be fixed as a follow up (See Bug 1896691).
Downgrade in this context means same url, except with the scheme http
instead of https.

Different query parameters normally lead to different responses by web servers.
Don't consider the '#ref' part of the uri, because it doesn't get send to
the server and therefore can't change the server response.

We can't use the redirect chain anymore, because the query parameters
are trimmed since Bug 1715785.

This also removes the config option dom.security.https_only_check_path_upgrade_downgrade_endless_loop,
because it adds unnecessary complexity. Removing it for this patch is
easier.

https-only, https-first and httpssvc_https_upgrade tests had to be
modified, because they depended on the incorrect handling of query
strings in loop detection.

Differential Revision: https://phabricator.services.mozilla.com/D193672

Bug 1900132 - attempt to redirect www.example.com to example.com to avoid certificate domain name mismatch errors r=jschanck,smaug

Differential Revision: https://phabricator.services.mozilla.com/D212329

The purpose of this page is to improve the fingerprinting protections
in Firefox.

Differential Revision: https://phabricator.services.mozilla.com/D209599

Differential Revision: https://phabricator.services.mozilla.com/D211792

Bug 196078 - Part 2: Support displaying arbitrary text/* MIME types as plain text, r=smaug,necko-reviewers,valentin

This patch refactors how we check for text formats when deciding how to handle
resources, such that more text MIME types will be rendered in-browser, rather
than downloaded.

This change requires us to move more away from using the Gecko-Content-Viewers
category in the category manager for this decision, as we need to handle an
unlimited number of MIME types behind the scenes.

Support for Gecko-Content-Viewers was left in for both the in-tree use for
application/http-index-format and dynamically determining whether image/avif
and image/jxl are supported, as well as for the message/rfc822 type used by
Thunderbird.

Differential Revision: https://phabricator.services.mozilla.com/D212078

Backed out 7 changesets (bug 1894958) for causing bc failures on browser_usercharacteristics_gamepads. CLOSED TREE

Backed out changeset 2d6a773b1cfe (bug 1894958)
Backed out changeset 64fa5abd15b1 (bug 1894958)
Backed out changeset 73017dc41a54 (bug 1894958)
Backed out changeset 99498fc1e89c (bug 1894958)
Backed out changeset 4ef86875b1c2 (bug 1894958)
Backed out changeset 31e1c5284927 (bug 1894958)
Backed out changeset 29545556fe0b (bug 1894958)

The purpose of this page is to improve the fingerprinting protections
in Firefox.

Differential Revision: https://phabricator.services.mozilla.com/D209599

Backed out 7 changesets (bug 1894958) for causing bc failures @ browser_usercharacteristics.js CLOSED TREE

Backed out changeset f0b3873afbbf (bug 1894958)
Backed out changeset 0163ab00de90 (bug 1894958)
Backed out changeset dc5209d0115f (bug 1894958)
Backed out changeset c7c58e406791 (bug 1894958)
Backed out changeset 1ff86ac5480e (bug 1894958)
Backed out changeset 862f163cf35c (bug 1894958)
Backed out changeset 4ad50fcd042b (bug 1894958)

The purpose of this page is to improve the fingerprinting protections
in Firefox.

Differential Revision: https://phabricator.services.mozilla.com/D209599

Thunderbird architecture does not currently allow for redirecting channels to
child processes, so new schemes need to be isolated to the parent process.
`x-moz-ews` was selected to clearly designate that the scheme is private and
restricted to Mozilla/MZLA code. It doesn't follow the RFC 7595 recommendation
to use a registered domain as a namespace, but this was felt to be unwieldy.

Differential Revision: https://phabricator.services.mozilla.com/D212439

Backed out 3 changesets (bug 1718673, bug 196078) for causing wpt failures on report-frame-ancestors-with-x-frame-options.sub.html CLOSED TREE

Backed out changeset 6a54aa5039e7 (bug 196078)
Backed out changeset 0582d2fa1401 (bug 196078)
Backed out changeset d8d9a0fe366b (bug 1718673)

Backed out changeset 1034029ae9ed (bug 1681457) for causing failures on test_window_close.html CLOSED TREE

Bug 196078 - Part 2: Support displaying arbitrary text/* MIME types as plain text, r=smaug,necko-reviewers,valentin

This patch refactors how we check for text formats when deciding how to handle
resources, such that more text MIME types will be rendered in-browser, rather
than downloaded.

This change requires us to move more away from using the Gecko-Content-Viewers
category in the category manager for this decision, as we need to handle an
unlimited number of MIME types behind the scenes.

Support for Gecko-Content-Viewers was left in for both the in-tree use for
application/http-index-format and dynamically determining whether image/avif
and image/jxl are supported, as well as for the message/rfc822 type used by
Thunderbird.

Differential Revision: https://phabricator.services.mozilla.com/D212078

Differential Revision: https://phabricator.services.mozilla.com/D211792

Differential Revision: https://phabricator.services.mozilla.com/D172196

`PresShell::GetRootScrollFrameAsScrollable()` is equivalent to
`PresShell::GetRootScrollContainerFrame()`.

In ScrollContainerFrame.h, `DecideScrollableLayer()` has two versions, one has
four parameters, and the other has five parameters with the fifth parameter
`aDirtyRectHasBeenOverriden` having a default value `nullptr`. When we switch
the caller from `nsIScrollableFrame` to `ScrollContainerFrame`, we need to
remove the default value for the fifth parameter to avoid ambiguity.

Differential Revision: https://phabricator.services.mozilla.com/D211494

Bug 1896516 Part 1 - Rename PresShell::GetRootScrollFrame(), and make it return ScrollContainerFrame. r=layout-reviewers,emilio

In theory, changing the return type from `nsIFrame*` to `ScrollContainerFrame*`
exposes `ScrollContainerFrame` to the callers who might not needed, but almost
all of the callers in cpp files are already exposed to `nsIScrollableFrame`, as
demonstrated in this patch via replacing the #include from
"nsIScrollableFrame.h" to "ScrollContainerFrame.h", so this is OK.

Some callers can be simplified since we no longer need `do_QueryFrame` to
`nsIScrollableFrame`.

Differential Revision: https://phabricator.services.mozilla.com/D211488

Differential Revision: https://phabricator.services.mozilla.com/D203780

Backed out changeset fd6904338812 (bug 1896516)
Backed out changeset 2977ff81a23e (bug 1896516)
Backed out changeset c8a6b0e526d6 (bug 1896516)
Backed out changeset 3c06f22da72b (bug 1896516)
Backed out changeset f63b0c4335fe (bug 1896516)
Backed out changeset 6f7ab8adfa6e (bug 1896516)
Backed out changeset 997c9249dbed (bug 1896516)
Backed out changeset c964fccd5180 (bug 1896516)
Backed out changeset 7b481b747b7a (bug 1896516)
Backed out changeset 42e1bbe0ecb6 (bug 1896516)
Backed out changeset 717dac08b607 (bug 1896516)
Backed out changeset 2f0817331dbe (bug 1896516)
Backed out changeset b765169a7a8f (bug 1896516)
Backed out changeset a2d37b98273c (bug 1896516)
Backed out changeset ea9ecb543e66 (bug 1896516)

`PresShell::GetRootScrollFrameAsScrollable()` is equivalent to
`PresShell::GetRootScrollContainerFrame()`.

In ScrollContainerFrame.h, `DecideScrollableLayer()` has two versions, one has
four parameters, and the other has five parameters with the fifth parameter
`aDirtyRectHasBeenOverriden` having a default value `nullptr`. When we switch
the caller from `nsIScrollableFrame` to `ScrollContainerFrame`, we need to
remove the default value for the fifth parameter to avoid ambiguity.

Differential Revision: https://phabricator.services.mozilla.com/D211494

Bug 1896516 Part 1 - Rename PresShell::GetRootScrollFrame(), and make it return ScrollContainerFrame. r=layout-reviewers,emilio

In theory, changing the return type from `nsIFrame*` to `ScrollContainerFrame*`
exposes `ScrollContainerFrame` to the callers who might not needed, but almost
all of the callers in cpp files are already exposed to `nsIScrollableFrame`, as
demonstrated in this patch via replacing the #include from
"nsIScrollableFrame.h" to "ScrollContainerFrame.h", so this is OK.

Some callers can be simplified since we no longer need `do_QueryFrame` to
`nsIScrollableFrame`.

Differential Revision: https://phabricator.services.mozilla.com/D211488

Backed out changeset 9b708a1dc402 (bug 1890748) for causing bc failures in browser_permission_delegate_geo.js CLOSED TREE

This patch addresses the problem that we currently collect HTTPS-First telemetry
for sites that are not reachable at all, be it through always causing a error or
through always timing out.

- On a downgrade, do not collect telemetry instantly, but instead save the
  telemetry data in the load state for the downgraded request
- That telemetry data will then be copied over into the document load listener
  of the new request
- On a successful request, if we have downgrade data in the load listener, we
  collect the downgrade telemetry, as the downgrade seems to have been
  successful
- Similar to the downgrade case, we only count the upgrade metric once we
  encounter a successful request annotated with the information that it was
  upgraded by HTTPS-First, instead of counting it instantly on the decision to
  upgrade. This also means the upgrade metric will not include loads that are
  downgraded again anymore
- Add a testcase for a site which is neither reachable via HTTP nor HTTPS, and
  ensure no telemetry is collected

Differential Revision: https://phabricator.services.mozilla.com/D210792

Bug 1890748 - Move responsibility of FeaturePolicy initialization to nsILoadInfo. r=freddyb,necko-reviewers,jesup,dom-core,sefeng

Differential Revision: https://phabricator.services.mozilla.com/D207140

Bug 1890748 - Move responsibility of FeaturePolicy initialization to nsILoadInfo. r=freddyb,necko-reviewers,jesup,dom-core,sefeng

Differential Revision: https://phabricator.services.mozilla.com/D207140

Bug 1874917 - Rename SearchTestUtils.promiseNewSearchEngine to SearchTestUtils.installOpenSearchEngine r=Standard8

Differential Revision: https://phabricator.services.mozilla.com/D211309

Differential Revision: https://phabricator.services.mozilla.com/D210862

Bug 1895232 - Convert do_GetService to using components::*::service in netwerk/ r=valentin,cookie-reviewers,places-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D209747

Same-document navigation follows a different code path than normal navigation
and was therefore not covered in the initial implementation for text fragments.
Same-document navigation does not set a URI in the `Document`, which
is the way cross-document navigation would parse text directives from the URL.

Instead, `nsDocShell::ScrollToAnchor()` is called via
`nsDocShell::InternalLoad()`-> `nsDocShell::HandleSameDocumentNavigation()`.
This code path needs to parse and remove the fragment directive from the new
fragment to be able to find text fragments and to allow for element-id fallback.
`nsDocShell::ScrollToAnchor()` needs to start an attempt to scroll to the text fragment
if it exists. It must not, however, clear the uninvoked text directives,  because a
same-document navigation could happen before the document is fully loaded,
hence the target text might not be part of the DOM tree.

As per spec, a second attempt to scroll to the text fragment is done after the load
is completed. This is done by `Document::ScrollToRef()`, which is called by
`nsDocumentViewer::LoadComplete()` after the load has finished.
This call will clear the uninvoked directives.

Differential Revision: https://phabricator.services.mozilla.com/D209726

Bug 1784496 - The necko consumers should use the priority's incremental flag r=necko-reviewers,kershaw

This patch sets the incremental flag on document and image channels

Differential Revision: https://phabricator.services.mozilla.com/D209235

It's only implemented by BrowserChild, we can do this more directly.

Differential Revision: https://phabricator.services.mozilla.com/D209534