1. 17 Mar, 2021 1 commit
    • Richard Pospesel's avatar
      Bug 23247: Communicating security expectations for .onion · 3b0641f3
      Richard Pospesel authored and Matthew Finkel's avatar Matthew Finkel committed
      Encrypting pages hosted on Onion Services with SSL/TLS is redundant
      (in terms of hiding content) as all traffic within the Tor network is
      already fully encrypted.  Therefore, serving HTTP pages from an Onion
      Service is more or less fine.
      
      Prior to this patch, Tor Browser would mostly treat pages delivered
      via Onion Services as well as pages delivered in the ordinary fashion
      over the internet in the same way.  This created some inconsistencies
      in behaviour and misinformation presented to the user relating to the
      security of pages delivered via Onion Services:
      
       - HTTP Onion Service pages did not have any 'lock' icon indicating
         the site was secure
       - HTTP Onion Service pages would be marked as unencrypted in the Page
         Info screen
       - Mixed-mode content restrictions did not apply to HTTP Onion Service
         pages embedding Non-Onion HTTP content
      
      This patch fixes the above issues, and also adds several new 'Onion'
      icons to the mix to indicate all of the various permutations of Onion
      Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
      
      Strings for Onion Service Page Info page are pulled from Torbutton's
      localization strings.
      3b0641f3
  2. 27 May, 2020 2 commits
    • Matt Woodrow's avatar
      Bug 1631405 - Move nsISecureBrowserUI to be owned by the canonical browsing... · e060a86c
      Matt Woodrow authored
      Bug 1631405 - Move nsISecureBrowserUI to be owned by the canonical browsing context instead of docshell. r=nika,ckerschb,Gijs,webcompat-reviewers,twisniewski
      
      This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
      
      I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
      
      Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
      
      Differential Revision: https://phabricator.services.mozilla.com/D75447
      e060a86c
    • Matt Woodrow's avatar
      Bug 1631405 - Make sure we initialize all fields of WindowGlobalParent in the constructor. r=nika · 2083b054
      Matt Woodrow authored
      Previously we only set some fields as part of WindowGlobalInit, but WindowGlobalParent sets itself as the current window global on the CanonicalBrowsingContext.
      
      This exposes a period of time where only part of the document state was set, and this was observable to consumers.
      
      This makes OnNewDocument only run when there is a new Document for the same WindowGlobal.
      
      Differential Revision: https://phabricator.services.mozilla.com/D75446
      2083b054
  3. 26 May, 2020 3 commits
    • Bogdan Tara's avatar
      Backed out 4 changesets (bug 1631405) for multiple mochitest failures CLOSED TREE · a54ec307
      Bogdan Tara authored
      Backed out changeset 9963cc0b23cb (bug 1631405)
      Backed out changeset 469ac933ed7c (bug 1631405)
      Backed out changeset 0c5f55864268 (bug 1631405)
      Backed out changeset 20dcbcc2f3b8 (bug 1631405)
      a54ec307
    • Matt Woodrow's avatar
      Bug 1631405 - Move nsISecureBrowserUI to be owned by the canonical browsing... · 240d417e
      Matt Woodrow authored
      Bug 1631405 - Move nsISecureBrowserUI to be owned by the canonical browsing context instead of docshell. r=nika,ckerschb,Gijs,webcompat-reviewers,twisniewski
      
      This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
      
      I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
      
      Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
      
      Differential Revision: https://phabricator.services.mozilla.com/D75447
      240d417e
    • Matt Woodrow's avatar
      Bug 1631405 - Make sure we initialize all fields of WindowGlobalParent in the constructor. r=nika · 5b64e9ba
      Matt Woodrow authored
      Previously we only set some fields as part of WindowGlobalInit, but WindowGlobalParent sets itself as the current window global on the CanonicalBrowsingContext.
      
      This exposes a period of time where only part of the document state was set, and this was observable to consumers.
      
      This makes OnNewDocument only run when there is a new Document for the same WindowGlobal.
      
      Differential Revision: https://phabricator.services.mozilla.com/D75446
      5b64e9ba
  4. 11 May, 2020 1 commit
  5. 08 May, 2020 1 commit
  6. 06 May, 2020 2 commits
  7. 30 Apr, 2020 5 commits
  8. 17 Apr, 2020 1 commit
    • Daniel Varga's avatar
      Backed out 4 changesets (bug 1605209) for causing browser-chrome failures at... · ca80197a
      Daniel Varga authored
      Backed out 4 changesets (bug 1605209) for causing browser-chrome failures at dom/ipc/tests/JSWindowActor/browser_crash_report.js
      
      CLOSED TREE
      
      Backed out changeset 6eb1cc169dbf (bug 1605209)
      Backed out changeset d81b566ad94f (bug 1605209)
      Backed out changeset e0e6dbf1d48d (bug 1605209)
      Backed out changeset 289f5bbac1ae (bug 1605209)
      ca80197a
  9. 16 Apr, 2020 1 commit
  10. 17 Apr, 2020 1 commit
  11. 06 Mar, 2020 1 commit
  12. 01 Mar, 2020 1 commit
  13. 04 Feb, 2020 1 commit
  14. 03 Feb, 2020 1 commit
  15. 20 Jan, 2020 2 commits
  16. 08 Aug, 2019 1 commit
  17. 23 Jul, 2019 1 commit
    • Ciure Andrei's avatar
      Backed out 10 changesets (bug 1523638) for causing high frequency Android 7.0... · c0756f33
      Ciure Andrei authored
      Backed out 10 changesets (bug 1523638) for causing high frequency Android 7.0 mochitests failures CLOSED TREE
      
      Backed out changeset 644ceb2fe568 (bug 1523638)
      Backed out changeset 27647ee7a927 (bug 1523638)
      Backed out changeset 96f1ccb95570 (bug 1523638)
      Backed out changeset b60a17ea716a (bug 1523638)
      Backed out changeset 507e63186c5f (bug 1523638)
      Backed out changeset 33255408ca61 (bug 1523638)
      Backed out changeset d97b2d223616 (bug 1523638)
      Backed out changeset eba2a0514cde (bug 1523638)
      Backed out changeset d7065174c5c4 (bug 1523638)
      Backed out changeset c21b361e175d (bug 1523638)
      c0756f33
  18. 18 Jul, 2019 1 commit
  19. 16 Jul, 2019 2 commits
  20. 22 May, 2019 1 commit
  21. 03 May, 2019 3 commits