1. 11 Jun, 2020 1 commit
  2. 02 Jul, 2020 1 commit
  3. 06 Jul, 2020 1 commit
  4. 29 Jun, 2020 1 commit
  5. 24 Jun, 2020 1 commit
  6. 25 Jun, 2020 1 commit
    • J.C. Jones's avatar
      Bug 1644627 - Set the WebAuthn `appid` client extension result properly... · cecddaae
      J.C. Jones authored
      Bug 1644627 - Set the WebAuthn `appid` client extension result properly r=bbeurdouche,keeler a=RyanVM
      
      The semantics of what Firefox implemented for the AppID extension for WebAuthn
      were wrong. Notably: It was always emitted if the extension were used, and
      always set to `true`. The specification has more nuance so that RPs can use
      that result to determine what to validate against.
      
      As a reminder since it's been a while, this change has impacts to the WebAuthn
      Token Manager layer, so there's duplicative changes in the soft token and in
      the HID token, _and the automated tests only test the soft token_. Manual
      testing using webauthn.bin.coffee and other test sites are needed to verify
      behavior in U2FHIDTokenManager.
      
      Differential Revision: https://phabricator.services.mozilla.com/D79568
      cecddaae
  7. 24 Jun, 2020 1 commit
  8. 22 Jun, 2020 1 commit
  9. 23 Jun, 2020 1 commit
  10. 24 Jun, 2020 2 commits
    • Rob Wu's avatar
      Bug 1635781 - Fully replace the web page's CSP if modified by add-on. r=mixedpuppy, a=RyanVM · 2b9adec7
      Rob Wu authored
      The original addition of CSP to `headersAlreadySet` in bug 1462989 was
      to make sure that CSP response headers from different extensions are
      merged as expected. The logic did however not take into account that
      unconditionally merging modified headers means that the header would be
      merged with the original CSP from the web page, which prevented add-ons
      from relaxing a CSP from the web page.
      
      This commit fixes the bug by tracking the CSP status on the
      `ResponseHeaderChanger` instance, which is shared by all webRequest
      handlers of a single request.
      
      Differential Revision: https://phabricator.services.mozilla.com/D80761
      2b9adec7
    • Rob Wu's avatar
      Bug 1635781 - Fix broken logic in test_ext_webRequest_mergecsp.js. r=mixedpuppy, a=RyanVM · 15f747ab
      Rob Wu authored
      - Most importantly: Fix the `test_csp` helper to actually replace the
        page's CSP header. The existing tests verify that the web page's CSP
        is still applied, which is trivially true if the helper extension
        appends the CSP instead of replacing it.
      
      - Expand comment on the meaning of the parameters in `test_csp`.
      
      - `sendMessage` is not async, properly await the result.
      
      - Unload extensions before checking assertions, to avoid unhelpful error
        messages about extensions not having been unloaded at the end of the
        test.
      
      - Report which test case is being run to make debugging easier.
      
      Differential Revision: https://phabricator.services.mozilla.com/D80760
      15f747ab
  11. 11 Jun, 2020 1 commit
  12. 24 Jun, 2020 1 commit
  13. 12 Jun, 2020 1 commit
  14. 30 Jun, 2020 1 commit
  15. 25 Jun, 2020 1 commit
  16. 22 Jun, 2020 3 commits
  17. 18 Jun, 2020 2 commits
  18. 15 Jun, 2020 2 commits
  19. 11 Jun, 2020 1 commit
  20. 10 Jun, 2020 1 commit
  21. 08 Jun, 2020 1 commit
  22. 17 Jun, 2020 1 commit
  23. 15 Jun, 2020 1 commit
  24. 10 Jun, 2020 1 commit
  25. 09 Jun, 2020 1 commit
  26. 08 Jun, 2020 1 commit
  27. 04 Jun, 2020 3 commits
  28. 30 Jun, 2020 1 commit
  29. 25 Jun, 2020 1 commit
  30. 26 Jun, 2020 1 commit
  31. 04 Jun, 2020 1 commit
  32. 12 Jun, 2020 1 commit
  33. 30 Jun, 2020 1 commit