summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-11-07 06:01:03 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-11-07 06:01:03 +0100
commit63635e38ff9341c02fae7f4557d230ec710947b6 (patch)
tree007459a8c21a0ed58051b177eb60a2e67aa429c5
parent1626b5d7041ea9c3db92200f91542da46e49dde6 (diff)
parent3c5a34c90075c8cee4be7d316f4b2d7390f7bc29 (diff)
downloaduxp-63635e38ff9341c02fae7f4557d230ec710947b6.tar.gz
Merge branch 'master' into Basilisk-releasev2018.11.07
-rw-r--r--application/basilisk/app/profile/basilisk.js4
-rw-r--r--application/palemoon/components/places/content/editBookmarkOverlay.js5
-rw-r--r--application/palemoon/components/preferences/security.xul19
-rw-r--r--application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd4
-rw-r--r--media/libvpx/vpx_config_x86-win32-vs12.h3
-rw-r--r--media/libvpx/vpx_config_x86_64-win64-vs12.h3
-rw-r--r--modules/libjar/nsJARChannel.cpp19
-rw-r--r--modules/libpref/init/all.js7
-rw-r--r--netwerk/protocol/http/nsHttpChannel.cpp9
-rw-r--r--netwerk/protocol/http/nsHttpChannel.h4
10 files changed, 54 insertions, 23 deletions
diff --git a/application/basilisk/app/profile/basilisk.js b/application/basilisk/app/profile/basilisk.js
index eeec29eb90..cff5f599f2 100644
--- a/application/basilisk/app/profile/basilisk.js
+++ b/application/basilisk/app/profile/basilisk.js
@@ -580,6 +580,10 @@ pref("network.captive-portal-service.enabled", true);
// If true, network link events will change the value of navigator.onLine
pref("network.manage-offline-status", true);
+// Enable opportunistic encryption by default
+pref("network.http.altsvc.oe", true);
+pref("network.http.upgrade-insecure-requests", true);
+
// We want to make sure mail URLs are handled externally...
pref("network.protocol-handler.external.mailto", true); // for mail
pref("network.protocol-handler.external.news", true); // for news
diff --git a/application/palemoon/components/places/content/editBookmarkOverlay.js b/application/palemoon/components/places/content/editBookmarkOverlay.js
index 69d7d32eb5..e3d4537c7b 100644
--- a/application/palemoon/components/places/content/editBookmarkOverlay.js
+++ b/application/palemoon/components/places/content/editBookmarkOverlay.js
@@ -222,6 +222,11 @@ var gEditItemOverlay = {
}
let focusElement = () => {
+ let elt = document.querySelector("textbox:not([collapsed=true])");
+ if (elt) {
+ elt.focus();
+ elt.select();
+ }
this._initialized = true;
};
diff --git a/application/palemoon/components/preferences/security.xul b/application/palemoon/components/preferences/security.xul
index d3d321b16c..b12946f2a5 100644
--- a/application/palemoon/components/preferences/security.xul
+++ b/application/palemoon/components/preferences/security.xul
@@ -50,6 +50,15 @@
name="security.cert_pinning.enforcement_level"
type="int"/>
+ <!-- Opportunistic Encryption -->
+
+ <preference id="network.http.upgrade-insecure-requests"
+ name="network.http.upgrade-insecure-requests"
+ type="bool"/>
+ <preference id="network.http.altsvc.oe"
+ name="network.http.altsvc.oe"
+ type="bool"/>
+
<!-- XSS Filter -->
<!--
<preference id="security.xssfilter.enable" name="security.xssfilter.enable" type="bool"/>
@@ -144,6 +153,16 @@
oncommand="gSecurityPane.updateHPKPPref();"/>
</vbox>
</groupbox>
+
+ <groupbox id="OpportunisticEncryption">
+ <caption label="&OpEnc.label;"/>
+ <checkbox id="enableUIROpEnc"
+ label="&enableUIROpEnc.label;"
+ preference="network.http.upgrade-insecure-requests" />
+ <checkbox id="enableAltSvcOpEnc"
+ label="&enableAltSvcOpEnc.label;"
+ preference="network.http.altsvc.oe" />
+ </groupbox>
<!-- XSS Filter -->
<!--
diff --git a/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd b/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd
index 2bd3b3aecf..930736d56c 100644
--- a/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd
+++ b/application/palemoon/locales/en-US/chrome/browser/preferences/security.dtd
@@ -40,6 +40,10 @@
<!ENTITY enableHPKP.label "Enable Certificate Key Pinning (HPKP)">
<!ENTITY enableHPKP.accesskey "C">
+<!ENTITY OpEnc.label "Opportunistic Encryption (OE)">
+<!ENTITY enableUIROpEnc.label "Enable Upgrade Insecure Requests">
+<!ENTITY enableAltSvcOpEnc.label "Enable HTTP Alternative Services for OE">
+
<!ENTITY XSSFilt.label "XSS Filter">
<!ENTITY enableXSSFilt.label "Enable XSS filter">
<!ENTITY enableXSSFilt.accesskey "f">
diff --git a/media/libvpx/vpx_config_x86-win32-vs12.h b/media/libvpx/vpx_config_x86-win32-vs12.h
index 42525a303c..9ec6a90bee 100644
--- a/media/libvpx/vpx_config_x86-win32-vs12.h
+++ b/media/libvpx/vpx_config_x86-win32-vs12.h
@@ -31,6 +31,9 @@
#define HAVE_AVX 1
#define HAVE_AVX2 1
#define HAVE_VPX_PORTS 1
+#ifdef HAVE_STDINT_H
+#undef HAVE_STDINT_H
+#endif
#define HAVE_STDINT_H 0
#define HAVE_PTHREAD_H 0
#define HAVE_SYS_MMAN_H 0
diff --git a/media/libvpx/vpx_config_x86_64-win64-vs12.h b/media/libvpx/vpx_config_x86_64-win64-vs12.h
index 65e45f5ba3..afbaf2e43a 100644
--- a/media/libvpx/vpx_config_x86_64-win64-vs12.h
+++ b/media/libvpx/vpx_config_x86_64-win64-vs12.h
@@ -31,6 +31,9 @@
#define HAVE_AVX 1
#define HAVE_AVX2 1
#define HAVE_VPX_PORTS 1
+#ifdef HAVE_STDINT_H
+#undef HAVE_STDINT_H
+#endif
#define HAVE_STDINT_H 0
#define HAVE_PTHREAD_H 0
#define HAVE_SYS_MMAN_H 0
diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp
index 2f721fa3f5..ee60602dae 100644
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -995,25 +995,6 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx)
mRequest = req;
nsresult rv = mListener->OnStartRequest(this, mListenerContext);
mRequest = nullptr;
- NS_ENSURE_SUCCESS(rv, rv);
-
- // Restrict loadable content types.
- nsAutoCString contentType;
- GetContentType(contentType);
- auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType();
- if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) &&
- contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT &&
- contentPolicyType != nsIContentPolicy::TYPE_FETCH) {
- return NS_ERROR_CORRUPTED_CONTENT;
- }
- if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET &&
- !contentType.EqualsLiteral(TEXT_CSS)) {
- return NS_ERROR_CORRUPTED_CONTENT;
- }
- if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT &&
- !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) {
- return NS_ERROR_CORRUPTED_CONTENT;
- }
return rv;
}
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 957affa795..378745ea4c 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1593,7 +1593,10 @@ pref("network.http.spdy.default-hpack-buffer", 65536); // 64k
// alt-svc allows separation of transport routing from
// the origin host without using a proxy.
pref("network.http.altsvc.enabled", true);
-pref("network.http.altsvc.oe", true);
+// Opportunistic encryption use of alt-svc
+pref("network.http.altsvc.oe", false);
+// Send upgrade-insecure-requests HTTP header?
+pref("network.http.upgrade-insecure-requests", false);
pref("network.http.diagnostics", false);
@@ -4977,7 +4980,7 @@ pref("network.captive-portal-service.maxInterval", 1500000); // 25 minutes
pref("network.captive-portal-service.backoffFactor", "5.0");
pref("network.captive-portal-service.enabled", false);
-pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/success.txt");
+pref("captivedetect.canonicalURL", "http://detectportal.palemoon.org/success.txt");
pref("captivedetect.canonicalContent", "success\n");
pref("captivedetect.maxWaitingTime", 5000);
pref("captivedetect.pollingTime", 3000);
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index bb0b3ca774..be5539a02f 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel()
, mPushedStream(nullptr)
, mLocalBlocklist(false)
, mWarningReporter(nullptr)
+ , mSendUpgradeRequest(false)
, mDidReval(false)
{
LOG(("Creating nsHttpChannel [this=%p]\n", this));
mChannelCreationTime = PR_Now();
mChannelCreationTimestamp = TimeStamp::Now();
+
+ mSendUpgradeRequest =
+ Preferences::GetBool("network.http.upgrade-insecure-requests", false);
}
nsHttpChannel::~nsHttpChannel()
@@ -377,8 +381,9 @@ nsHttpChannel::Connect()
mLoadInfo->GetExternalContentPolicyType() :
nsIContentPolicy::TYPE_OTHER;
- if (type == nsIContentPolicy::TYPE_DOCUMENT ||
- type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+ if (mSendUpgradeRequest &&
+ (type == nsIContentPolicy::TYPE_DOCUMENT ||
+ type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
NS_LITERAL_CSTRING("1"), false);
NS_ENSURE_SUCCESS(rv, rv);
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
index 2e24d6e81c..152cf1503d 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -597,6 +597,10 @@ private:
HttpChannelSecurityWarningReporter* mWarningReporter;
RefPtr<ADivertableParentChannel> mParentChannel;
+
+ // Whether we send opportunistic encryption requests.
+ bool mSendUpgradeRequest;
+
protected:
virtual void DoNotifyListenerCleanup() override;