mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-15 03:15:09 -05:00
c3499ad6b8
* gnu/packages/patches/icecat-CVE-2015-4477.patch, gnu/packages/patches/icecat-CVE-2015-7207.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1954.patch, gnu/packages/patches/icecat-CVE-2016-1960.patch, gnu/packages/patches/icecat-CVE-2016-1961.patch, gnu/packages/patches/icecat-CVE-2016-1962.patch, gnu/packages/patches/icecat-CVE-2016-1964.patch, gnu/packages/patches/icecat-CVE-2016-1965.patch, gnu/packages/patches/icecat-CVE-2016-1966.patch, gnu/packages/patches/icecat-CVE-2016-1974.patch, gnu/packages/patches/icecat-bug-1248851.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
32 lines
1.3 KiB
Diff
32 lines
1.3 KiB
Diff
Copied from upstream:
|
|
https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/a5c4c18849b4
|
|
|
|
# HG changeset patch
|
|
# User Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
|
|
# Date 1456157874 28800
|
|
# Node ID a5c4c18849b486ef8693e20421b69239a2cbe574
|
|
# Parent e93aeb25e2a44df8d22f5a065b4410620e2c8730
|
|
Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu
|
|
|
|
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
|
|
--- a/dom/security/nsCSPContext.cpp
|
|
+++ b/dom/security/nsCSPContext.cpp
|
|
@@ -798,16 +798,17 @@ nsCSPContext::SendReports(nsISupports* a
|
|
(NS_SUCCEEDED(reportURI->SchemeIs("https", &isHttpScheme)) && isHttpScheme);
|
|
|
|
if (!isHttpScheme) {
|
|
const char16_t* params[] = { reportURIs[r].get() };
|
|
CSP_LogLocalizedStr(NS_LITERAL_STRING("reportURInotHttpsOrHttp2").get(),
|
|
params, ArrayLength(params),
|
|
aSourceFile, aScriptSample, aLineNum, 0,
|
|
nsIScriptError::errorFlag, "CSP", mInnerWindowID);
|
|
+ continue;
|
|
}
|
|
|
|
// make sure this is an anonymous request (no cookies) so in case the
|
|
// policy URI is injected, it can't be abused for CSRF.
|
|
nsLoadFlags flags;
|
|
rv = reportChannel->GetLoadFlags(&flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
flags |= nsIRequest::LOAD_ANONYMOUS;
|
|
|