mirror of
https://github.com/servo/servo.git
synced 2025-08-05 05:30:08 +01:00
Auto merge of #16126 - ferjm:issue-14520-block-media-csv, r=nox
Block scripts with text/csv, audio/*, video/* and image/* mime types This patch implements step 12 of the Main Fetch section of the Fetch API standard. It blocks the load of scripts with `text/csv`, `audio/*`, `video/*` and `image/*` mime types. Credit for the logic of `should_block_mime_type` function should go to the author of #14770. - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #14520 - [X] There are tests for these changes <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16126) <!-- Reviewable:end -->
This commit is contained in:
commit
1071c3339f
4 changed files with 83 additions and 1 deletions
|
@ -244,6 +244,8 @@ pub fn main_fetch(request: &mut Request,
|
|||
let response_is_network_error = response.is_network_error();
|
||||
let should_replace_with_nosniff_error =
|
||||
!response_is_network_error && should_be_blocked_due_to_nosniff(request.type_, &response.headers);
|
||||
let should_replace_with_mime_type_error =
|
||||
!response_is_network_error && should_be_blocked_due_to_mime_type(request.type_, &response.headers);
|
||||
|
||||
// Step 15.
|
||||
let mut network_error_response = response.get_network_error().cloned().map(Response::network_error);
|
||||
|
@ -261,13 +263,16 @@ pub fn main_fetch(request: &mut Request,
|
|||
// Step 17.
|
||||
// TODO: handle blocking as mixed content.
|
||||
// TODO: handle blocking by content security policy.
|
||||
// TODO: handle blocking due to MIME type.
|
||||
let blocked_error_response;
|
||||
let internal_response =
|
||||
if should_replace_with_nosniff_error {
|
||||
// Defer rebinding result
|
||||
blocked_error_response = Response::network_error(NetworkError::Internal("Blocked by nosniff".into()));
|
||||
&blocked_error_response
|
||||
} else if should_replace_with_mime_type_error {
|
||||
// Defer rebinding result
|
||||
blocked_error_response = Response::network_error(NetworkError::Internal("Blocked by mime type".into()));
|
||||
&blocked_error_response
|
||||
} else {
|
||||
internal_response
|
||||
};
|
||||
|
@ -598,6 +603,21 @@ pub fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &H
|
|||
};
|
||||
}
|
||||
|
||||
/// https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-mime-type?
|
||||
fn should_be_blocked_due_to_mime_type(request_type: Type, response_headers: &Headers) -> bool {
|
||||
let mime_type = match response_headers.get::<ContentType>() {
|
||||
Some(header) => header,
|
||||
None => return false,
|
||||
};
|
||||
request_type == Type::Script && match *mime_type {
|
||||
ContentType(Mime(TopLevel::Audio, _, _)) |
|
||||
ContentType(Mime(TopLevel::Video, _, _)) |
|
||||
ContentType(Mime(TopLevel::Image, _, _)) => true,
|
||||
ContentType(Mime(TopLevel::Text, SubLevel::Ext(ref ext), _)) => ext == "csv",
|
||||
_ => false,
|
||||
}
|
||||
}
|
||||
|
||||
/// https://fetch.spec.whatwg.org/#block-bad-port
|
||||
pub fn should_be_blocked_due_to_bad_port(url: &ServoUrl) -> bool {
|
||||
// Step 1 is not applicable, this function just takes the URL directly.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue