Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-06 14:10:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

Inherit CSP for blob workers (#38033)

Browse source 
Workers created from Blobs inherit their CSP. Now we inherit the CSP and
set the correct base API url. The base API url should be used when
determining the
report-uri endpoint. Otherwise, the blob URL would be used as a base,
which is invalid and the report wouldn't be sent.

Also create a helper method to concatenate two optionals of CSPList,
which was used in several places.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-07-17 10:14:20 +02:00 committed by GitHub
parent 439cb00e31
commit 18d1a62add
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
27 changed files with 116 additions and 236 deletions
Download patch file Download diff file Expand all files Collapse all files

19
components/script/dom/servoparser/mod.rs
View file

@ -56,7 +56,7 @@ use crate::dom::bindings::settings_stack::is_execution_stack_empty;
use crate::dom::bindings::str::{DOMString, USVString};
use crate::dom::characterdata::CharacterData;
use crate::dom::comment::Comment;
use crate::dom::csp::{GlobalCspReporting, Violation, parse_csp_list_from_metadata};
use crate::dom::csp::{CspReporting, GlobalCspReporting, Violation, parse_csp_list_from_metadata};
use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLDocument};
use crate::dom::documentfragment::DocumentFragment;
use crate::dom::documenttype::DocumentType;
@ -860,21 +860,14 @@ impl ParserContext {
let Some(policy_container) = policy_container else {
return;
};
let Some(parent_csp_list) = &policy_container.csp_list else {
return;
};
let Some(parser) = self.parser.as_ref().map(|p| p.root()) else {
return;
};
let new_csp_list = match parser.document.get_csp_list() {
None => parent_csp_list.clone(),
Some(original_csp_list) => {
let mut appended_csp_list = original_csp_list.clone();
appended_csp_list.append(parent_csp_list.clone());
appended_csp_list.to_owned()
},
};
parser.document.set_csp_list(Some(new_csp_list));
let new_csp_list = parser
.document
.get_csp_list()
.concatenate(policy_container.csp_list.clone());
parser.document.set_csp_list(new_csp_list);
}
}