From 1e164738d8ca12a5b69b6f7adfc1b79555890726 Mon Sep 17 00:00:00 2001 From: Shubham Gupta <32428749+shubhamg13@users.noreply.github.com> Date: Wed, 5 Feb 2025 20:49:56 +0800 Subject: [PATCH] Add support for Upgrade request to a potentially trustworthy URL. (#34986) * Add support for Upgrade request to a potentially trustworthy URL. Signed-off-by: Shubham Gupta * script: Support inheritable insecure request policy in documents and workers. Signed-off-by: Josh Matthews --------- Signed-off-by: Shubham Gupta Signed-off-by: Josh Matthews Co-authored-by: Shubham Gupta Co-authored-by: Josh Matthews --- components/constellation/constellation.rs | 2 + components/net/fetch/methods.rs | 95 +++++++++++++++++-- components/net/tests/http_loader.rs | 2 + .../script/dom/dedicatedworkerglobalscope.rs | 11 ++- components/script/dom/document.rs | 38 +++++++- components/script/dom/domimplementation.rs | 2 + components/script/dom/domparser.rs | 2 + components/script/dom/eventsource.rs | 1 + components/script/dom/globalscope.rs | 14 ++- components/script/dom/htmlformelement.rs | 1 + components/script/dom/htmliframeelement.rs | 3 + components/script/dom/htmlimageelement.rs | 1 + components/script/dom/htmllinkelement.rs | 6 +- components/script/dom/htmlmediaelement.rs | 1 + components/script/dom/htmlscriptelement.rs | 6 +- components/script/dom/location.rs | 1 + components/script/dom/node.rs | 1 + components/script/dom/request.rs | 1 + .../script/dom/serviceworkerglobalscope.rs | 7 +- components/script/dom/servoparser/mod.rs | 1 + components/script/dom/servoparser/prefetch.rs | 10 +- components/script/dom/websocket.rs | 1 + components/script/dom/windowproxy.rs | 2 + components/script/dom/worker.rs | 1 + components/script/dom/workerglobalscope.rs | 14 ++- components/script/dom/xmldocument.rs | 5 + components/script/dom/xmlhttprequest.rs | 2 + components/script/fetch.rs | 7 +- components/script/links.rs | 1 + components/script/navigation.rs | 9 +- components/script/script_thread.rs | 1 + components/script/stylesheet_loader.rs | 1 + components/shared/net/request.rs | 29 +++++- components/shared/script/lib.rs | 6 +- components/webdriver_server/lib.rs | 1 + .../upgrade/fetch.https.html.ini | 18 ---- .../upgrade/img-tag.https.html.ini | 18 ---- .../upgrade/worker-classic.https.html.ini | 9 -- .../upgrade/worker-module.https.html.ini | 9 -- .../upgrade/xhr.https.html.ini | 18 ---- .../upgrade/fetch.https.html.ini | 18 ---- .../upgrade/img-tag.https.html.ini | 18 ---- .../upgrade/worker-classic.https.html.ini | 9 -- .../upgrade/worker-module.https.html.ini | 9 -- .../upgrade/xhr.https.html.ini | 18 ---- .../top.http-rp/upgrade/fetch.https.html.ini | 18 ---- .../upgrade/img-tag.https.html.ini | 18 ---- .../upgrade/worker-classic.https.html.ini | 9 -- .../upgrade/worker-module.https.html.ini | 9 -- .../top.http-rp/upgrade/xhr.https.html.ini | 18 ---- .../gen/top.meta/upgrade/fetch.https.html.ini | 18 ---- .../top.meta/upgrade/img-tag.https.html.ini | 18 ---- .../upgrade/worker-classic.https.html.ini | 9 -- .../upgrade/worker-module.https.html.ini | 9 -- .../gen/top.meta/upgrade/xhr.https.html.ini | 18 ---- .../upgrade/fetch.https.html.ini | 18 ---- .../upgrade/xhr.https.html.ini | 18 ---- 57 files changed, 264 insertions(+), 346 deletions(-) delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/fetch.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/img-tag.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/xhr.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/fetch.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/img-tag.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/xhr.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/fetch.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/img-tag.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/xhr.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/fetch.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/img-tag.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/xhr.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/fetch.https.html.ini delete mode 100644 tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/xhr.https.html.ini diff --git a/components/constellation/constellation.rs b/components/constellation/constellation.rs index 1bcb616dd9c..f26a91290bc 100644 --- a/components/constellation/constellation.rs +++ b/components/constellation/constellation.rs @@ -1350,6 +1350,7 @@ where Referrer::NoReferrer, ReferrerPolicy::EmptyString, None, + None, ); let ctx_id = BrowsingContextId::from(top_level_browsing_context_id); let pipeline_id = match self.browsing_contexts.get(&ctx_id) { @@ -2976,6 +2977,7 @@ where Referrer::NoReferrer, ReferrerPolicy::EmptyString, None, + None, ); let sandbox = IFrameSandboxState::IFrameUnsandboxed; let is_private = false; diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 828d524b40f..99bdd48bd16 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -14,17 +14,17 @@ use crossbeam_channel::Sender; use devtools_traits::DevtoolsControlMsg; use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt}; use http::header::{self, HeaderMap, HeaderName}; -use http::{Method, StatusCode}; +use http::{HeaderValue, Method, StatusCode}; use ipc_channel::ipc; -use log::warn; +use log::{debug, trace, warn}; use mime::{self, Mime}; use net_traits::filemanager_thread::{FileTokenCheck, RelativePos}; use net_traits::http_status::HttpStatus; use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer}; use net_traits::request::{ is_cors_safelisted_method, is_cors_safelisted_request_header, BodyChunkRequest, - BodyChunkResponse, CredentialsMode, Destination, Origin, RedirectMode, Referrer, Request, - RequestMode, ResponseTainting, Window, + BodyChunkResponse, CredentialsMode, Destination, InsecureRequestsPolicy, Origin, RedirectMode, + Referrer, Request, RequestMode, ResponseTainting, Window, }; use net_traits::response::{Response, ResponseBody, ResponseType}; use net_traits::{ @@ -251,8 +251,32 @@ pub async fn main_fetch( // Step 3. // TODO: handle request abort. - // Step 4. - // TODO: handle upgrade to a potentially secure URL. + // Step 4. Upgrade request to a potentially trustworthy URL, if appropriate. + if should_upgrade_request_to_potentially_trustworty(request, context) { + trace!( + "upgrading {} targeting {:?}", + request.current_url(), + request.destination + ); + if let Some(new_scheme) = match request.current_url().scheme() { + "http" => Some("https"), + "ws" => Some("wss"), + _ => None, + } { + request + .current_url_mut() + .as_mut_url() + .set_scheme(new_scheme) + .unwrap(); + } + } else { + trace!( + "not upgrading {} targeting {:?} with {:?}", + request.current_url(), + request.destination, + request.insecure_requests_policy + ); + } // Step 5. if should_be_blocked_due_to_bad_port(&request.current_url()) { @@ -881,3 +905,62 @@ fn is_bad_port(port: u16) -> bool { BAD_PORTS.binary_search(&port).is_ok() } + +// TODO : Investigate and need to revisit again +pub fn is_form_submission_request(request: &Request) -> bool { + let content_type = request.headers.typed_get::(); + content_type.is_some_and(|ct| { + let mime: Mime = ct.into(); + mime.type_() == mime::APPLICATION && mime.subtype() == mime::WWW_FORM_URLENCODED + }) +} + +/// +fn should_upgrade_request_to_potentially_trustworty( + request: &mut Request, + context: &FetchContext, +) -> bool { + fn should_upgrade_navigation_request(request: &Request) -> bool { + // Step 2.1 If request is a form submission, skip the remaining substeps, and continue upgrading request. + if is_form_submission_request(request) { + return true; + } + + // Step 2.2 + // TODO If request’s client's target browsing context is a nested browsing context + + // Step 2.4 + // TODO : check for insecure navigation set after its implemention + + // Step 2.5 Return without further modifying request + false + } + + // Step 1. If request is a navigation request, + if request.is_navigation_request() { + // Append a header named Upgrade-Insecure-Requests with a value of 1 to + // request’s header list if any of the following criteria are met: + // * request’s URL is not a potentially trustworthy URL + // * request’s URL's host is not a preloadable HSTS host + if !request.current_url().is_origin_trustworthy() || + !context + .state + .hsts_list + .read() + .unwrap() + .is_host_secure(request.current_url().host_str().unwrap()) + { + debug!("Appending the Upgrade-Insecure-Requests header to request’s header list"); + request + .headers + .insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1")); + } + + if !should_upgrade_navigation_request(request) { + return false; + } + } + + // Step 4 + request.insecure_requests_policy == InsecureRequestsPolicy::Upgrade +} diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index 793a73826dd..51853279c3a 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -171,6 +171,7 @@ fn test_check_default_headers_loaded_in_every_request() { HeaderName::from_static("sec-fetch-user"), HeaderValue::from_static("?1"), ); + headers.insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1")); *expected_headers.lock().unwrap() = Some(headers.clone()); @@ -325,6 +326,7 @@ fn test_request_and_response_data_with_network_messages() { HeaderName::from_static("sec-fetch-user"), HeaderValue::from_static("?1"), ); + headers.insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1")); let httprequest = DevtoolsHttpRequest { url: url, diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index cf732351bde..9deee2e1c9a 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -17,7 +17,8 @@ use js::jsval::UndefinedValue; use js::rust::{CustomAutoRooter, CustomAutoRooterGuard, HandleValue}; use net_traits::image_cache::ImageCache; use net_traits::request::{ - CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder, RequestMode, + CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder, + RequestMode, }; use net_traits::IpcSend; use script_traits::{WorkerGlobalScopeInit, WorkerScriptLoadOrigin}; @@ -256,6 +257,7 @@ impl DedicatedWorkerGlobalScope { browsing_context: Option, #[cfg(feature = "webgpu")] gpu_id_hub: Arc, control_receiver: Receiver, + insecure_requests_policy: InsecureRequestsPolicy, ) -> DedicatedWorkerGlobalScope { DedicatedWorkerGlobalScope { workerglobalscope: WorkerGlobalScope::new_inherited( @@ -268,6 +270,7 @@ impl DedicatedWorkerGlobalScope { closing, #[cfg(feature = "webgpu")] gpu_id_hub, + insecure_requests_policy, ), task_queue: TaskQueue::new(receiver, own_sender.clone()), own_sender, @@ -295,6 +298,7 @@ impl DedicatedWorkerGlobalScope { browsing_context: Option, #[cfg(feature = "webgpu")] gpu_id_hub: Arc, control_receiver: Receiver, + insecure_requests_policy: InsecureRequestsPolicy, ) -> DomRoot { let cx = runtime.cx(); let scope = Box::new(DedicatedWorkerGlobalScope::new_inherited( @@ -313,6 +317,7 @@ impl DedicatedWorkerGlobalScope { #[cfg(feature = "webgpu")] gpu_id_hub, control_receiver, + insecure_requests_policy, )); unsafe { DedicatedWorkerGlobalScopeBinding::Wrap(SafeJSContext::from_ptr(cx), scope) } } @@ -336,6 +341,7 @@ impl DedicatedWorkerGlobalScope { #[cfg(feature = "webgpu")] gpu_id_hub: Arc, control_receiver: Receiver, context_sender: Sender, + insecure_requests_policy: InsecureRequestsPolicy, ) -> JoinHandle<()> { let serialized_worker_url = worker_url.to_string(); let top_level_browsing_context_id = TopLevelBrowsingContextId::installed(); @@ -377,6 +383,8 @@ impl DedicatedWorkerGlobalScope { .use_url_credentials(true) .pipeline_id(Some(pipeline_id)) .referrer_policy(referrer_policy) + .referrer_policy(referrer_policy) + .insecure_requests_policy(insecure_requests_policy) .origin(origin); let runtime = unsafe { @@ -428,6 +436,7 @@ impl DedicatedWorkerGlobalScope { #[cfg(feature = "webgpu")] gpu_id_hub, control_receiver, + insecure_requests_policy, ); // FIXME(njn): workers currently don't have a unique ID suitable for using in reporter // registration (#6631), so we instead use a random number and cross our fingers. diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index c06905a5fa5..201df933a18 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -18,7 +18,7 @@ use base::cross_process_instant::CrossProcessInstant; use base::id::WebViewId; use canvas_traits::webgl::{self, WebGLContextId, WebGLMsg}; use chrono::Local; -use content_security_policy::{self as csp, CspList}; +use content_security_policy::{self as csp, CspList, PolicyDisposition}; use cookie::Cookie; use cssparser::match_ignore_ascii_case; use devtools_traits::ScriptToDevtoolsControlMsg; @@ -41,7 +41,7 @@ use metrics::{ use mime::{self, Mime}; use net_traits::policy_container::PolicyContainer; use net_traits::pub_domains::is_pub_domain; -use net_traits::request::RequestBuilder; +use net_traits::request::{InsecureRequestsPolicy, RequestBuilder}; use net_traits::response::HttpsState; use net_traits::CookieSource::NonHTTP; use net_traits::CoreResourceMsg::{GetCookiesForUrl, SetCookiesForUrl}; @@ -506,6 +506,9 @@ pub(crate) struct Document { status_code: Option, /// is_initial_about_blank: Cell, + /// + #[no_trace] + inherited_insecure_requests_policy: Cell>, } #[allow(non_snake_case)] @@ -2355,9 +2358,10 @@ impl Document { pub(crate) fn fetch( &self, load: LoadType, - request: RequestBuilder, + mut request: RequestBuilder, listener: Listener, ) { + request = request.insecure_requests_policy(self.insecure_requests_policy()); let callback = NetworkListener { context: std::sync::Arc::new(Mutex::new(listener)), task_source: self @@ -2373,9 +2377,10 @@ impl Document { pub(crate) fn fetch_background( &self, - request: RequestBuilder, + mut request: RequestBuilder, listener: Listener, ) { + request = request.insecure_requests_policy(self.insecure_requests_policy()); let callback = NetworkListener { context: std::sync::Arc::new(Mutex::new(listener)), task_source: self @@ -3438,6 +3443,7 @@ impl Document { status_code: Option, canceller: FetchCanceller, is_initial_about_blank: bool, + inherited_insecure_requests_policy: Option, ) -> Document { let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap()); @@ -3587,9 +3593,27 @@ impl Document { visibility_state: Cell::new(DocumentVisibilityState::Hidden), status_code, is_initial_about_blank: Cell::new(is_initial_about_blank), + inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy), } } + /// Returns a policy value that should be used for fetches initiated by this document. + pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy { + if let Some(csp_list) = self.get_csp_list() { + for policy in &csp_list.0 { + if policy.contains_a_directive_whose_name_is("upgrade-insecure-requests") && + policy.disposition == PolicyDisposition::Enforce + { + return InsecureRequestsPolicy::Upgrade; + } + } + } + + self.inherited_insecure_requests_policy + .get() + .unwrap_or(InsecureRequestsPolicy::DoNotUpgrade) + } + /// Note a pending compositor event, to be processed at the next `update_the_rendering` task. pub(crate) fn note_pending_compositor_event(&self, event: CompositorEvent) { let mut pending_compositor_events = self.pending_compositor_events.borrow_mut(); @@ -3702,6 +3726,7 @@ impl Document { status_code: Option, canceller: FetchCanceller, is_initial_about_blank: bool, + inherited_insecure_requests_policy: Option, can_gc: CanGc, ) -> DomRoot { Self::new_with_proto( @@ -3720,6 +3745,7 @@ impl Document { status_code, canceller, is_initial_about_blank, + inherited_insecure_requests_policy, can_gc, ) } @@ -3741,6 +3767,7 @@ impl Document { status_code: Option, canceller: FetchCanceller, is_initial_about_blank: bool, + inherited_insecure_requests_policy: Option, can_gc: CanGc, ) -> DomRoot { let document = reflect_dom_object_with_proto( @@ -3759,6 +3786,7 @@ impl Document { status_code, canceller, is_initial_about_blank, + inherited_insecure_requests_policy, )), window, proto, @@ -3890,6 +3918,7 @@ impl Document { None, Default::default(), false, + Some(self.insecure_requests_policy()), can_gc, ); new_doc @@ -4454,6 +4483,7 @@ impl DocumentMethods for Document { None, Default::default(), false, + Some(doc.insecure_requests_policy()), can_gc, )) } diff --git a/components/script/dom/domimplementation.rs b/components/script/dom/domimplementation.rs index b9f0a2c29a9..c263ba940af 100644 --- a/components/script/dom/domimplementation.rs +++ b/components/script/dom/domimplementation.rs @@ -105,6 +105,7 @@ impl DOMImplementationMethods for DOMImplementation { DocumentActivity::Inactive, DocumentSource::NotFromParser, loader, + Some(self.document.insecure_requests_policy()), ); // Step 2-3. let maybe_elem = if qname.is_empty() { @@ -165,6 +166,7 @@ impl DOMImplementationMethods for DOMImplementation { None, Default::default(), false, + Some(self.document.insecure_requests_policy()), can_gc, ); diff --git a/components/script/dom/domparser.rs b/components/script/dom/domparser.rs index ece1360d466..5357516d71e 100644 --- a/components/script/dom/domparser.rs +++ b/components/script/dom/domparser.rs @@ -88,6 +88,7 @@ impl DOMParserMethods for DOMParser { None, Default::default(), false, + Some(doc.insecure_requests_policy()), can_gc, ); ServoParser::parse_html_document(&document, Some(s), url, can_gc); @@ -110,6 +111,7 @@ impl DOMParserMethods for DOMParser { None, Default::default(), false, + Some(doc.insecure_requests_policy()), can_gc, ); ServoParser::parse_xml_document(&document, Some(s), url, can_gc); diff --git a/components/script/dom/eventsource.rs b/components/script/dom/eventsource.rs index 0a256be112f..ba4c1dca9dc 100644 --- a/components/script/dom/eventsource.rs +++ b/components/script/dom/eventsource.rs @@ -560,6 +560,7 @@ impl EventSourceMethods for EventSource { Some(cors_attribute_state), Some(true), global.get_referrer(), + global.insecure_requests_policy(), ) .origin(global.origin().immutable().clone()) .pipeline_id(Some(global.pipeline_id())); diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 465a814192f..51d6b06b6f4 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -48,7 +48,7 @@ use net_traits::filemanager_thread::{ }; use net_traits::image_cache::ImageCache; use net_traits::policy_container::PolicyContainer; -use net_traits::request::{Referrer, RequestBuilder}; +use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBuilder}; use net_traits::response::HttpsState; use net_traits::{ fetch_async, CoreResourceMsg, CoreResourceThread, FetchResponseListener, IpcSend, @@ -2379,6 +2379,18 @@ impl GlobalScope { self.downcast::().expect("expected a Window scope") } + /// Returns a policy that should be used for fetches initiated from this global. + pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy { + if let Some(window) = self.downcast::() { + return window.Document().insecure_requests_policy(); + } + if let Some(worker) = self.downcast::() { + return worker.insecure_requests_policy(); + } + debug!("unsupported global, defaulting insecure requests policy to DoNotUpgrade"); + InsecureRequestsPolicy::DoNotUpgrade + } + /// pub(crate) fn report_an_error(&self, error_info: ErrorInfo, value: HandleValue, can_gc: CanGc) { // Step 1. diff --git a/components/script/dom/htmlformelement.rs b/components/script/dom/htmlformelement.rs index f1f54b5fa95..fc93f8ff9d8 100644 --- a/components/script/dom/htmlformelement.rs +++ b/components/script/dom/htmlformelement.rs @@ -858,6 +858,7 @@ impl HTMLFormElement { target_window.as_global_scope().get_referrer(), target_document.get_referrer_policy(), Some(target_window.as_global_scope().is_secure_context()), + Some(target_document.insecure_requests_policy()), ); // Step 22 diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index d435d326c87..8f1c973cfea 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -267,6 +267,7 @@ impl HTMLIFrameElement { window.as_global_scope().get_referrer(), document.get_referrer_policy(), Some(window.as_global_scope().is_secure_context()), + Some(document.insecure_requests_policy()), ); let element = self.upcast::(); load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc"))); @@ -357,6 +358,7 @@ impl HTMLIFrameElement { window.as_global_scope().get_referrer(), referrer_policy, Some(window.as_global_scope().is_secure_context()), + Some(document.insecure_requests_policy()), ); let pipeline_id = self.pipeline_id(); @@ -401,6 +403,7 @@ impl HTMLIFrameElement { window.as_global_scope().get_referrer(), document.get_referrer_policy(), Some(window.as_global_scope().is_secure_context()), + Some(document.insecure_requests_policy()), ); let browsing_context_id = BrowsingContextId::new(); let top_level_browsing_context_id = window.window_proxy().top_level_browsing_context_id(); diff --git a/components/script/dom/htmlimageelement.rs b/components/script/dom/htmlimageelement.rs index bbe40bfc43f..de7861ea0e7 100644 --- a/components/script/dom/htmlimageelement.rs +++ b/components/script/dom/htmlimageelement.rs @@ -423,6 +423,7 @@ impl HTMLImageElement { cors_setting_for_element(self.upcast()), None, document.global().get_referrer(), + document.insecure_requests_policy(), ) .origin(document.origin().immutable().clone()) .pipeline_id(Some(document.global().pipeline_id())) diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs index 25279a0f210..a60bdf507aa 100644 --- a/components/script/dom/htmllinkelement.rs +++ b/components/script/dom/htmllinkelement.rs @@ -14,7 +14,8 @@ use html5ever::{local_name, namespace_url, ns, LocalName, Prefix}; use js::rust::HandleObject; use net_traits::policy_container::PolicyContainer; use net_traits::request::{ - CorsSettings, Destination, Initiator, Referrer, RequestBuilder, RequestId, + CorsSettings, Destination, Initiator, InsecureRequestsPolicy, Referrer, RequestBuilder, + RequestId, }; use net_traits::{ FetchMetadata, FetchResponseListener, NetworkError, ReferrerPolicy, ResourceFetchTiming, @@ -78,6 +79,7 @@ struct LinkProcessingOptions { policy_container: PolicyContainer, source_set: Option<()>, base_url: ServoUrl, + insecure_requests_policy: InsecureRequestsPolicy, // Some fields that we don't need yet are missing } @@ -326,6 +328,7 @@ impl HTMLLinkElement { policy_container: document.policy_container().to_owned(), source_set: None, // FIXME base_url: document.borrow().base_url(), + insecure_requests_policy: document.insecure_requests_policy(), }; // Step 3. If el has an href attribute, then set options's href to the value of el's href attribute. @@ -658,6 +661,7 @@ impl LinkProcessingOptions { self.cross_origin, None, Referrer::NoReferrer, + self.insecure_requests_policy, ) .integrity_metadata(self.integrity) .policy_container(self.policy_container) diff --git a/components/script/dom/htmlmediaelement.rs b/components/script/dom/htmlmediaelement.rs index b5b1363c042..813d207c1aa 100644 --- a/components/script/dom/htmlmediaelement.rs +++ b/components/script/dom/htmlmediaelement.rs @@ -891,6 +891,7 @@ impl HTMLMediaElement { cors_setting, None, self.global().get_referrer(), + document.insecure_requests_policy(), ) .headers(headers) .origin(document.origin().immutable().clone()) diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 164a1ba2909..c9bbdf1089c 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -21,7 +21,8 @@ use js::jsval::UndefinedValue; use js::rust::{transform_str_to_source_text, CompileOptionsWrapper, HandleObject, Stencil}; use net_traits::http_status::HttpStatus; use net_traits::request::{ - CorsSettings, CredentialsMode, Destination, ParserMetadata, RequestBuilder, RequestId, + CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, + RequestBuilder, RequestId, }; use net_traits::{ FetchMetadata, FetchResponseListener, Metadata, NetworkError, ResourceFetchTiming, @@ -548,6 +549,7 @@ pub(crate) fn script_fetch_request( origin: ImmutableOrigin, pipeline_id: PipelineId, options: ScriptFetchOptions, + insecure_requests_policy: InsecureRequestsPolicy, ) -> RequestBuilder { // We intentionally ignore options' credentials_mode member for classic scripts. // The mode is initialized by create_a_potential_cors_request. @@ -558,6 +560,7 @@ pub(crate) fn script_fetch_request( cors_setting, None, options.referrer, + insecure_requests_policy, ) .origin(origin) .pipeline_id(Some(pipeline_id)) @@ -584,6 +587,7 @@ fn fetch_a_classic_script( doc.origin().immutable().clone(), script.global().pipeline_id(), options.clone(), + doc.insecure_requests_policy(), ); let request = doc.prepare_request(request); diff --git a/components/script/dom/location.rs b/components/script/dom/location.rs index e3e310c8f8e..a7e5233eb07 100644 --- a/components/script/dom/location.rs +++ b/components/script/dom/location.rs @@ -129,6 +129,7 @@ impl Location { referrer, referrer_policy, None, // Top navigation doesn't inherit secure context + Some(source_document.insecure_requests_policy()), ); self.window .load_url(history_handling, reload_triggered, load_data, can_gc); diff --git a/components/script/dom/node.rs b/components/script/dom/node.rs index 935e7f0d746..280cd23b548 100644 --- a/components/script/dom/node.rs +++ b/components/script/dom/node.rs @@ -2490,6 +2490,7 @@ impl Node { document.status_code(), Default::default(), false, + Some(document.insecure_requests_policy()), can_gc, ); DomRoot::upcast::(document) diff --git a/components/script/dom/request.rs b/components/script/dom/request.rs index 7529c2dcf7e..c032229ad75 100644 --- a/components/script/dom/request.rs +++ b/components/script/dom/request.rs @@ -112,6 +112,7 @@ fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequ .origin(global.get_url().origin()) .pipeline_id(Some(global.pipeline_id())) .https_state(global.get_https_state()) + .insecure_requests_policy(global.insecure_requests_policy()) .build() } diff --git a/components/script/dom/serviceworkerglobalscope.rs b/components/script/dom/serviceworkerglobalscope.rs index 07c44cd11f7..28942a21c7d 100644 --- a/components/script/dom/serviceworkerglobalscope.rs +++ b/components/script/dom/serviceworkerglobalscope.rs @@ -15,7 +15,9 @@ use ipc_channel::ipc::{IpcReceiver, IpcSender}; use ipc_channel::router::ROUTER; use js::jsapi::{JSContext, JS_AddInterruptCallback}; use js::jsval::UndefinedValue; -use net_traits::request::{CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder}; +use net_traits::request::{ + CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder, +}; use net_traits::{CustomResponseMediator, IpcSend}; use script_traits::{ScopeThings, ServiceWorkerMsg, WorkerGlobalScopeInit, WorkerScriptLoadOrigin}; use servo_config::pref; @@ -224,6 +226,8 @@ impl ServiceWorkerGlobalScope { closing, #[cfg(feature = "webgpu")] Arc::new(IdentityHub::default()), + InsecureRequestsPolicy::DoNotUpgrade, // FIXME: investigate what environment this value comes from for + // service workers. ), task_queue: TaskQueue::new(receiver, own_sender.clone()), own_sender, @@ -341,6 +345,7 @@ impl ServiceWorkerGlobalScope { .use_url_credentials(true) .pipeline_id(Some(pipeline_id)) .referrer_policy(referrer_policy) + .insecure_requests_policy(scope.insecure_requests_policy()) .origin(origin); let (_url, source) = match load_whole_resource( diff --git a/components/script/dom/servoparser/mod.rs b/components/script/dom/servoparser/mod.rs index 9812deb812c..7a7552e8b26 100644 --- a/components/script/dom/servoparser/mod.rs +++ b/components/script/dom/servoparser/mod.rs @@ -216,6 +216,7 @@ impl ServoParser { None, Default::default(), false, + Some(context_document.insecure_requests_policy()), can_gc, ); diff --git a/components/script/dom/servoparser/prefetch.rs b/components/script/dom/servoparser/prefetch.rs index 4c053713a06..aba27d85253 100644 --- a/components/script/dom/servoparser/prefetch.rs +++ b/components/script/dom/servoparser/prefetch.rs @@ -13,7 +13,9 @@ use html5ever::tokenizer::{ }; use html5ever::{local_name, Attribute, LocalName}; use js::jsapi::JSTracer; -use net_traits::request::{CorsSettings, CredentialsMode, ParserMetadata, Referrer}; +use net_traits::request::{ + CorsSettings, CredentialsMode, InsecureRequestsPolicy, ParserMetadata, Referrer, +}; use net_traits::{CoreResourceMsg, FetchChannels, IpcSend, ReferrerPolicy, ResourceThreads}; use servo_url::{ImmutableOrigin, ServoUrl}; @@ -53,6 +55,7 @@ impl Tokenizer { // true after the first script tag, since that is what will // block the main parser. prefetching: Cell::new(false), + insecure_requests_policy: document.insecure_requests_policy(), }; let options = Default::default(); let inner = HtmlTokenizer::new(sink, options); @@ -83,6 +86,8 @@ struct PrefetchSink { #[no_trace] resource_threads: ResourceThreads, prefetching: Cell, + #[no_trace] + insecure_requests_policy: InsecureRequestsPolicy, } /// The prefetch tokenizer produces trivial results @@ -118,6 +123,7 @@ impl TokenSink for PrefetchSink { credentials_mode: CredentialsMode::CredentialsSameOrigin, parser_metadata: ParserMetadata::ParserInserted, }, + self.insecure_requests_policy, ); let _ = self .resource_threads @@ -135,6 +141,7 @@ impl TokenSink for PrefetchSink { self.get_cors_settings(tag, local_name!("crossorigin")), None, self.referrer.clone(), + self.insecure_requests_policy, ) .origin(self.origin.clone()) .pipeline_id(Some(self.pipeline_id)) @@ -168,6 +175,7 @@ impl TokenSink for PrefetchSink { cors_setting, None, self.referrer.clone(), + self.insecure_requests_policy, ) .origin(self.origin.clone()) .pipeline_id(Some(self.pipeline_id)) diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs index d712de2b9c7..86c519f0d54 100644 --- a/components/script/dom/websocket.rs +++ b/components/script/dom/websocket.rs @@ -257,6 +257,7 @@ impl WebSocketMethods for WebSocket { let request = RequestBuilder::new(global.webview_id(), url_record, Referrer::NoReferrer) .origin(global.origin().immutable().clone()) + .insecure_requests_policy(global.insecure_requests_policy()) .mode(RequestMode::WebSocket { protocols }); let channels = FetchChannels::WebSocket { diff --git a/components/script/dom/windowproxy.rs b/components/script/dom/windowproxy.rs index 3f10d8fe603..187bddbf16c 100644 --- a/components/script/dom/windowproxy.rs +++ b/components/script/dom/windowproxy.rs @@ -312,6 +312,7 @@ impl WindowProxy { document.global().get_referrer(), document.get_referrer_policy(), None, // Doesn't inherit secure context + None, ); let load_info = AuxiliaryBrowsingContextLoadInfo { load_data: load_data.clone(), @@ -524,6 +525,7 @@ impl WindowProxy { referrer, referrer_policy, Some(secure), + Some(target_document.insecure_requests_policy()), ); let history_handling = if new { NavigationHistoryBehavior::Replace diff --git a/components/script/dom/worker.rs b/components/script/dom/worker.rs index 31c23b4f8f1..b85ee84f8ca 100644 --- a/components/script/dom/worker.rs +++ b/components/script/dom/worker.rs @@ -239,6 +239,7 @@ impl WorkerMethods for Worker { global.wgpu_id_hub(), control_receiver, context_sender, + global.insecure_requests_policy(), ); let context = context_receiver diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs index 94b709a4fa6..fe6e2c40c00 100644 --- a/components/script/dom/workerglobalscope.rs +++ b/components/script/dom/workerglobalscope.rs @@ -20,7 +20,8 @@ use js::panic::maybe_resume_unwind; use js::rust::{HandleValue, MutableHandleValue, ParentRuntime}; use net_traits::policy_container::PolicyContainer; use net_traits::request::{ - CredentialsMode, Destination, ParserMetadata, RequestBuilder as NetRequestInit, + CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, + RequestBuilder as NetRequestInit, }; use net_traits::IpcSend; use script_traits::WorkerGlobalScopeInit; @@ -127,6 +128,9 @@ pub(crate) struct WorkerGlobalScope { /// Timers are handled in the service worker event loop. #[no_trace] timer_scheduler: RefCell, + + #[no_trace] + insecure_requests_policy: InsecureRequestsPolicy, } impl WorkerGlobalScope { @@ -140,6 +144,7 @@ impl WorkerGlobalScope { devtools_receiver: Receiver, closing: Arc, #[cfg(feature = "webgpu")] gpu_id_hub: Arc, + insecure_requests_policy: InsecureRequestsPolicy, ) -> Self { // Install a pipeline-namespace in the current thread. PipelineNamespace::auto_install(); @@ -181,9 +186,15 @@ impl WorkerGlobalScope { navigation_start: CrossProcessInstant::now(), performance: Default::default(), timer_scheduler: RefCell::default(), + insecure_requests_policy, } } + /// Returns a policy value that should be used by fetches initiated by this worker. + pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy { + self.insecure_requests_policy + } + /// Clear various items when the worker event-loop shuts-down. pub(crate) fn clear_js_runtime(&self) { self.upcast::() @@ -288,6 +299,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { .parser_metadata(ParserMetadata::NotParserInserted) .use_url_credentials(true) .origin(global_scope.origin().immutable().clone()) + .insecure_requests_policy(self.insecure_requests_policy()) .pipeline_id(Some(self.upcast::().pipeline_id())); let (url, source) = match fetch::load_whole_resource( diff --git a/components/script/dom/xmldocument.rs b/components/script/dom/xmldocument.rs index 278ca246304..7669400cff8 100644 --- a/components/script/dom/xmldocument.rs +++ b/components/script/dom/xmldocument.rs @@ -4,6 +4,7 @@ use dom_struct::dom_struct; use mime::Mime; +use net_traits::request::InsecureRequestsPolicy; use script_traits::DocumentActivity; use servo_url::{MutableOrigin, ServoUrl}; @@ -41,6 +42,7 @@ impl XMLDocument { activity: DocumentActivity, source: DocumentSource, doc_loader: DocumentLoader, + inherited_insecure_requests_policy: Option, ) -> XMLDocument { XMLDocument { document: Document::new_inherited( @@ -58,6 +60,7 @@ impl XMLDocument { None, Default::default(), false, + inherited_insecure_requests_policy, ), } } @@ -74,6 +77,7 @@ impl XMLDocument { activity: DocumentActivity, source: DocumentSource, doc_loader: DocumentLoader, + inherited_insecure_requests_policy: Option, ) -> DomRoot { let doc = reflect_dom_object( Box::new(XMLDocument::new_inherited( @@ -87,6 +91,7 @@ impl XMLDocument { activity, source, doc_loader, + inherited_insecure_requests_policy, )), window, CanGc::note(), diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs index e942e865a0f..ba95dc3ffed 100644 --- a/components/script/dom/xmlhttprequest.rs +++ b/components/script/dom/xmlhttprequest.rs @@ -692,6 +692,7 @@ impl XMLHttpRequestMethods for XMLHttpRequest { .use_url_credentials(use_url_credentials) .origin(self.global().origin().immutable().clone()) .referrer_policy(self.referrer_policy) + .insecure_requests_policy(self.global().insecure_requests_policy()) .pipeline_id(Some(self.global().pipeline_id())); // step 4 (second half) @@ -1508,6 +1509,7 @@ impl XMLHttpRequest { None, Default::default(), false, + Some(doc.insecure_requests_policy()), can_gc, ) } diff --git a/components/script/fetch.rs b/components/script/fetch.rs index 65b9aed7a57..125379eee05 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -9,8 +9,8 @@ use base::id::WebViewId; use ipc_channel::ipc; use net_traits::policy_container::RequestPolicyContainer; use net_traits::request::{ - CorsSettings, CredentialsMode, Destination, Referrer, Request as NetTraitsRequest, - RequestBuilder, RequestId, RequestMode, ServiceWorkersMode, + CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, Referrer, + Request as NetTraitsRequest, RequestBuilder, RequestId, RequestMode, ServiceWorkersMode, }; use net_traits::{ cancel_async_fetch, CoreResourceMsg, CoreResourceThread, FetchChannels, FetchMetadata, @@ -121,6 +121,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder { parser_metadata: request.parser_metadata, initiator: request.initiator, policy_container: request.policy_container, + insecure_requests_policy: request.insecure_requests_policy, https_state: request.https_state, response_tainting: request.response_tainting, crash: None, @@ -373,6 +374,7 @@ pub(crate) fn create_a_potential_cors_request( cors_setting: Option, same_origin_fallback: Option, referrer: Referrer, + insecure_requests_policy: InsecureRequestsPolicy, ) -> RequestBuilder { RequestBuilder::new(webview_id, url, referrer) // https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request @@ -391,4 +393,5 @@ pub(crate) fn create_a_potential_cors_request( // Step 5 .destination(destination) .use_url_credentials(true) + .insecure_requests_policy(insecure_requests_policy) } diff --git a/components/script/links.rs b/components/script/links.rs index 9babd4c3987..1f95354f1a7 100644 --- a/components/script/links.rs +++ b/components/script/links.rs @@ -425,6 +425,7 @@ pub(crate) fn follow_hyperlink( referrer, referrer_policy, Some(secure), + Some(document.insecure_requests_policy()), ); let target = Trusted::new(target_window); let task = task!(navigate_follow_hyperlink: move || { diff --git a/components/script/navigation.rs b/components/script/navigation.rs index 0ed58ba609f..83ce10998d0 100644 --- a/components/script/navigation.rs +++ b/components/script/navigation.rs @@ -13,7 +13,9 @@ use base::id::{BrowsingContextId, PipelineId, TopLevelBrowsingContextId}; use content_security_policy::Destination; use crossbeam_channel::Sender; use http::header; -use net_traits::request::{CredentialsMode, RedirectMode, RequestBuilder, RequestMode}; +use net_traits::request::{ + CredentialsMode, InsecureRequestsPolicy, RedirectMode, RequestBuilder, RequestMode, +}; use net_traits::response::ResponseInit; use net_traits::{ fetch_async, set_default_accept_language, BoxedFetchCallback, CoreResourceThread, @@ -204,6 +206,11 @@ impl InProgressLoad { .use_url_credentials(true) .pipeline_id(Some(id)) .referrer_policy(self.load_data.referrer_policy) + .insecure_requests_policy( + self.load_data + .inherited_insecure_requests_policy + .unwrap_or(InsecureRequestsPolicy::DoNotUpgrade), + ) .headers(self.load_data.headers.clone()) .body(self.load_data.data.clone()) .redirect_mode(RedirectMode::Manual) diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 790d1917109..22eea4d8c90 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -3233,6 +3233,7 @@ impl ScriptThread { Some(metadata.status.raw_code()), incomplete.canceller, is_initial_about_blank, + incomplete.load_data.inherited_insecure_requests_policy, can_gc, ); diff --git a/components/script/stylesheet_loader.rs b/components/script/stylesheet_loader.rs index b11c75e962f..80a3f878160 100644 --- a/components/script/stylesheet_loader.rs +++ b/components/script/stylesheet_loader.rs @@ -350,6 +350,7 @@ impl StylesheetLoader<'_> { cors_setting, None, self.elem.global().get_referrer(), + document.insecure_requests_policy(), ) .origin(document.origin().immutable().clone()) .pipeline_id(Some(self.elem.global().pipeline_id())) diff --git a/components/shared/net/request.rs b/components/shared/net/request.rs index 8bedd5de35a..642f2a58bc3 100644 --- a/components/shared/net/request.rs +++ b/components/shared/net/request.rs @@ -233,6 +233,12 @@ impl RequestBody { } } +#[derive(Clone, Copy, Debug, Deserialize, MallocSizeOf, PartialEq, Serialize)] +pub enum InsecureRequestsPolicy { + DoNotUpgrade, + Upgrade, +} + #[derive(Clone, Debug, Deserialize, MallocSizeOf, Serialize)] pub struct RequestBuilder { pub id: RequestId, @@ -262,6 +268,7 @@ pub struct RequestBuilder { pub use_url_credentials: bool, pub origin: ImmutableOrigin, pub policy_container: RequestPolicyContainer, + pub insecure_requests_policy: InsecureRequestsPolicy, // XXXManishearth these should be part of the client object pub referrer: Referrer, pub referrer_policy: ReferrerPolicy, @@ -298,6 +305,7 @@ impl RequestBuilder { use_url_credentials: false, origin: ImmutableOrigin::new_opaque(), policy_container: RequestPolicyContainer::default(), + insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade, referrer, referrer_policy: ReferrerPolicy::EmptyString, pipeline_id: None, @@ -418,6 +426,14 @@ impl RequestBuilder { self } + pub fn insecure_requests_policy( + mut self, + insecure_requests_policy: InsecureRequestsPolicy, + ) -> RequestBuilder { + self.insecure_requests_policy = insecure_requests_policy; + self + } + pub fn build(self) -> Request { let mut request = Request::new( self.id, @@ -454,6 +470,7 @@ impl RequestBuilder { request.response_tainting = self.response_tainting; request.crash = self.crash; request.policy_container = self.policy_container; + request.insecure_requests_policy = self.insecure_requests_policy; request } } @@ -525,6 +542,8 @@ pub struct Request { pub parser_metadata: ParserMetadata, /// pub policy_container: RequestPolicyContainer, + /// + pub insecure_requests_policy: InsecureRequestsPolicy, pub https_state: HttpsState, /// Servo internal: if crash details are present, trigger a crash error page with these details. pub crash: Option, @@ -570,6 +589,7 @@ impl Request { redirect_count: 0, response_tainting: ResponseTainting::Basic, policy_container: RequestPolicyContainer::Client, + insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade, https_state, crash: None, } @@ -592,7 +612,14 @@ impl Request { /// pub fn is_navigation_request(&self) -> bool { - self.destination == Destination::Document + matches!( + self.destination, + Destination::Document | + Destination::Embed | + Destination::Frame | + Destination::IFrame | + Destination::Object + ) } /// diff --git a/components/shared/script/lib.rs b/components/shared/script/lib.rs index c6a026aa5ad..bc00f582921 100644 --- a/components/shared/script/lib.rs +++ b/components/shared/script/lib.rs @@ -48,7 +48,7 @@ use malloc_size_of::malloc_size_of_is_0; use malloc_size_of_derive::MallocSizeOf; use media::WindowGLContext; use net_traits::image_cache::ImageCache; -use net_traits::request::{Referrer, RequestBody}; +use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBody}; use net_traits::storage_thread::StorageType; use net_traits::{ReferrerPolicy, ResourceThreads}; use pixels::{Image, PixelFormat}; @@ -163,6 +163,8 @@ pub struct LoadData { pub srcdoc: String, /// The inherited context is Secure, None if not inherited pub inherited_secure_context: Option, + /// The inherited policy for upgrading insecure requests; None if not inherited. + pub inherited_insecure_requests_policy: Option, /// Servo internal: if crash details are present, trigger a crash error page with these details. pub crash: Option, @@ -187,6 +189,7 @@ impl LoadData { referrer: Referrer, referrer_policy: ReferrerPolicy, inherited_secure_context: Option, + inherited_insecure_requests_policy: Option, ) -> LoadData { LoadData { load_origin, @@ -201,6 +204,7 @@ impl LoadData { srcdoc: "".to_string(), inherited_secure_context, crash: None, + inherited_insecure_requests_policy, } } } diff --git a/components/webdriver_server/lib.rs b/components/webdriver_server/lib.rs index 9dcec9d6b7d..fb574ec902c 100644 --- a/components/webdriver_server/lib.rs +++ b/components/webdriver_server/lib.rs @@ -669,6 +669,7 @@ impl Handler { Referrer::NoReferrer, ReferrerPolicy::EmptyString, None, + None, ); let cmd_msg = WebDriverCommandMsg::LoadUrl( top_level_browsing_context_id, diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/fetch.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/fetch.https.html.ini deleted file mode 100644 index fc6faad77d2..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/fetch.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[fetch.https.html] - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/img-tag.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/img-tag.https.html.ini deleted file mode 100644 index cb6dbd84767..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/img-tag.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[img-tag.https.html] - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-classic.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-classic.https.html.ini deleted file mode 100644 index 4eb59410318..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-classic.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-classic.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-module.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-module.https.html.ini deleted file mode 100644 index ea11bb56f99..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-module.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-module.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/xhr.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/xhr.https.html.ini deleted file mode 100644 index 8e7eac1f2a6..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/xhr.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[xhr.https.html] - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/fetch.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/fetch.https.html.ini deleted file mode 100644 index fc6faad77d2..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/fetch.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[fetch.https.html] - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/img-tag.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/img-tag.https.html.ini deleted file mode 100644 index cb6dbd84767..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/img-tag.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[img-tag.https.html] - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-classic.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-classic.https.html.ini deleted file mode 100644 index 4eb59410318..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-classic.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-classic.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-module.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-module.https.html.ini deleted file mode 100644 index ea11bb56f99..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-module.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-module.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/xhr.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/xhr.https.html.ini deleted file mode 100644 index 8e7eac1f2a6..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/xhr.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[xhr.https.html] - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/fetch.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/fetch.https.html.ini deleted file mode 100644 index fc6faad77d2..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/fetch.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[fetch.https.html] - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/img-tag.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/img-tag.https.html.ini deleted file mode 100644 index cb6dbd84767..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/img-tag.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[img-tag.https.html] - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-classic.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-classic.https.html.ini deleted file mode 100644 index 4eb59410318..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-classic.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-classic.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-module.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-module.https.html.ini deleted file mode 100644 index ea11bb56f99..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-module.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-module.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/xhr.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/xhr.https.html.ini deleted file mode 100644 index 8e7eac1f2a6..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/xhr.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[xhr.https.html] - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/fetch.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/fetch.https.html.ini deleted file mode 100644 index fc6faad77d2..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/fetch.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[fetch.https.html] - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/img-tag.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/img-tag.https.html.ini deleted file mode 100644 index cb6dbd84767..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/img-tag.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[img-tag.https.html] - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-classic.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-classic.https.html.ini deleted file mode 100644 index 4eb59410318..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-classic.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-classic.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-module.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-module.https.html.ini deleted file mode 100644 index ea11bb56f99..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-module.https.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[worker-module.https.html] - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/xhr.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/xhr.https.html.ini deleted file mode 100644 index 8e7eac1f2a6..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/xhr.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[xhr.https.html] - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/fetch.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/fetch.https.html.ini deleted file mode 100644 index fc6faad77d2..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/fetch.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[fetch.https.html] - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.] - expected: FAIL diff --git a/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/xhr.https.html.ini b/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/xhr.https.html.ini deleted file mode 100644 index 8e7eac1f2a6..00000000000 --- a/tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/xhr.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[xhr.https.html] - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.] - expected: FAIL - - [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.] - expected: FAIL