Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 07:13:52 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add support for Upgrade request to a potentially trustworthy URL. (#34986)

Browse source 
* Add support for Upgrade request to a potentially trustworthy URL.

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>

* script: Support inheritable insecure request policy in documents and workers.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Shubham Gupta 2025-02-05 20:49:56 +08:00 committed by GitHub
parent 7b36f2beb3
commit 1e164738d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
57 changed files with 264 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

11
components/script/dom/dedicatedworkerglobalscope.rs
View file

@ -17,7 +17,8 @@ use js::jsval::UndefinedValue;
use js::rust::{CustomAutoRooter, CustomAutoRooterGuard, HandleValue};
use net_traits::image_cache::ImageCache;
use net_traits::request::{
CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder, RequestMode,
CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder,
RequestMode,
};
use net_traits::IpcSend;
use script_traits::{WorkerGlobalScopeInit, WorkerScriptLoadOrigin};
@ -256,6 +257,7 @@ impl DedicatedWorkerGlobalScope {
browsing_context: Option<BrowsingContextId>,
#[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
control_receiver: Receiver<DedicatedWorkerControlMsg>,
insecure_requests_policy: InsecureRequestsPolicy,
) -> DedicatedWorkerGlobalScope {
DedicatedWorkerGlobalScope {
workerglobalscope: WorkerGlobalScope::new_inherited(
@ -268,6 +270,7 @@ impl DedicatedWorkerGlobalScope {
closing,
#[cfg(feature = "webgpu")]
gpu_id_hub,
insecure_requests_policy,
),
task_queue: TaskQueue::new(receiver, own_sender.clone()),
own_sender,
@ -295,6 +298,7 @@ impl DedicatedWorkerGlobalScope {
browsing_context: Option<BrowsingContextId>,
#[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
control_receiver: Receiver<DedicatedWorkerControlMsg>,
insecure_requests_policy: InsecureRequestsPolicy,
) -> DomRoot<DedicatedWorkerGlobalScope> {
let cx = runtime.cx();
let scope = Box::new(DedicatedWorkerGlobalScope::new_inherited(
@ -313,6 +317,7 @@ impl DedicatedWorkerGlobalScope {
#[cfg(feature = "webgpu")]
gpu_id_hub,
control_receiver,
insecure_requests_policy,
));
unsafe { DedicatedWorkerGlobalScopeBinding::Wrap(SafeJSContext::from_ptr(cx), scope) }
}
@ -336,6 +341,7 @@ impl DedicatedWorkerGlobalScope {
#[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
control_receiver: Receiver<DedicatedWorkerControlMsg>,
context_sender: Sender<ThreadSafeJSContext>,
insecure_requests_policy: InsecureRequestsPolicy,
) -> JoinHandle<()> {
let serialized_worker_url = worker_url.to_string();
let top_level_browsing_context_id = TopLevelBrowsingContextId::installed();
@ -377,6 +383,8 @@ impl DedicatedWorkerGlobalScope {
.use_url_credentials(true)
.pipeline_id(Some(pipeline_id))
.referrer_policy(referrer_policy)
.referrer_policy(referrer_policy)
.insecure_requests_policy(insecure_requests_policy)
.origin(origin);
let runtime = unsafe {
@ -428,6 +436,7 @@ impl DedicatedWorkerGlobalScope {
#[cfg(feature = "webgpu")]
gpu_id_hub,
control_receiver,
insecure_requests_policy,
);
// FIXME(njn): workers currently don't have a unique ID suitable for using in reporter
// registration (#6631), so we instead use a random number and cross our fingers.

38
components/script/dom/document.rs
View file

@ -18,7 +18,7 @@ use base::cross_process_instant::CrossProcessInstant;
use base::id::WebViewId;
use canvas_traits::webgl::{self, WebGLContextId, WebGLMsg};
use chrono::Local;
use content_security_policy::{self as csp, CspList};
use content_security_policy::{self as csp, CspList, PolicyDisposition};
use cookie::Cookie;
use cssparser::match_ignore_ascii_case;
use devtools_traits::ScriptToDevtoolsControlMsg;
@ -41,7 +41,7 @@ use metrics::{
use mime::{self, Mime};
use net_traits::policy_container::PolicyContainer;
use net_traits::pub_domains::is_pub_domain;
use net_traits::request::RequestBuilder;
use net_traits::request::{InsecureRequestsPolicy, RequestBuilder};
use net_traits::response::HttpsState;
use net_traits::CookieSource::NonHTTP;
use net_traits::CoreResourceMsg::{GetCookiesForUrl, SetCookiesForUrl};
@ -506,6 +506,9 @@ pub(crate) struct Document {
status_code: Option<u16>,
/// <https://html.spec.whatwg.org/multipage/#is-initial-about:blank>
is_initial_about_blank: Cell<bool>,
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
#[no_trace]
inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
}
#[allow(non_snake_case)]
@ -2355,9 +2358,10 @@ impl Document {
pub(crate) fn fetch<Listener: FetchResponseListener + PreInvoke + Send + 'static>(
&self,
load: LoadType,
request: RequestBuilder,
mut request: RequestBuilder,
listener: Listener,
) {
request = request.insecure_requests_policy(self.insecure_requests_policy());
let callback = NetworkListener {
context: std::sync::Arc::new(Mutex::new(listener)),
task_source: self
@ -2373,9 +2377,10 @@ impl Document {
pub(crate) fn fetch_background<Listener: FetchResponseListener + PreInvoke + Send + 'static>(
&self,
request: RequestBuilder,
mut request: RequestBuilder,
listener: Listener,
) {
request = request.insecure_requests_policy(self.insecure_requests_policy());
let callback = NetworkListener {
context: std::sync::Arc::new(Mutex::new(listener)),
task_source: self
@ -3438,6 +3443,7 @@ impl Document {
status_code: Option<u16>,
canceller: FetchCanceller,
is_initial_about_blank: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
) -> Document {
let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
@ -3587,9 +3593,27 @@ impl Document {
visibility_state: Cell::new(DocumentVisibilityState::Hidden),
status_code,
is_initial_about_blank: Cell::new(is_initial_about_blank),
inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
}
}
/// Returns a policy value that should be used for fetches initiated by this document.
pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
if let Some(csp_list) = self.get_csp_list() {
for policy in &csp_list.0 {
if policy.contains_a_directive_whose_name_is("upgrade-insecure-requests") &&
policy.disposition == PolicyDisposition::Enforce
{
return InsecureRequestsPolicy::Upgrade;
}
}
}
self.inherited_insecure_requests_policy
.get()
.unwrap_or(InsecureRequestsPolicy::DoNotUpgrade)
}
/// Note a pending compositor event, to be processed at the next `update_the_rendering` task.
pub(crate) fn note_pending_compositor_event(&self, event: CompositorEvent) {
let mut pending_compositor_events = self.pending_compositor_events.borrow_mut();
@ -3702,6 +3726,7 @@ impl Document {
status_code: Option<u16>,
canceller: FetchCanceller,
is_initial_about_blank: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
can_gc: CanGc,
) -> DomRoot<Document> {
Self::new_with_proto(
@ -3720,6 +3745,7 @@ impl Document {
status_code,
canceller,
is_initial_about_blank,
inherited_insecure_requests_policy,
can_gc,
)
}
@ -3741,6 +3767,7 @@ impl Document {
status_code: Option<u16>,
canceller: FetchCanceller,
is_initial_about_blank: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
can_gc: CanGc,
) -> DomRoot<Document> {
let document = reflect_dom_object_with_proto(
@ -3759,6 +3786,7 @@ impl Document {
status_code,
canceller,
is_initial_about_blank,
inherited_insecure_requests_policy,
)),
window,
proto,
@ -3890,6 +3918,7 @@ impl Document {
None,
Default::default(),
false,
Some(self.insecure_requests_policy()),
can_gc,
);
new_doc
@ -4454,6 +4483,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
None,
Default::default(),
false,
Some(doc.insecure_requests_policy()),
can_gc,
))
}

2
components/script/dom/domimplementation.rs
View file

@ -105,6 +105,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
DocumentActivity::Inactive,
DocumentSource::NotFromParser,
loader,
Some(self.document.insecure_requests_policy()),
);
// Step 2-3.
let maybe_elem = if qname.is_empty() {
@ -165,6 +166,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
None,
Default::default(),
false,
Some(self.document.insecure_requests_policy()),
can_gc,
);

2
components/script/dom/domparser.rs
View file

@ -88,6 +88,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
None,
Default::default(),
false,
Some(doc.insecure_requests_policy()),
can_gc,
);
ServoParser::parse_html_document(&document, Some(s), url, can_gc);
@ -110,6 +111,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
None,
Default::default(),
false,
Some(doc.insecure_requests_policy()),
can_gc,
);
ServoParser::parse_xml_document(&document, Some(s), url, can_gc);

1
components/script/dom/eventsource.rs
View file

@ -560,6 +560,7 @@ impl EventSourceMethods<crate::DomTypeHolder> for EventSource {
Some(cors_attribute_state),
Some(true),
global.get_referrer(),
global.insecure_requests_policy(),
)
.origin(global.origin().immutable().clone())
.pipeline_id(Some(global.pipeline_id()));

14
components/script/dom/globalscope.rs
View file

@ -48,7 +48,7 @@ use net_traits::filemanager_thread::{
};
use net_traits::image_cache::ImageCache;
use net_traits::policy_container::PolicyContainer;
use net_traits::request::{Referrer, RequestBuilder};
use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBuilder};
use net_traits::response::HttpsState;
use net_traits::{
fetch_async, CoreResourceMsg, CoreResourceThread, FetchResponseListener, IpcSend,
@ -2379,6 +2379,18 @@ impl GlobalScope {
self.downcast::<Window>().expect("expected a Window scope")
}
/// Returns a policy that should be used for fetches initiated from this global.
pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
if let Some(window) = self.downcast::<Window>() {
return window.Document().insecure_requests_policy();
}
if let Some(worker) = self.downcast::<WorkerGlobalScope>() {
return worker.insecure_requests_policy();
}
debug!("unsupported global, defaulting insecure requests policy to DoNotUpgrade");
InsecureRequestsPolicy::DoNotUpgrade
}
/// <https://html.spec.whatwg.org/multipage/#report-the-error>
pub(crate) fn report_an_error(&self, error_info: ErrorInfo, value: HandleValue, can_gc: CanGc) {
// Step 1.

1
components/script/dom/htmlformelement.rs
View file

@ -858,6 +858,7 @@ impl HTMLFormElement {
target_window.as_global_scope().get_referrer(),
target_document.get_referrer_policy(),
Some(target_window.as_global_scope().is_secure_context()),
Some(target_document.insecure_requests_policy()),
);
// Step 22

3
components/script/dom/htmliframeelement.rs
View file

@ -267,6 +267,7 @@ impl HTMLIFrameElement {
window.as_global_scope().get_referrer(),
document.get_referrer_policy(),
Some(window.as_global_scope().is_secure_context()),
Some(document.insecure_requests_policy()),
);
let element = self.upcast::<Element>();
load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc")));
@ -357,6 +358,7 @@ impl HTMLIFrameElement {
window.as_global_scope().get_referrer(),
referrer_policy,
Some(window.as_global_scope().is_secure_context()),
Some(document.insecure_requests_policy()),
);
let pipeline_id = self.pipeline_id();
@ -401,6 +403,7 @@ impl HTMLIFrameElement {
window.as_global_scope().get_referrer(),
document.get_referrer_policy(),
Some(window.as_global_scope().is_secure_context()),
Some(document.insecure_requests_policy()),
);
let browsing_context_id = BrowsingContextId::new();
let top_level_browsing_context_id = window.window_proxy().top_level_browsing_context_id();

1
components/script/dom/htmlimageelement.rs
View file

@ -423,6 +423,7 @@ impl HTMLImageElement {
cors_setting_for_element(self.upcast()),
None,
document.global().get_referrer(),
document.insecure_requests_policy(),
)
.origin(document.origin().immutable().clone())
.pipeline_id(Some(document.global().pipeline_id()))

6
components/script/dom/htmllinkelement.rs
View file

@ -14,7 +14,8 @@ use html5ever::{local_name, namespace_url, ns, LocalName, Prefix};
use js::rust::HandleObject;
use net_traits::policy_container::PolicyContainer;
use net_traits::request::{
CorsSettings, Destination, Initiator, Referrer, RequestBuilder, RequestId,
CorsSettings, Destination, Initiator, InsecureRequestsPolicy, Referrer, RequestBuilder,
RequestId,
};
use net_traits::{
FetchMetadata, FetchResponseListener, NetworkError, ReferrerPolicy, ResourceFetchTiming,
@ -78,6 +79,7 @@ struct LinkProcessingOptions {
policy_container: PolicyContainer,
source_set: Option<()>,
base_url: ServoUrl,
insecure_requests_policy: InsecureRequestsPolicy,
// Some fields that we don't need yet are missing
}
@ -326,6 +328,7 @@ impl HTMLLinkElement {
policy_container: document.policy_container().to_owned(),
source_set: None, // FIXME
base_url: document.borrow().base_url(),
insecure_requests_policy: document.insecure_requests_policy(),
};
// Step 3. If el has an href attribute, then set options's href to the value of el's href attribute.
@ -658,6 +661,7 @@ impl LinkProcessingOptions {
self.cross_origin,
None,
Referrer::NoReferrer,
self.insecure_requests_policy,
)
.integrity_metadata(self.integrity)
.policy_container(self.policy_container)

1
components/script/dom/htmlmediaelement.rs
View file

@ -891,6 +891,7 @@ impl HTMLMediaElement {
cors_setting,
None,
self.global().get_referrer(),
document.insecure_requests_policy(),
)
.headers(headers)
.origin(document.origin().immutable().clone())

6
components/script/dom/htmlscriptelement.rs
View file

@ -21,7 +21,8 @@ use js::jsval::UndefinedValue;
use js::rust::{transform_str_to_source_text, CompileOptionsWrapper, HandleObject, Stencil};
use net_traits::http_status::HttpStatus;
use net_traits::request::{
CorsSettings, CredentialsMode, Destination, ParserMetadata, RequestBuilder, RequestId,
CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
RequestBuilder, RequestId,
};
use net_traits::{
FetchMetadata, FetchResponseListener, Metadata, NetworkError, ResourceFetchTiming,
@ -548,6 +549,7 @@ pub(crate) fn script_fetch_request(
origin: ImmutableOrigin,
pipeline_id: PipelineId,
options: ScriptFetchOptions,
insecure_requests_policy: InsecureRequestsPolicy,
) -> RequestBuilder {
// We intentionally ignore options' credentials_mode member for classic scripts.
// The mode is initialized by create_a_potential_cors_request.
@ -558,6 +560,7 @@ pub(crate) fn script_fetch_request(
cors_setting,
None,
options.referrer,
insecure_requests_policy,
)
.origin(origin)
.pipeline_id(Some(pipeline_id))
@ -584,6 +587,7 @@ fn fetch_a_classic_script(
doc.origin().immutable().clone(),
script.global().pipeline_id(),
options.clone(),
doc.insecure_requests_policy(),
);
let request = doc.prepare_request(request);

1
components/script/dom/location.rs
View file

@ -129,6 +129,7 @@ impl Location {
referrer,
referrer_policy,
None, // Top navigation doesn't inherit secure context
Some(source_document.insecure_requests_policy()),
);
self.window
.load_url(history_handling, reload_triggered, load_data, can_gc);

1
components/script/dom/node.rs
View file

@ -2490,6 +2490,7 @@ impl Node {
document.status_code(),
Default::default(),
false,
Some(document.insecure_requests_policy()),
can_gc,
);
DomRoot::upcast::<Node>(document)

1
components/script/dom/request.rs
View file

@ -112,6 +112,7 @@ fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequ
.origin(global.get_url().origin())
.pipeline_id(Some(global.pipeline_id()))
.https_state(global.get_https_state())
.insecure_requests_policy(global.insecure_requests_policy())
.build()
}

7
components/script/dom/serviceworkerglobalscope.rs
View file

@ -15,7 +15,9 @@ use ipc_channel::ipc::{IpcReceiver, IpcSender};
use ipc_channel::router::ROUTER;
use js::jsapi::{JSContext, JS_AddInterruptCallback};
use js::jsval::UndefinedValue;
use net_traits::request::{CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder};
use net_traits::request::{
CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder,
};
use net_traits::{CustomResponseMediator, IpcSend};
use script_traits::{ScopeThings, ServiceWorkerMsg, WorkerGlobalScopeInit, WorkerScriptLoadOrigin};
use servo_config::pref;
@ -224,6 +226,8 @@ impl ServiceWorkerGlobalScope {
closing,
#[cfg(feature = "webgpu")]
Arc::new(IdentityHub::default()),
InsecureRequestsPolicy::DoNotUpgrade, // FIXME: investigate what environment this value comes from for
// service workers.
),
task_queue: TaskQueue::new(receiver, own_sender.clone()),
own_sender,
@ -341,6 +345,7 @@ impl ServiceWorkerGlobalScope {
.use_url_credentials(true)
.pipeline_id(Some(pipeline_id))
.referrer_policy(referrer_policy)
.insecure_requests_policy(scope.insecure_requests_policy())
.origin(origin);
let (_url, source) = match load_whole_resource(

1
components/script/dom/servoparser/mod.rs
View file

@ -216,6 +216,7 @@ impl ServoParser {
None,
Default::default(),
false,
Some(context_document.insecure_requests_policy()),
can_gc,
);

10
components/script/dom/servoparser/prefetch.rs
View file

@ -13,7 +13,9 @@ use html5ever::tokenizer::{
};
use html5ever::{local_name, Attribute, LocalName};
use js::jsapi::JSTracer;
use net_traits::request::{CorsSettings, CredentialsMode, ParserMetadata, Referrer};
use net_traits::request::{
CorsSettings, CredentialsMode, InsecureRequestsPolicy, ParserMetadata, Referrer,
};
use net_traits::{CoreResourceMsg, FetchChannels, IpcSend, ReferrerPolicy, ResourceThreads};
use servo_url::{ImmutableOrigin, ServoUrl};
@ -53,6 +55,7 @@ impl Tokenizer {
// true after the first script tag, since that is what will
// block the main parser.
prefetching: Cell::new(false),
insecure_requests_policy: document.insecure_requests_policy(),
};
let options = Default::default();
let inner = HtmlTokenizer::new(sink, options);
@ -83,6 +86,8 @@ struct PrefetchSink {
#[no_trace]
resource_threads: ResourceThreads,
prefetching: Cell<bool>,
#[no_trace]
insecure_requests_policy: InsecureRequestsPolicy,
}
/// The prefetch tokenizer produces trivial results
@ -118,6 +123,7 @@ impl TokenSink for PrefetchSink {
credentials_mode: CredentialsMode::CredentialsSameOrigin,
parser_metadata: ParserMetadata::ParserInserted,
},
self.insecure_requests_policy,
);
let _ = self
.resource_threads
@ -135,6 +141,7 @@ impl TokenSink for PrefetchSink {
self.get_cors_settings(tag, local_name!("crossorigin")),
None,
self.referrer.clone(),
self.insecure_requests_policy,
)
.origin(self.origin.clone())
.pipeline_id(Some(self.pipeline_id))
@ -168,6 +175,7 @@ impl TokenSink for PrefetchSink {
cors_setting,
None,
self.referrer.clone(),
self.insecure_requests_policy,
)
.origin(self.origin.clone())
.pipeline_id(Some(self.pipeline_id))

1
components/script/dom/websocket.rs
View file

@ -257,6 +257,7 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
let request = RequestBuilder::new(global.webview_id(), url_record, Referrer::NoReferrer)
.origin(global.origin().immutable().clone())
.insecure_requests_policy(global.insecure_requests_policy())
.mode(RequestMode::WebSocket { protocols });
let channels = FetchChannels::WebSocket {

2
components/script/dom/windowproxy.rs
View file

@ -312,6 +312,7 @@ impl WindowProxy {
document.global().get_referrer(),
document.get_referrer_policy(),
None, // Doesn't inherit secure context
None,
);
let load_info = AuxiliaryBrowsingContextLoadInfo {
load_data: load_data.clone(),
@ -524,6 +525,7 @@ impl WindowProxy {
referrer,
referrer_policy,
Some(secure),
Some(target_document.insecure_requests_policy()),
);
let history_handling = if new {
NavigationHistoryBehavior::Replace

1
components/script/dom/worker.rs
View file

@ -239,6 +239,7 @@ impl WorkerMethods<crate::DomTypeHolder> for Worker {
global.wgpu_id_hub(),
control_receiver,
context_sender,
global.insecure_requests_policy(),
);
let context = context_receiver

14
components/script/dom/workerglobalscope.rs
View file

@ -20,7 +20,8 @@ use js::panic::maybe_resume_unwind;
use js::rust::{HandleValue, MutableHandleValue, ParentRuntime};
use net_traits::policy_container::PolicyContainer;
use net_traits::request::{
CredentialsMode, Destination, ParserMetadata, RequestBuilder as NetRequestInit,
CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
RequestBuilder as NetRequestInit,
};
use net_traits::IpcSend;
use script_traits::WorkerGlobalScopeInit;
@ -127,6 +128,9 @@ pub(crate) struct WorkerGlobalScope {
/// Timers are handled in the service worker event loop.
#[no_trace]
timer_scheduler: RefCell<TimerScheduler>,
#[no_trace]
insecure_requests_policy: InsecureRequestsPolicy,
}
impl WorkerGlobalScope {
@ -140,6 +144,7 @@ impl WorkerGlobalScope {
devtools_receiver: Receiver<DevtoolScriptControlMsg>,
closing: Arc<AtomicBool>,
#[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
insecure_requests_policy: InsecureRequestsPolicy,
) -> Self {
// Install a pipeline-namespace in the current thread.
PipelineNamespace::auto_install();
@ -181,9 +186,15 @@ impl WorkerGlobalScope {
navigation_start: CrossProcessInstant::now(),
performance: Default::default(),
timer_scheduler: RefCell::default(),
insecure_requests_policy,
}
}
/// Returns a policy value that should be used by fetches initiated by this worker.
pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
self.insecure_requests_policy
}
/// Clear various items when the worker event-loop shuts-down.
pub(crate) fn clear_js_runtime(&self) {
self.upcast::<GlobalScope>()
@ -288,6 +299,7 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
.parser_metadata(ParserMetadata::NotParserInserted)
.use_url_credentials(true)
.origin(global_scope.origin().immutable().clone())
.insecure_requests_policy(self.insecure_requests_policy())
.pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));
let (url, source) = match fetch::load_whole_resource(

5
components/script/dom/xmldocument.rs
View file

@ -4,6 +4,7 @@
use dom_struct::dom_struct;
use mime::Mime;
use net_traits::request::InsecureRequestsPolicy;
use script_traits::DocumentActivity;
use servo_url::{MutableOrigin, ServoUrl};
@ -41,6 +42,7 @@ impl XMLDocument {
activity: DocumentActivity,
source: DocumentSource,
doc_loader: DocumentLoader,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
) -> XMLDocument {
XMLDocument {
document: Document::new_inherited(
@ -58,6 +60,7 @@ impl XMLDocument {
None,
Default::default(),
false,
inherited_insecure_requests_policy,
),
}
}
@ -74,6 +77,7 @@ impl XMLDocument {
activity: DocumentActivity,
source: DocumentSource,
doc_loader: DocumentLoader,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
) -> DomRoot<XMLDocument> {
let doc = reflect_dom_object(
Box::new(XMLDocument::new_inherited(
@ -87,6 +91,7 @@ impl XMLDocument {
activity,
source,
doc_loader,
inherited_insecure_requests_policy,
)),
window,
CanGc::note(),

2
components/script/dom/xmlhttprequest.rs
View file

@ -692,6 +692,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
.use_url_credentials(use_url_credentials)
.origin(self.global().origin().immutable().clone())
.referrer_policy(self.referrer_policy)
.insecure_requests_policy(self.global().insecure_requests_policy())
.pipeline_id(Some(self.global().pipeline_id()));
// step 4 (second half)
@ -1508,6 +1509,7 @@ impl XMLHttpRequest {
None,
Default::default(),
false,
Some(doc.insecure_requests_policy()),
can_gc,
)
}