Add support for Upgrade request to a potentially trustworthy URL. (#34986)

* Add support for Upgrade request to a potentially trustworthy URL. Signed-off-by: Shubham Gupta <shubham13297@gmail.com> * script: Support inheritable insecure request policy in documents and workers. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Shubham Gupta <shubham13297@gmail.com> Signed-off-by: Josh Matthews <josh@joshmatthews.net> Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
2025-08-06 06:00:15 +01:00 · 2025-02-05 20:49:56 +08:00 · 2025-02-05 20:49:56 +08:00 · 1e164738d8
commit 1e164738d8
parent 7b36f2beb3
57 changed files with 264 additions and 346 deletions
--- a/components/script/dom/workerglobalscope.rs
+++ b/components/script/dom/workerglobalscope.rs
@ -20,7 +20,8 @@ use js::panic::maybe_resume_unwind;
 use js::rust::{HandleValue, MutableHandleValue, ParentRuntime};
 use net_traits::policy_container::PolicyContainer;
 use net_traits::request::{
-    CredentialsMode, Destination, ParserMetadata, RequestBuilder as NetRequestInit,
+    CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
+    RequestBuilder as NetRequestInit,
 };
 use net_traits::IpcSend;
 use script_traits::WorkerGlobalScopeInit;
@ -127,6 +128,9 @@ pub(crate) struct WorkerGlobalScope {
    /// Timers are handled in the service worker event loop.
    #[no_trace]
    timer_scheduler: RefCell<TimerScheduler>,
+
+    #[no_trace]
+    insecure_requests_policy: InsecureRequestsPolicy,
 }

 impl WorkerGlobalScope {
@ -140,6 +144,7 @@ impl WorkerGlobalScope {
        devtools_receiver: Receiver<DevtoolScriptControlMsg>,
        closing: Arc<AtomicBool>,
        #[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
+        insecure_requests_policy: InsecureRequestsPolicy,
    ) -> Self {
        // Install a pipeline-namespace in the current thread.
        PipelineNamespace::auto_install();
@ -181,9 +186,15 @@ impl WorkerGlobalScope {
            navigation_start: CrossProcessInstant::now(),
            performance: Default::default(),
            timer_scheduler: RefCell::default(),
+            insecure_requests_policy,
        }
    }

+    /// Returns a policy value that should be used by fetches initiated by this worker.
+    pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
+        self.insecure_requests_policy
+    }
+
    /// Clear various items when the worker event-loop shuts-down.
    pub(crate) fn clear_js_runtime(&self) {
        self.upcast::<GlobalScope>()
@ -288,6 +299,7 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
            .parser_metadata(ParserMetadata::NotParserInserted)
            .use_url_credentials(true)
            .origin(global_scope.origin().immutable().clone())
+            .insecure_requests_policy(self.insecure_requests_policy())
            .pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));

            let (url, source) = match fetch::load_whole_resource(