Add support for Upgrade request to a potentially trustworthy URL. (#34986)

* Add support for Upgrade request to a potentially trustworthy URL.

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>

* script: Support inheritable insecure request policy in documents and workers.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Shubham Gupta 2025-02-05 20:49:56 +08:00 committed by GitHub
parent 7b36f2beb3
commit 1e164738d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
57 changed files with 264 additions and 346 deletions

View file

@ -233,6 +233,12 @@ impl RequestBody {
}
}
#[derive(Clone, Copy, Debug, Deserialize, MallocSizeOf, PartialEq, Serialize)]
pub enum InsecureRequestsPolicy {
DoNotUpgrade,
Upgrade,
}
#[derive(Clone, Debug, Deserialize, MallocSizeOf, Serialize)]
pub struct RequestBuilder {
pub id: RequestId,
@ -262,6 +268,7 @@ pub struct RequestBuilder {
pub use_url_credentials: bool,
pub origin: ImmutableOrigin,
pub policy_container: RequestPolicyContainer,
pub insecure_requests_policy: InsecureRequestsPolicy,
// XXXManishearth these should be part of the client object
pub referrer: Referrer,
pub referrer_policy: ReferrerPolicy,
@ -298,6 +305,7 @@ impl RequestBuilder {
use_url_credentials: false,
origin: ImmutableOrigin::new_opaque(),
policy_container: RequestPolicyContainer::default(),
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
referrer,
referrer_policy: ReferrerPolicy::EmptyString,
pipeline_id: None,
@ -418,6 +426,14 @@ impl RequestBuilder {
self
}
pub fn insecure_requests_policy(
mut self,
insecure_requests_policy: InsecureRequestsPolicy,
) -> RequestBuilder {
self.insecure_requests_policy = insecure_requests_policy;
self
}
pub fn build(self) -> Request {
let mut request = Request::new(
self.id,
@ -454,6 +470,7 @@ impl RequestBuilder {
request.response_tainting = self.response_tainting;
request.crash = self.crash;
request.policy_container = self.policy_container;
request.insecure_requests_policy = self.insecure_requests_policy;
request
}
}
@ -525,6 +542,8 @@ pub struct Request {
pub parser_metadata: ParserMetadata,
/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
pub policy_container: RequestPolicyContainer,
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
pub insecure_requests_policy: InsecureRequestsPolicy,
pub https_state: HttpsState,
/// Servo internal: if crash details are present, trigger a crash error page with these details.
pub crash: Option<String>,
@ -570,6 +589,7 @@ impl Request {
redirect_count: 0,
response_tainting: ResponseTainting::Basic,
policy_container: RequestPolicyContainer::Client,
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
https_state,
crash: None,
}
@ -592,7 +612,14 @@ impl Request {
/// <https://fetch.spec.whatwg.org/#navigation-request>
pub fn is_navigation_request(&self) -> bool {
self.destination == Destination::Document
matches!(
self.destination,
Destination::Document |
Destination::Embed |
Destination::Frame |
Destination::IFrame |
Destination::Object
)
}
/// <https://fetch.spec.whatwg.org/#subresource-request>