Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 04:30:10 +01:00
Code Issues Projects Releases Packages Wiki Activity

Auto merge of #16160 - nox:tungstenite, r=jdm

Browse source 
Some enhancements in the net crate

See the individual commits.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16160)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2017-03-29 03:33:53 -05:00 committed by GitHub
commit 299f9446e6
4 changed files with 50 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

8
components/net/connector.rs
View file

@ -27,15 +27,19 @@ const DEFAULT_CIPHERS: &'static str = concat!(
"AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA"
);
pub fn create_http_connector(certificate_file: &str) -> Arc<Pool<Connector>> {
pub fn create_ssl_context(certificate_file: &str) -> Arc<SslContext> {
let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
context.set_CA_file(&resources_dir_path()
.expect("Need certificate file to make network requests")
.join(certificate_file)).unwrap();
context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
Arc::new(context)
}
pub fn create_http_connector(ssl_context: Arc<SslContext>) -> Arc<Pool<Connector>> {
let connector = HttpsConnector::new(ServoSslClient {
context: Arc::new(context)
context: ssl_context,
});
Arc::new(Pool::with_connector(Default::default(), connector))

38
components/net/fetch/methods.rs
View file

@ -11,7 +11,8 @@ use http_loader::{HttpState, determine_request_referrer, http_fetch, set_default
use hyper::Error;
use hyper::error::Result as HyperResult;
use hyper::header::{Accept, AcceptLanguage, ContentLanguage, ContentType};
use hyper::header::{Header, HeaderFormat, HeaderView, QualityItem, Referer as RefererHeader, q, qitem};
use hyper::header::{Header, HeaderFormat, HeaderView, Headers, QualityItem};
use hyper::header::{Referer as RefererHeader, q, qitem};
use hyper::method::Method;
use hyper::mime::{Mime, SubLevel, TopLevel};
use hyper::status::StatusCode;
@ -282,13 +283,14 @@ pub fn main_fetch(request: Rc<Request>,
// Step 16
// TODO Blocking for CSP, mixed content, MIME type
let blocked_error_response;
let internal_response = if !response.is_network_error() && should_block_nosniff(&request, &response) {
// Defer rebinding result
blocked_error_response = Response::network_error(NetworkError::Internal("Blocked by nosniff".into()));
&blocked_error_response
} else {
internal_response
};
let internal_response =
if !response.is_network_error() && should_be_blocked_due_to_nosniff(request.type_, &response.headers) {
// Defer rebinding result
blocked_error_response = Response::network_error(NetworkError::Internal("Blocked by nosniff".into()));
&blocked_error_response
} else {
internal_response
};
// Step 17
// We check `internal_response` since we did not mutate `response` in the previous step.
@ -525,7 +527,7 @@ fn is_null_body_status(status: &Option<StatusCode>) -> bool {
}
/// https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?
fn should_block_nosniff(request: &Request, response: &Response) -> bool {
fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &Headers) -> bool {
/// https://fetch.spec.whatwg.org/#x-content-type-options-header
/// This is needed to parse `X-Content-Type-Options` according to spec,
/// which requires that we inspect only the first value.
@ -533,7 +535,7 @@ fn should_block_nosniff(request: &Request, response: &Response) -> bool {
/// A [unit-like struct](https://doc.rust-lang.org/book/structs.html#unit-like-structs)
/// is sufficient since a valid header implies that we use `nosniff`.
#[derive(Debug, Clone, Copy)]
struct XContentTypeOptions();
struct XContentTypeOptions;
impl Header for XContentTypeOptions {
fn header_name() -> &'static str {
@ -545,7 +547,7 @@ fn should_block_nosniff(request: &Request, response: &Response) -> bool {
raw.first()
.and_then(|v| str::from_utf8(v).ok())
.and_then(|s| match s.trim().to_lowercase().as_str() {
"nosniff" => Some(XContentTypeOptions()),
"nosniff" => Some(XContentTypeOptions),
_ => None
})
.ok_or(Error::Header)
@ -558,16 +560,14 @@ fn should_block_nosniff(request: &Request, response: &Response) -> bool {
}
}
match response.headers.get::<XContentTypeOptions>() {
None => return false, // Step 1
_ => () // Step 2 & 3 are implemented by the XContentTypeOptions struct
};
// Steps 1-3.
if response_headers.get::<XContentTypeOptions>().is_none() {
return false;
}
// Step 4
// Note: an invalid MIME type will produce a `None`.
let content_type_header = response.headers.get::<ContentType>();
// Step 5
let type_ = request.type_;
let content_type_header = response_headers.get::<ContentType>();
/// https://html.spec.whatwg.org/multipage/#scriptingLanguages
#[inline]
@ -596,7 +596,7 @@ fn should_block_nosniff(request: &Request, response: &Response) -> bool {
let text_css: Mime = mime!(Text / Css);
// Assumes str::starts_with is equivalent to mime::TopLevel
return match type_ {
return match request_type {
// Step 6
Type::Script => {
match content_type_header {

23
components/net/http_loader.rs
View file

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
use brotli::Decompressor;
use connector::{Connector, create_http_connector};
use connector::{Connector, create_http_connector, create_ssl_context};
use cookie;
use cookie_storage::CookieStorage;
use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg, HttpRequest as DevtoolsHttpRequest};
@ -77,11 +77,12 @@ pub struct HttpState {
impl HttpState {
pub fn new(certificate_path: &str) -> HttpState {
let ssl_context = create_ssl_context(certificate_path);
HttpState {
hsts_list: Arc::new(RwLock::new(HstsList::new())),
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
connector_pool: create_http_connector(certificate_path),
connector_pool: create_http_connector(ssl_context),
}
}
}
@ -629,11 +630,7 @@ pub fn http_fetch(request: Rc<Request>,
// Step 5
match response.actual_response().status {
// Code 301, 302, 303, 307, 308
Some(StatusCode::MovedPermanently) |
Some(StatusCode::Found) |
Some(StatusCode::SeeOther) |
Some(StatusCode::TemporaryRedirect) |
Some(StatusCode::PermanentRedirect) => {
status if status.map_or(false, is_redirect_status) => {
response = match request.redirect_mode.get() {
RedirectMode::Error => Response::network_error(NetworkError::Internal("Redirect mode error".into())),
RedirectMode::Manual => {
@ -1418,3 +1415,15 @@ fn response_needs_revalidation(_response: &Response) -> bool {
// TODO this function
false
}
/// https://fetch.spec.whatwg.org/#redirect-status
fn is_redirect_status(status: StatusCode) -> bool {
match status {
StatusCode::MovedPermanently |
StatusCode::Found |
StatusCode::SeeOther |
StatusCode::TemporaryRedirect |
StatusCode::PermanentRedirect => true,
_ => false,
}
}

13
components/net/resource_thread.rs
View file

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
//! A thread that takes a URL and streams back the binary data.
use connector::{Connector, create_http_connector};
use connector::{Connector, create_http_connector, create_ssl_context};
use cookie;
use cookie_rs;
use cookie_storage::CookieStorage;
@ -21,6 +21,7 @@ use net_traits::{CustomResponseMediator, ResourceId};
use net_traits::{ResourceThreads, WebSocketCommunicate, WebSocketConnectData};
use net_traits::request::{Request, RequestInit};
use net_traits::storage_thread::StorageThreadMsg;
use openssl::ssl::SslContext;
use profile_traits::time::ProfilerChan;
use serde::{Deserialize, Serialize};
use serde_json;
@ -46,6 +47,7 @@ pub struct ResourceGroup {
cookie_jar: Arc<RwLock<CookieStorage>>,
auth_cache: Arc<RwLock<AuthCache>>,
hsts_list: Arc<RwLock<HstsList>>,
ssl_context: Arc<SslContext>,
connector: Arc<Pool<Connector>>,
}
@ -104,17 +106,20 @@ fn create_resource_groups(config_dir: Option<&Path>)
read_json_from_file(&mut hsts_list, config_dir, "hsts_list.json");
read_json_from_file(&mut cookie_jar, config_dir, "cookie_jar.json");
}
let ssl_context = create_ssl_context("certs");
let resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(cookie_jar)),
auth_cache: Arc::new(RwLock::new(auth_cache)),
hsts_list: Arc::new(RwLock::new(hsts_list.clone())),
connector: create_http_connector("certs"),
ssl_context: ssl_context.clone(),
connector: create_http_connector(ssl_context.clone()),
};
let private_resource_group = ResourceGroup {
cookie_jar: Arc::new(RwLock::new(CookieStorage::new(150))),
auth_cache: Arc::new(RwLock::new(AuthCache::new())),
hsts_list: Arc::new(RwLock::new(HstsList::new())),
connector: create_http_connector("certs"),
ssl_context: ssl_context.clone(),
connector: create_http_connector(ssl_context),
};
(resource_group, private_resource_group)
}
@ -324,7 +329,7 @@ impl CoreResourceManager {
cookie_jar: group.cookie_jar.clone(),
auth_cache: group.auth_cache.clone(),
// FIXME(#15694): use group.connector.clone() instead.
connector_pool: create_http_connector("certs"),
connector_pool: create_http_connector(group.ssl_context.clone()),
};
let ua = self.user_agent.clone();
let dc = self.devtools_chan.clone();