Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

make is_origin_trustworthy a method of ServoUrl + fix localhost handling

Browse source
This commit is contained in:
Alexandrov Sergey 2020-05-17 13:50:11 +03:00
parent a7c5c97616
commit 357b486455
4 changed files with 30 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

28
components/net/http_loader.rs
View file

@ -171,7 +171,7 @@ fn no_referrer_when_downgrade_header(
url: ServoUrl,
https_state: HttpsState,
) -> Option<ServoUrl> {
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
return None;
}
return strip_url(referrer_url, false);
@ -183,7 +183,7 @@ fn strict_origin(
url: ServoUrl,
https_state: HttpsState,
) -> Option<ServoUrl> {
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
return None;
}
strip_url(referrer_url, true)
@ -199,34 +199,12 @@ fn strict_origin_when_cross_origin(
if same_origin {
return strip_url(referrer_url, false);
}
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
return None;
}
strip_url(referrer_url, true)
}
/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>
fn is_origin_trustworthy(url: ServoUrl) -> bool {
match url.origin() {
// Step 1
ImmutableOrigin::Opaque(_) => false,
ImmutableOrigin::Tuple(_, _, _) => {
// Step 3
if url.scheme() == "https" || url.scheme() == "wss" {
return true;
}
// Step 4-5 TODO
// Step 6
if url.scheme() == "file" {
return true;
}
// Step 7-8 TODO
// Step 9
false
},
}
}
/// https://html.spec.whatwg.org/multipage/#schemelessly-same-site
fn is_schemelessy_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool {
// Step 1

19
components/script/dom/urlhelper.rs
View file

@ -72,23 +72,4 @@ impl UrlHelper {
pub fn SetUsername(url: &mut ServoUrl, value: USVString) {
let _ = quirks::set_username(url.as_mut_url(), &value.0);
}
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
pub fn is_origin_trustworthy(url: &ServoUrl) -> bool {
// Step 1
if !url.origin().is_tuple() {
return false;
}
// Step 3
if url.scheme() == "https" || url.scheme() == "wss" {
true
// Step 4
} else if url.host().is_some() {
let host = url.host_str().unwrap();
host == "127.0.0.0/8" || host == "::1/128"
// Step 6
} else {
url.scheme() == "file"
}
}
}

3
components/script/serviceworkerjob.rs
View file

@ -16,7 +16,6 @@ use crate::dom::bindings::root::Dom;
use crate::dom::client::Client;
use crate::dom::promise::Promise;
use crate::dom::serviceworkerregistration::ServiceWorkerRegistration;
use crate::dom::urlhelper::UrlHelper;
use crate::script_thread::ScriptThread;
use crate::task_source::dom_manipulation::DOMManipulationTaskSource;
use crate::task_source::TaskSource;
@ -162,7 +161,7 @@ impl JobQueue {
let global = &*job.client.global();
let pipeline_id = global.pipeline_id();
// Step 1-3
if !UrlHelper::is_origin_trustworthy(&job.script_url) {
if !job.script_url.is_origin_trustworthy() {
// Step 1.1
reject_job_promise(
job,

26
components/url/lib.rs
View file

@ -169,6 +169,32 @@ impl ServoUrl {
pub fn from_file_path<P: AsRef<Path>>(path: P) -> Result<Self, ()> {
Ok(Self::from_url(Url::from_file_path(path)?))
}
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
pub fn is_origin_trustworthy(&self) -> bool {
// Step 1
if !self.origin().is_tuple() {
return false;
}
// Step 3
if self.scheme() == "https" || self.scheme() == "wss" {
true
// Steps 4-5
} else if self.host().is_some() {
let host = self.host_str().unwrap();
// Step 4
if let Ok(ip_addr) = host.parse::<IpAddr>() {
ip_addr.is_loopback()
// Step 5
} else {
host == "localhost" || host.ends_with(".localhost")
}
// Step 6
} else {
self.scheme() == "file"
}
}
}
impl fmt::Display for ServoUrl {