mirror of
https://github.com/servo/servo.git
synced 2025-07-23 15:23:42 +01:00
make is_origin_trustworthy a method of ServoUrl + fix localhost handling
This commit is contained in:
parent
a7c5c97616
commit
357b486455
4 changed files with 30 additions and 46 deletions
|
@ -171,7 +171,7 @@ fn no_referrer_when_downgrade_header(
|
||||||
url: ServoUrl,
|
url: ServoUrl,
|
||||||
https_state: HttpsState,
|
https_state: HttpsState,
|
||||||
) -> Option<ServoUrl> {
|
) -> Option<ServoUrl> {
|
||||||
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
|
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
return strip_url(referrer_url, false);
|
return strip_url(referrer_url, false);
|
||||||
|
@ -183,7 +183,7 @@ fn strict_origin(
|
||||||
url: ServoUrl,
|
url: ServoUrl,
|
||||||
https_state: HttpsState,
|
https_state: HttpsState,
|
||||||
) -> Option<ServoUrl> {
|
) -> Option<ServoUrl> {
|
||||||
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
|
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
strip_url(referrer_url, true)
|
strip_url(referrer_url, true)
|
||||||
|
@ -199,34 +199,12 @@ fn strict_origin_when_cross_origin(
|
||||||
if same_origin {
|
if same_origin {
|
||||||
return strip_url(referrer_url, false);
|
return strip_url(referrer_url, false);
|
||||||
}
|
}
|
||||||
if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
|
if https_state == HttpsState::Modern && !url.is_origin_trustworthy() {
|
||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
strip_url(referrer_url, true)
|
strip_url(referrer_url, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>
|
|
||||||
fn is_origin_trustworthy(url: ServoUrl) -> bool {
|
|
||||||
match url.origin() {
|
|
||||||
// Step 1
|
|
||||||
ImmutableOrigin::Opaque(_) => false,
|
|
||||||
ImmutableOrigin::Tuple(_, _, _) => {
|
|
||||||
// Step 3
|
|
||||||
if url.scheme() == "https" || url.scheme() == "wss" {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// Step 4-5 TODO
|
|
||||||
// Step 6
|
|
||||||
if url.scheme() == "file" {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// Step 7-8 TODO
|
|
||||||
// Step 9
|
|
||||||
false
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// https://html.spec.whatwg.org/multipage/#schemelessly-same-site
|
/// https://html.spec.whatwg.org/multipage/#schemelessly-same-site
|
||||||
fn is_schemelessy_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool {
|
fn is_schemelessy_same_site(site_a: &ImmutableOrigin, site_b: &ImmutableOrigin) -> bool {
|
||||||
// Step 1
|
// Step 1
|
||||||
|
|
|
@ -72,23 +72,4 @@ impl UrlHelper {
|
||||||
pub fn SetUsername(url: &mut ServoUrl, value: USVString) {
|
pub fn SetUsername(url: &mut ServoUrl, value: USVString) {
|
||||||
let _ = quirks::set_username(url.as_mut_url(), &value.0);
|
let _ = quirks::set_username(url.as_mut_url(), &value.0);
|
||||||
}
|
}
|
||||||
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
|
||||||
pub fn is_origin_trustworthy(url: &ServoUrl) -> bool {
|
|
||||||
// Step 1
|
|
||||||
if !url.origin().is_tuple() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Step 3
|
|
||||||
if url.scheme() == "https" || url.scheme() == "wss" {
|
|
||||||
true
|
|
||||||
// Step 4
|
|
||||||
} else if url.host().is_some() {
|
|
||||||
let host = url.host_str().unwrap();
|
|
||||||
host == "127.0.0.0/8" || host == "::1/128"
|
|
||||||
// Step 6
|
|
||||||
} else {
|
|
||||||
url.scheme() == "file"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,6 @@ use crate::dom::bindings::root::Dom;
|
||||||
use crate::dom::client::Client;
|
use crate::dom::client::Client;
|
||||||
use crate::dom::promise::Promise;
|
use crate::dom::promise::Promise;
|
||||||
use crate::dom::serviceworkerregistration::ServiceWorkerRegistration;
|
use crate::dom::serviceworkerregistration::ServiceWorkerRegistration;
|
||||||
use crate::dom::urlhelper::UrlHelper;
|
|
||||||
use crate::script_thread::ScriptThread;
|
use crate::script_thread::ScriptThread;
|
||||||
use crate::task_source::dom_manipulation::DOMManipulationTaskSource;
|
use crate::task_source::dom_manipulation::DOMManipulationTaskSource;
|
||||||
use crate::task_source::TaskSource;
|
use crate::task_source::TaskSource;
|
||||||
|
@ -162,7 +161,7 @@ impl JobQueue {
|
||||||
let global = &*job.client.global();
|
let global = &*job.client.global();
|
||||||
let pipeline_id = global.pipeline_id();
|
let pipeline_id = global.pipeline_id();
|
||||||
// Step 1-3
|
// Step 1-3
|
||||||
if !UrlHelper::is_origin_trustworthy(&job.script_url) {
|
if !job.script_url.is_origin_trustworthy() {
|
||||||
// Step 1.1
|
// Step 1.1
|
||||||
reject_job_promise(
|
reject_job_promise(
|
||||||
job,
|
job,
|
||||||
|
|
|
@ -169,6 +169,32 @@ impl ServoUrl {
|
||||||
pub fn from_file_path<P: AsRef<Path>>(path: P) -> Result<Self, ()> {
|
pub fn from_file_path<P: AsRef<Path>>(path: P) -> Result<Self, ()> {
|
||||||
Ok(Self::from_url(Url::from_file_path(path)?))
|
Ok(Self::from_url(Url::from_file_path(path)?))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
||||||
|
pub fn is_origin_trustworthy(&self) -> bool {
|
||||||
|
// Step 1
|
||||||
|
if !self.origin().is_tuple() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Step 3
|
||||||
|
if self.scheme() == "https" || self.scheme() == "wss" {
|
||||||
|
true
|
||||||
|
// Steps 4-5
|
||||||
|
} else if self.host().is_some() {
|
||||||
|
let host = self.host_str().unwrap();
|
||||||
|
// Step 4
|
||||||
|
if let Ok(ip_addr) = host.parse::<IpAddr>() {
|
||||||
|
ip_addr.is_loopback()
|
||||||
|
// Step 5
|
||||||
|
} else {
|
||||||
|
host == "localhost" || host.ends_with(".localhost")
|
||||||
|
}
|
||||||
|
// Step 6
|
||||||
|
} else {
|
||||||
|
self.scheme() == "file"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl fmt::Display for ServoUrl {
|
impl fmt::Display for ServoUrl {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue