Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 23:33:43 +01:00
Code Issues Projects Releases Packages Wiki Activity

Propagate parent policy container to local iframes (#36710)

Browse source 
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.

Part of #36437

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-05-03 10:47:40 +02:00 committed by GitHub
parent 4164f76769
commit 539ca27284
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 45 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

4
components/shared/constellation/from_script_message.rs
View file

@ -22,6 +22,7 @@ use euclid::default::Size2D as UntypedSize2D;
use http::{HeaderMap, Method};
use ipc_channel::Error as IpcError;
use ipc_channel::ipc::{IpcReceiver, IpcSender};
use net_traits::policy_container::PolicyContainer;
use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBody};
use net_traits::storage_thread::StorageType;
use net_traits::{CoreResourceMsg, ReferrerPolicy, ResourceThreads};
@ -97,6 +98,8 @@ pub struct LoadData {
pub referrer: Referrer,
/// The referrer policy.
pub referrer_policy: ReferrerPolicy,
/// The policy container.
pub policy_container: Option<PolicyContainer>,
/// The source to use instead of a network response for a srcdoc document.
pub srcdoc: String,
@ -143,6 +146,7 @@ impl LoadData {
js_eval_result: None,
referrer,
referrer_policy,
policy_container: None,
srcdoc: "".to_string(),
inherited_secure_context,
crash: None,