Replace NetworkError::CorsViolation and NetworkError::SecurityBlock with granular enum variants

Signed-off-by: Uthman Yahaya Baba <uthmanyahayababa@gmail.com>
2025-08-09 23:45:35 +01:00 · 2025-04-22 15:57:47 +01:00 · 2025-04-22 15:57:47 +01:00 · 5f62b175fe
commit 5f62b175fe
parent fe4e90d7dc
3 changed files with 29 additions and 20 deletions
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@ -283,7 +283,7 @@ pub async fn main_fetch(

    if check_result == csp::CheckResult::Blocked {
        warn!("Request blocked by CSP");
-        response = Some(Response::network_error(NetworkError::SecurityBlock))
+        response = Some(Response::network_error(NetworkError::ContentSecurityPolicy))
    }
    if should_request_be_blocked_due_to_a_bad_port(&request.current_url()) {
        response = Some(Response::network_error(NetworkError::InvalidPort));
@ -363,11 +363,11 @@ pub async fn main_fetch(
                // Substep 2. Return the result of running scheme fetch given fetchParams.
                scheme_fetch(fetch_params, cache, target, done_chan, context).await
            } else if request.mode == RequestMode::SameOrigin {
-                Response::network_error(NetworkError::CorsViolation)
+                Response::network_error(NetworkError::CrossOriginResponse)
            } else if request.mode == RequestMode::NoCors {
                // Substep 1. If request’s redirect mode is not "follow", then return a network error.
                if request.redirect_mode != RedirectMode::Follow {
-                    Response::network_error(NetworkError::CorsViolation)
+                    Response::network_error(NetworkError::RedirectError)
                } else {
                    // Substep 2. Set request’s response tainting to "opaque".
                    request.response_tainting = ResponseTainting::Opaque;
@ -511,11 +511,11 @@ pub async fn main_fetch(

        let internal_response = if should_replace_with_nosniff_error {
            // Defer rebinding result
-            blocked_error_response = Response::network_error(NetworkError::SecurityBlock);
+            blocked_error_response = Response::network_error(NetworkError::Nosniff);
            &blocked_error_response
        } else if should_replace_with_mime_type_error {
            // Defer rebinding result
-            blocked_error_response = Response::network_error(NetworkError::SecurityBlock);
+            blocked_error_response = Response::network_error(NetworkError::MimeType);
            &blocked_error_response
        } else if should_replace_with_mixed_content {
            blocked_error_response = Response::network_error(NetworkError::MixedContent);
@ -579,7 +579,7 @@ pub async fn main_fetch(
        if response.termination_reason.is_none() &&
            !is_response_integrity_valid(integrity_metadata, &response)
        {
-            Response::network_error(NetworkError::SecurityBlock)
+            Response::network_error(NetworkError::SubresourceIntegrity)
        } else {
            response
        }
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@ -843,7 +843,7 @@ pub async fn http_fetch(

        // Substep 4
        if cors_flag && cors_check(&fetch_params.request, &fetch_result).is_err() {
-            return Response::network_error(NetworkError::CorsViolation);
+            return Response::network_error(NetworkError::CorsGeneral);
        }

        fetch_result.return_internal = false;
@ -1036,7 +1036,7 @@ pub async fn http_redirect_fetch(
    let has_credentials = has_credentials(&location_url);

    if request.mode == RequestMode::CorsMode && !same_origin && has_credentials {
-        return Response::network_error(NetworkError::CorsViolation);
+        return Response::network_error(NetworkError::CorsCredentials);
    }

    // Step 9
@ -1046,7 +1046,7 @@ pub async fn http_redirect_fetch(

    // Step 10
    if cors_flag && has_credentials {
-        return Response::network_error(NetworkError::CorsViolation);
+        return Response::network_error(NetworkError::CorsCredentials);
    }

    // Step 11: If internalResponse’s status is not 303, request’s body is non-null, and request’s
@ -1601,7 +1601,7 @@ async fn http_network_or_cache_fetch(
        cross_origin_resource_policy_check(http_request, &response) ==
            CrossOriginResourcePolicy::Blocked
    {
-        return Response::network_error(NetworkError::CorsViolation);
+        return Response::network_error(NetworkError::CorsGeneral);
    }

    // TODO(#33616): Step 11. Set response’s URL list to a clone of httpRequest’s URL list.
@ -2169,7 +2169,7 @@ async fn cors_preflight_fetch(
                Some(methods) => methods.iter().collect(),
                // Substep 3
                None => {
-                    return Response::network_error(NetworkError::CorsViolation);
+                    return Response::network_error(NetworkError::CorsAllowMethods);
                },
            }
        } else {
@ -2185,7 +2185,7 @@ async fn cors_preflight_fetch(
                Some(names) => names.iter().collect(),
                // Substep 3
                None => {
-                    return Response::network_error(NetworkError::CorsViolation);
+                    return Response::network_error(NetworkError::CorsAllowHeaders);
                },
            }
        } else {
@ -2210,7 +2210,7 @@ async fn cors_preflight_fetch(
            (request.credentials_mode == CredentialsMode::Include ||
                methods.iter().all(|m| m.as_ref() != "*"))
        {
-            return Response::network_error(NetworkError::CorsViolation);
+            return Response::network_error(NetworkError::CorsMethod);
        }

        debug!(
@ -2223,7 +2223,7 @@ async fn cors_preflight_fetch(
            is_cors_non_wildcard_request_header_name(name) &&
                header_names.iter().all(|hn| hn != name)
        }) {
-            return Response::network_error(NetworkError::CorsViolation);
+            return Response::network_error(NetworkError::CorsAuthorization);
        }

        // Substep 7
@ -2236,7 +2236,7 @@ async fn cors_preflight_fetch(
                (request.credentials_mode == CredentialsMode::Include ||
                    !header_names_contains_star)
            {
-                return Response::network_error(NetworkError::CorsViolation);
+                return Response::network_error(NetworkError::CorsHeaders);
            }
        }

@ -2266,7 +2266,7 @@ async fn cors_preflight_fetch(
    }

    // Step 8
-    Response::network_error(NetworkError::CorsViolation)
+    Response::network_error(NetworkError::CorsGeneral)
 }

 /// [CORS check](https://fetch.spec.whatwg.org#concept-cors-check)
--- a/components/shared/net/lib.rs
+++ b/components/shared/net/lib.rs
@ -934,17 +934,26 @@ pub enum NetworkError {
    /// Crash error, to be converted to Resource::Crash in the HTML parser.
    Crash(String),
    UnsupportedScheme,
-    CorsViolation,
+    CorsGeneral,
+    CrossOriginResponse,
+    CorsCredentials,
+    CorsAllowMethods,
+    CorsAllowHeaders,
+    CorsMethod,
+    CorsAuthorization,
+    CorsHeaders,
    ConnectionFailure,
-    Timeout,
    RedirectError,
    InvalidMethod,
    ResourceError,
-    SecurityBlock,
+    ContentSecurityPolicy,
+    Nosniff,
+    MimeType,
+    SubresourceIntegrity,
    MixedContent,
    CacheError,
    InvalidPort,
-    LocalDirectoryError,
+    LocalDirectoryError, 
 }

 impl NetworkError {