Implement PolicyContainer and update the default ReferrerPolicy (#33977)

* Implement PolicyContainer

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* implement small parts of fetch that interact with policy container

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* fix: allow policy container's csp list to be unset

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* fix: use the correct default policy when parsing from a token

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

---------

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

components/shared/net/lib.rs

@@ -39,6 +39,7 @@ pub mod blob_url_store;
 pub mod filemanager_thread;
 pub mod http_status;
 pub mod image_cache;
+pub mod policy_container;
 pub mod pub_domains;
 pub mod quality;
 pub mod request;
@@ -104,7 +105,7 @@ pub struct CustomResponseMediator {
 
 /// [Policies](https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-states)
 /// for providing a referrer header for a request
-#[derive(Clone, Copy, Debug, Deserialize, MallocSizeOf, Serialize)]
+#[derive(Clone, Copy, Debug, Default, Deserialize, MallocSizeOf, Serialize)]
 pub enum ReferrerPolicy {
     /// "no-referrer"
     NoReferrer,
@@ -121,6 +122,7 @@ pub enum ReferrerPolicy {
     /// "strict-origin"
     StrictOrigin,
     /// "strict-origin-when-cross-origin"
+    #[default]
     StrictOriginWhenCrossOrigin,
 }
 

components/shared/net/policy_container.rs

@@ -0,0 +1,51 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+use content_security_policy::CspList;
+use malloc_size_of_derive::MallocSizeOf;
+use serde::{Deserialize, Serialize};
+
+use crate::ReferrerPolicy;
+
+/// When a policy container is associated with a request, it has an additional state of "Client". As
+/// per the spec:
+///
+/// `"client" is changed to a policy container during fetching. It provides a convenient way for
+/// standards to not have to set request’s policy container.`
+///
+/// This can be achieved with an `Option` however this struct is used with the intent to reduce
+/// ambiguity when mapping our implementation to the spec.
+///
+/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
+#[derive(Clone, Debug, Default, Deserialize, MallocSizeOf, Serialize)]
+pub enum RequestPolicyContainer {
+    #[default]
+    Client,
+    PolicyContainer(PolicyContainer),
+}
+
+/// <https://html.spec.whatwg.org/multipage/#policy-containers>
+#[derive(Clone, Debug, Default, Deserialize, MallocSizeOf, Serialize)]
+pub struct PolicyContainer {
+    #[ignore_malloc_size_of = "Defined in rust-content-security-policy"]
+    /// <https://html.spec.whatwg.org/multipage/#policy-container-csp-list>
+    pub csp_list: Option<CspList>,
+    /// <https://html.spec.whatwg.org/multipage/#policy-container-referrer-policy>
+    pub referrer_policy: ReferrerPolicy,
+    // https://html.spec.whatwg.org/multipage/#policy-container-embedder-policy
+    // TODO: Embedder Policy
+}
+
+impl PolicyContainer {
+    pub fn new(csp_list: Option<CspList>, referrer_policy: Option<ReferrerPolicy>) -> Self {
+        PolicyContainer {
+            csp_list,
+            referrer_policy: referrer_policy.unwrap_or_default(),
+        }
+    }
+
+    pub fn set_csp_list(&mut self, csp_list: Option<CspList>) {
+        self.csp_list = csp_list;
+    }
+}

components/shared/net/request.rs

@@ -6,7 +6,7 @@ use std::sync::atomic::{AtomicUsize, Ordering};
 use std::sync::{Arc, Mutex};
 
 use base::id::PipelineId;
-use content_security_policy::{self as csp, CspList};
+use content_security_policy::{self as csp};
 use http::header::{HeaderName, AUTHORIZATION};
 use http::{HeaderMap, Method};
 use ipc_channel::ipc::{self, IpcReceiver, IpcSender};
@@ -15,6 +15,7 @@ use mime::Mime;
 use serde::{Deserialize, Serialize};
 use servo_url::{ImmutableOrigin, ServoUrl};
 
+use crate::policy_container::{PolicyContainer, RequestPolicyContainer};
 use crate::response::HttpsState;
 use crate::{ReferrerPolicy, ResourceTimingType};
 
@@ -261,17 +262,13 @@ pub struct RequestBuilder {
     pub credentials_mode: CredentialsMode,
     pub use_url_credentials: bool,
     pub origin: ImmutableOrigin,
+    pub policy_container: RequestPolicyContainer,
     // XXXManishearth these should be part of the client object
     pub referrer: Referrer,
     pub referrer_policy: Option<ReferrerPolicy>,
     pub pipeline_id: Option<PipelineId>,
     pub redirect_mode: RedirectMode,
     pub integrity_metadata: String,
-    // This is nominally a part of the client's global object.
-    // It is copied here to avoid having to reach across the thread
-    // boundary every time a redirect occurs.
-    #[ignore_malloc_size_of = "Defined in rust-content-security-policy"]
-    pub csp_list: Option<CspList>,
     // to keep track of redirects
     pub url_list: Vec<ServoUrl>,
     pub parser_metadata: ParserMetadata,
@@ -300,6 +297,7 @@ impl RequestBuilder {
             credentials_mode: CredentialsMode::CredentialsSameOrigin,
             use_url_credentials: false,
             origin: ImmutableOrigin::new_opaque(),
+            policy_container: RequestPolicyContainer::default(),
             referrer,
             referrer_policy: None,
             pipeline_id: None,
@@ -308,7 +306,6 @@ impl RequestBuilder {
             url_list: vec![],
             parser_metadata: ParserMetadata::Default,
             initiator: Initiator::None,
-            csp_list: None,
             https_state: HttpsState::None,
             response_tainting: ResponseTainting::Basic,
             crash: None,
@@ -410,13 +407,13 @@ impl RequestBuilder {
         self
     }
 
-    pub fn csp_list(mut self, csp_list: Option<CspList>) -> RequestBuilder {
-        self.csp_list = csp_list;
+    pub fn crash(mut self, crash: Option<String>) -> Self {
+        self.crash = crash;
         self
     }
 
-    pub fn crash(mut self, crash: Option<String>) -> Self {
-        self.crash = crash;
+    pub fn policy_container(mut self, policy_container: PolicyContainer) -> RequestBuilder {
+        self.policy_container = RequestPolicyContainer::PolicyContainer(policy_container);
         self
     }
 
@@ -452,9 +449,9 @@ impl RequestBuilder {
         request.url_list = url_list;
         request.integrity_metadata = self.integrity_metadata;
         request.parser_metadata = self.parser_metadata;
-        request.csp_list = self.csp_list;
         request.response_tainting = self.response_tainting;
         request.crash = self.crash;
+        request.policy_container = self.policy_container;
         request
     }
 }
@@ -525,11 +522,8 @@ pub struct Request {
     pub response_tainting: ResponseTainting,
     /// <https://fetch.spec.whatwg.org/#concept-request-parser-metadata>
     pub parser_metadata: ParserMetadata,
-    // This is nominally a part of the client's global object.
-    // It is copied here to avoid having to reach across the thread
-    // boundary every time a redirect occurs.
-    #[ignore_malloc_size_of = "Defined in rust-content-security-policy"]
-    pub csp_list: Option<CspList>,
+    /// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
+    pub policy_container: RequestPolicyContainer,
     pub https_state: HttpsState,
     /// Servo internal: if crash details are present, trigger a crash error page with these details.
     pub crash: Option<String>,
@@ -573,7 +567,7 @@ impl Request {
             parser_metadata: ParserMetadata::Default,
             redirect_count: 0,
             response_tainting: ResponseTainting::Basic,
-            csp_list: None,
+            policy_container: RequestPolicyContainer::Client,
             https_state,
             crash: None,
         }