net: Add option to temporarily accept certs that failed the handshake.

2025-08-05 21:50:18 +01:00 · 2020-05-29 13:35:43 -04:00 · 2020-05-29 13:35:43 -04:00 · 6a6662195e
commit 6a6662195e
parent 433c154595
8 changed files with 73 additions and 13 deletions
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@ -25,7 +25,7 @@ use net_traits::request::{
 use net_traits::request::{CredentialsMode, Destination, Referrer, Request, RequestMode};
 use net_traits::response::{Response, ResponseBody, ResponseType};
 use net_traits::{FetchTaskTarget, NetworkError, ReferrerPolicy, ResourceFetchTiming};
-use net_traits::{ResourceAttribute, ResourceTimeValue};
+use net_traits::{ResourceAttribute, ResourceTimeValue, ResourceTimingType};
 use servo_arc::Arc as ServoArc;
 use servo_url::ServoUrl;
 use std::borrow::Cow;
@ -282,7 +282,10 @@ pub fn main_fetch(
            false
        };

-        if (same_origin && !cors_flag) || current_url.scheme() == "data" {
+        if (same_origin && !cors_flag) ||
+            current_url.scheme() == "data" ||
+            current_url.scheme() == "chrome"
+        {
            // Substep 1.
            request.response_tainting = ResponseTainting::Basic;

@ -606,6 +609,17 @@ fn range_not_satisfiable_error(response: &mut Response) {
    response.raw_status = Some((StatusCode::RANGE_NOT_SATISFIABLE.as_u16(), reason.into()));
 }

+fn create_blank_reply(url: ServoUrl, timing_type: ResourceTimingType) -> Response {
+    let mut response = Response::new(url, ResourceFetchTiming::new(timing_type));
+    response
+        .headers
+        .typed_insert(ContentType::from(mime::TEXT_HTML_UTF_8));
+    *response.body.lock().unwrap() = ResponseBody::Done(vec![]);
+    response.status = Some((StatusCode::OK, "OK".to_string()));
+    response.raw_status = Some((StatusCode::OK.as_u16(), b"OK".to_vec()));
+    response
+}
+
 /// [Scheme fetch](https://fetch.spec.whatwg.org#scheme-fetch)
 fn scheme_fetch(
    request: &mut Request,
@ -617,15 +631,25 @@ fn scheme_fetch(
    let url = request.current_url();

    match url.scheme() {
-        "about" if url.path() == "blank" => {
-            let mut response = Response::new(url, ResourceFetchTiming::new(request.timing_type()));
-            response
-                .headers
-                .typed_insert(ContentType::from(mime::TEXT_HTML_UTF_8));
-            *response.body.lock().unwrap() = ResponseBody::Done(vec![]);
-            response.status = Some((StatusCode::OK, "OK".to_string()));
-            response.raw_status = Some((StatusCode::OK.as_u16(), b"OK".to_vec()));
-            response
+        "about" if url.path() == "blank" => create_blank_reply(url, request.timing_type()),
+
+        "chrome" if url.path() == "allowcert" => {
+            let mut secret = None;
+            let mut cert_bytes = None;
+            for (name, value) in url.as_url().query_pairs() {
+                match &*name {
+                    "secret" => secret = Some(value),
+                    "bytes" => cert_bytes = base64::decode(value.as_bytes()).ok(),
+                    _ => (),
+                }
+            }
+            if let (Some(secret), Some(bytes)) = (secret, cert_bytes) {
+                if secret.parse() == Ok(*net_traits::PRIVILEGED_SECRET) {
+                    context.state.extra_certs.add(bytes);
+                }
+            }
+
+            create_blank_reply(url, request.timing_type())
        },

        "http" | "https" => http_fetch(