mirror of
https://github.com/servo/servo.git
synced 2025-08-05 13:40:08 +01:00
Auto merge of #23887 - servo:jdm-patch-47, r=asajeffrey
Use origin of final HTTP response as document origin I discovered surprising problems when loading pages from http://joshmatthews.net that load same-origin images and try to use them as webgl textures. Since there's a redirect from joshmatthews.net to www.joshmatthews.net, the images are not considered same-origin in Servo because the document stores the origin for the original request's URL, rather than the origin of the response that is received after processing any redirections. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23887) <!-- Reviewable:end -->
This commit is contained in:
bors-servo
GitHub
commit
73784246b8
4 changed files with 73 additions and 2 deletions
|
|
@ -3128,7 +3128,7 @@ impl ScriptThread {
|
||||||
incomplete.pipeline_id,
|
incomplete.pipeline_id,
|
||||||
incomplete.parent_info,
|
incomplete.parent_info,
|
||||||
incomplete.window_size,
|
incomplete.window_size,
|
||||||
origin,
|
origin.clone(),
|
||||||
incomplete.navigation_start,
|
incomplete.navigation_start,
|
||||||
incomplete.navigation_start_precise,
|
incomplete.navigation_start_precise,
|
||||||
self.webgl_chan.as_ref().map(|chan| chan.channel()),
|
self.webgl_chan.as_ref().map(|chan| chan.channel()),
|
||||||
|
|
@ -3212,7 +3212,7 @@ impl ScriptThread {
|
||||||
&window,
|
&window,
|
||||||
HasBrowsingContext::Yes,
|
HasBrowsingContext::Yes,
|
||||||
Some(final_url.clone()),
|
Some(final_url.clone()),
|
||||||
incomplete.origin,
|
origin,
|
||||||
is_html_document,
|
is_html_document,
|
||||||
content_type,
|
content_type,
|
||||||
last_modified,
|
last_modified,
|
||||||
|
|
|
||||||
|
|
@ -9534,6 +9534,9 @@
|
||||||
"mozilla/details_ui_opened_ref.html": [
|
"mozilla/details_ui_opened_ref.html": [
|
||||||
[]
|
[]
|
||||||
],
|
],
|
||||||
|
"mozilla/document_origin_redirect_subpage.html": [
|
||||||
|
[]
|
||||||
|
],
|
||||||
"mozilla/duplicated_scroll_ids_ref.html": [
|
"mozilla/duplicated_scroll_ids_ref.html": [
|
||||||
[]
|
[]
|
||||||
],
|
],
|
||||||
|
|
@ -11527,6 +11530,12 @@
|
||||||
{}
|
{}
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
"mozilla/document_origin_redirect.html": [
|
||||||
|
[
|
||||||
|
"mozilla/document_origin_redirect.html",
|
||||||
|
{}
|
||||||
|
]
|
||||||
|
],
|
||||||
"mozilla/document_readystate.html": [
|
"mozilla/document_readystate.html": [
|
||||||
[
|
[
|
||||||
"mozilla/document_readystate.html",
|
"mozilla/document_readystate.html",
|
||||||
|
|
@ -18601,6 +18610,14 @@
|
||||||
"3a0172826d4ff2d9a754ffb6a437055bb2cf6ec9",
|
"3a0172826d4ff2d9a754ffb6a437055bb2cf6ec9",
|
||||||
"testharness"
|
"testharness"
|
||||||
],
|
],
|
||||||
|
"mozilla/document_origin_redirect.html": [
|
||||||
|
"009c899a45482b835dad186a822859f12e0e53fd",
|
||||||
|
"testharness"
|
||||||
|
],
|
||||||
|
"mozilla/document_origin_redirect_subpage.html": [
|
||||||
|
"3e68ff395f5475e2b618147f270117f576a5b7bd",
|
||||||
|
"support"
|
||||||
|
],
|
||||||
"mozilla/document_readystate.html": [
|
"mozilla/document_readystate.html": [
|
||||||
"7ff8f66cdf74430f86ed7028294530229809d8de",
|
"7ff8f66cdf74430f86ed7028294530229809d8de",
|
||||||
"testharness"
|
"testharness"
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,22 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>A document's origin should match the origin of the final HTTP response</title>
|
||||||
|
<script src="/resources/testharness.js"></script>
|
||||||
|
<script src="/resources/testharnessreport.js"></script>
|
||||||
|
<script src="/common/get-host-info.sub.js"></script>
|
||||||
|
<body>
|
||||||
|
<script>
|
||||||
|
async_test(function(t) {
|
||||||
|
var path = new URL("document_origin_redirect_subpage.html", document.location).pathname;
|
||||||
|
var CROSS_ORIGIN_URL = new URL(path, get_host_info().HTTP_REMOTE_ORIGIN);
|
||||||
|
var SAME_ORIGIN_URL = "/common/redirect.py?location=" + CROSS_ORIGIN_URL;
|
||||||
|
console.log(SAME_ORIGIN_URL);
|
||||||
|
var iframe = document.createElement('iframe');
|
||||||
|
iframe.src = SAME_ORIGIN_URL;
|
||||||
|
document.body.appendChild(iframe);
|
||||||
|
onmessage = t.step_func_done(function(e) {
|
||||||
|
assert_true(e.data[0]);
|
||||||
|
assert_true(e.data[1]);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
|
@ -0,0 +1,32 @@
|
||||||
|
<script src="/common/get-host-info.sub.js"></script>
|
||||||
|
<canvas></canvas>
|
||||||
|
<canvas></canvas>
|
||||||
|
<img src="2x2.png" onload="dotest()">
|
||||||
|
<script>
|
||||||
|
function dotest() {
|
||||||
|
var c = document.querySelector('canvas');
|
||||||
|
var ctx = c.getContext('2d');
|
||||||
|
|
||||||
|
var i = document.querySelector('img');
|
||||||
|
ctx.drawImage(i, 0, 0);
|
||||||
|
var sameorigin2d = false;
|
||||||
|
try {
|
||||||
|
c.toDataURL();
|
||||||
|
sameorigin2d = true;
|
||||||
|
} catch (x) {
|
||||||
|
}
|
||||||
|
|
||||||
|
var c = document.querySelectorAll('canvas')[1];
|
||||||
|
var gl = c.getContext('webgl');
|
||||||
|
const texture = gl.createTexture();
|
||||||
|
gl.bindTexture(gl.TEXTURE_2D, texture);
|
||||||
|
var sameorigin3d = false;
|
||||||
|
try {
|
||||||
|
gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, gl.RGBA, gl.UNSIGNED_BYTE, i);
|
||||||
|
sameorigin3d = true;
|
||||||
|
} catch(x) {
|
||||||
|
}
|
||||||
|
|
||||||
|
parent.postMessage([sameorigin2d, sameorigin3d], '*');
|
||||||
|
}
|
||||||
|
</script>
|
||||||
Loading…
Add table
Add a link
Reference in a new issue