mirror of
https://github.com/servo/servo.git
synced 2025-08-03 20:50:07 +01:00
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the ancestor navigables has a potentially trustworthy origin. The "potentially trustworthy origin" concept appears to have gotten confused in a couple of places and we were instead testing if a URL had "potentially trustworthy" properties. The main test for the ancestor navigables is [mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js) --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #36108 <!-- Either: --> - [X] There are tests for these changes --------- Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
parent
478e876f6d
commit
76edcff202
84 changed files with 384 additions and 525 deletions
|
@ -524,6 +524,8 @@ pub(crate) struct Document {
|
|||
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
|
||||
#[no_trace]
|
||||
inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
|
||||
//// <https://w3c.github.io/webappsec-mixed-content/#categorize-settings-object>
|
||||
has_trustworthy_ancestor_origin: Cell<bool>,
|
||||
/// <https://w3c.github.io/IntersectionObserver/#document-intersectionobservertaskqueued>
|
||||
intersection_observer_task_queued: Cell<bool>,
|
||||
/// Active intersection observers that should be processed by this document in
|
||||
|
@ -2479,7 +2481,9 @@ impl Document {
|
|||
mut request: RequestBuilder,
|
||||
listener: Listener,
|
||||
) {
|
||||
request = request.insecure_requests_policy(self.insecure_requests_policy());
|
||||
request = request
|
||||
.insecure_requests_policy(self.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
|
||||
let callback = NetworkListener {
|
||||
context: std::sync::Arc::new(Mutex::new(listener)),
|
||||
task_source: self
|
||||
|
@ -2498,7 +2502,9 @@ impl Document {
|
|||
mut request: RequestBuilder,
|
||||
listener: Listener,
|
||||
) {
|
||||
request = request.insecure_requests_policy(self.insecure_requests_policy());
|
||||
request = request
|
||||
.insecure_requests_policy(self.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
|
||||
let callback = NetworkListener {
|
||||
context: std::sync::Arc::new(Mutex::new(listener)),
|
||||
task_source: self
|
||||
|
@ -3735,6 +3741,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> Document {
|
||||
let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
|
||||
|
||||
|
@ -3895,6 +3902,7 @@ impl Document {
|
|||
is_initial_about_blank: Cell::new(is_initial_about_blank),
|
||||
allow_declarative_shadow_roots: Cell::new(allow_declarative_shadow_roots),
|
||||
inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
|
||||
has_trustworthy_ancestor_origin: Cell::new(has_trustworthy_ancestor_origin),
|
||||
intersection_observer_task_queued: Cell::new(false),
|
||||
intersection_observers: Default::default(),
|
||||
active_keyboard_modifiers: Cell::new(Modifiers::empty()),
|
||||
|
@ -4052,6 +4060,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<Document> {
|
||||
Self::new_with_proto(
|
||||
|
@ -4072,6 +4081,7 @@ impl Document {
|
|||
is_initial_about_blank,
|
||||
allow_declarative_shadow_roots,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
can_gc,
|
||||
)
|
||||
}
|
||||
|
@ -4095,6 +4105,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<Document> {
|
||||
let document = reflect_dom_object_with_proto(
|
||||
|
@ -4115,6 +4126,7 @@ impl Document {
|
|||
is_initial_about_blank,
|
||||
allow_declarative_shadow_roots,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
)),
|
||||
window,
|
||||
proto,
|
||||
|
@ -4248,6 +4260,7 @@ impl Document {
|
|||
false,
|
||||
self.allow_declarative_shadow_roots(),
|
||||
Some(self.insecure_requests_policy()),
|
||||
self.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
new_doc
|
||||
|
@ -4795,6 +4808,15 @@ impl Document {
|
|||
pub fn set_allow_declarative_shadow_roots(&self, value: bool) {
|
||||
self.allow_declarative_shadow_roots.set(value)
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_origin(&self) -> bool {
|
||||
self.has_trustworthy_ancestor_origin.get()
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_or_current_origin(&self) -> bool {
|
||||
self.has_trustworthy_ancestor_origin.get() ||
|
||||
self.origin().immutable().is_potentially_trustworthy()
|
||||
}
|
||||
}
|
||||
|
||||
#[allow(non_snake_case)]
|
||||
|
@ -4825,6 +4847,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
|
|||
false,
|
||||
doc.allow_declarative_shadow_roots(),
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
))
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue