Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C 2025-04-05 00:38:24 -05:00 committed by GitHub
parent 478e876f6d
commit 76edcff202
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
84 changed files with 384 additions and 525 deletions

View file

@ -524,6 +524,8 @@ pub(crate) struct Document {
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
#[no_trace]
inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
//// <https://w3c.github.io/webappsec-mixed-content/#categorize-settings-object>
has_trustworthy_ancestor_origin: Cell<bool>,
/// <https://w3c.github.io/IntersectionObserver/#document-intersectionobservertaskqueued>
intersection_observer_task_queued: Cell<bool>,
/// Active intersection observers that should be processed by this document in
@ -2479,7 +2481,9 @@ impl Document {
mut request: RequestBuilder,
listener: Listener,
) {
request = request.insecure_requests_policy(self.insecure_requests_policy());
request = request
.insecure_requests_policy(self.insecure_requests_policy())
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
let callback = NetworkListener {
context: std::sync::Arc::new(Mutex::new(listener)),
task_source: self
@ -2498,7 +2502,9 @@ impl Document {
mut request: RequestBuilder,
listener: Listener,
) {
request = request.insecure_requests_policy(self.insecure_requests_policy());
request = request
.insecure_requests_policy(self.insecure_requests_policy())
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
let callback = NetworkListener {
context: std::sync::Arc::new(Mutex::new(listener)),
task_source: self
@ -3735,6 +3741,7 @@ impl Document {
is_initial_about_blank: bool,
allow_declarative_shadow_roots: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
has_trustworthy_ancestor_origin: bool,
) -> Document {
let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
@ -3895,6 +3902,7 @@ impl Document {
is_initial_about_blank: Cell::new(is_initial_about_blank),
allow_declarative_shadow_roots: Cell::new(allow_declarative_shadow_roots),
inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
has_trustworthy_ancestor_origin: Cell::new(has_trustworthy_ancestor_origin),
intersection_observer_task_queued: Cell::new(false),
intersection_observers: Default::default(),
active_keyboard_modifiers: Cell::new(Modifiers::empty()),
@ -4052,6 +4060,7 @@ impl Document {
is_initial_about_blank: bool,
allow_declarative_shadow_roots: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
has_trustworthy_ancestor_origin: bool,
can_gc: CanGc,
) -> DomRoot<Document> {
Self::new_with_proto(
@ -4072,6 +4081,7 @@ impl Document {
is_initial_about_blank,
allow_declarative_shadow_roots,
inherited_insecure_requests_policy,
has_trustworthy_ancestor_origin,
can_gc,
)
}
@ -4095,6 +4105,7 @@ impl Document {
is_initial_about_blank: bool,
allow_declarative_shadow_roots: bool,
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
has_trustworthy_ancestor_origin: bool,
can_gc: CanGc,
) -> DomRoot<Document> {
let document = reflect_dom_object_with_proto(
@ -4115,6 +4126,7 @@ impl Document {
is_initial_about_blank,
allow_declarative_shadow_roots,
inherited_insecure_requests_policy,
has_trustworthy_ancestor_origin,
)),
window,
proto,
@ -4248,6 +4260,7 @@ impl Document {
false,
self.allow_declarative_shadow_roots(),
Some(self.insecure_requests_policy()),
self.has_trustworthy_ancestor_or_current_origin(),
can_gc,
);
new_doc
@ -4795,6 +4808,15 @@ impl Document {
pub fn set_allow_declarative_shadow_roots(&self, value: bool) {
self.allow_declarative_shadow_roots.set(value)
}
pub fn has_trustworthy_ancestor_origin(&self) -> bool {
self.has_trustworthy_ancestor_origin.get()
}
pub fn has_trustworthy_ancestor_or_current_origin(&self) -> bool {
self.has_trustworthy_ancestor_origin.get() ||
self.origin().immutable().is_potentially_trustworthy()
}
}
#[allow(non_snake_case)]
@ -4825,6 +4847,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
false,
doc.allow_declarative_shadow_roots(),
Some(doc.insecure_requests_policy()),
doc.has_trustworthy_ancestor_or_current_origin(),
can_gc,
))
}