mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the ancestor navigables has a potentially trustworthy origin. The "potentially trustworthy origin" concept appears to have gotten confused in a couple of places and we were instead testing if a URL had "potentially trustworthy" properties. The main test for the ancestor navigables is [mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js) --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #36108 <!-- Either: --> - [X] There are tests for these changes --------- Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
parent
478e876f6d
commit
76edcff202
84 changed files with 384 additions and 525 deletions
|
@ -688,6 +688,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
|
|||
.origin(self.global().origin().immutable().clone())
|
||||
.referrer_policy(self.referrer_policy)
|
||||
.insecure_requests_policy(self.global().insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.global().has_trustworthy_ancestor_or_current_origin())
|
||||
.pipeline_id(Some(self.global().pipeline_id()));
|
||||
|
||||
// step 4 (second half)
|
||||
|
@ -1515,6 +1516,7 @@ impl XMLHttpRequest {
|
|||
false,
|
||||
false,
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_origin(),
|
||||
can_gc,
|
||||
)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue