Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C 2025-04-05 00:38:24 -05:00 committed by GitHub
parent 478e876f6d
commit 76edcff202
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
84 changed files with 384 additions and 525 deletions

View file

@ -688,6 +688,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
.origin(self.global().origin().immutable().clone())
.referrer_policy(self.referrer_policy)
.insecure_requests_policy(self.global().insecure_requests_policy())
.has_trustworthy_ancestor_origin(self.global().has_trustworthy_ancestor_or_current_origin())
.pipeline_id(Some(self.global().pipeline_id()));
// step 4 (second half)
@ -1515,6 +1516,7 @@ impl XMLHttpRequest {
false,
false,
Some(doc.insecure_requests_policy()),
doc.has_trustworthy_ancestor_origin(),
can_gc,
)
}