mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the ancestor navigables has a potentially trustworthy origin. The "potentially trustworthy origin" concept appears to have gotten confused in a couple of places and we were instead testing if a URL had "potentially trustworthy" properties. The main test for the ancestor navigables is [mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js) --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #36108 <!-- Either: --> - [X] There are tests for these changes --------- Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C
GitHub
parent
478e876f6d
commit
76edcff202
84 changed files with 384 additions and 525 deletions
|
|
@ -292,6 +292,7 @@ pub struct RequestBuilder {
|
|||
/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
|
||||
pub policy_container: RequestPolicyContainer,
|
||||
pub insecure_requests_policy: InsecureRequestsPolicy,
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
|
||||
/// <https://fetch.spec.whatwg.org/#concept-request-referrer>
|
||||
pub referrer: Referrer,
|
||||
|
|
@ -344,6 +345,7 @@ impl RequestBuilder {
|
|||
origin: ImmutableOrigin::new_opaque(),
|
||||
policy_container: RequestPolicyContainer::default(),
|
||||
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
|
||||
has_trustworthy_ancestor_origin: false,
|
||||
referrer,
|
||||
referrer_policy: ReferrerPolicy::EmptyString,
|
||||
pipeline_id: None,
|
||||
|
|
@ -493,6 +495,14 @@ impl RequestBuilder {
|
|||
self
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_origin(
|
||||
mut self,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> RequestBuilder {
|
||||
self.has_trustworthy_ancestor_origin = has_trustworthy_ancestor_origin;
|
||||
self
|
||||
}
|
||||
|
||||
/// <https://fetch.spec.whatwg.org/#request-service-workers-mode>
|
||||
pub fn service_workers_mode(
|
||||
mut self,
|
||||
|
|
@ -546,6 +556,7 @@ impl RequestBuilder {
|
|||
request.crash = self.crash;
|
||||
request.policy_container = self.policy_container;
|
||||
request.insecure_requests_policy = self.insecure_requests_policy;
|
||||
request.has_trustworthy_ancestor_origin = self.has_trustworthy_ancestor_origin;
|
||||
request
|
||||
}
|
||||
}
|
||||
|
|
@ -621,6 +632,7 @@ pub struct Request {
|
|||
pub policy_container: RequestPolicyContainer,
|
||||
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
|
||||
pub insecure_requests_policy: InsecureRequestsPolicy,
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
pub https_state: HttpsState,
|
||||
/// Servo internal: if crash details are present, trigger a crash error page with these details.
|
||||
pub crash: Option<String>,
|
||||
|
|
@ -668,6 +680,7 @@ impl Request {
|
|||
response_tainting: ResponseTainting::Basic,
|
||||
policy_container: RequestPolicyContainer::Client,
|
||||
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
|
||||
has_trustworthy_ancestor_origin: false,
|
||||
https_state,
|
||||
crash: None,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -117,7 +117,8 @@ pub struct LoadData {
|
|||
pub inherited_secure_context: Option<bool>,
|
||||
/// The inherited policy for upgrading insecure requests; None if not inherited.
|
||||
pub inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
|
||||
/// Whether the page's ancestors have potentially trustworthy origin
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
/// Servo internal: if crash details are present, trigger a crash error page with these details.
|
||||
pub crash: Option<String>,
|
||||
}
|
||||
|
|
@ -134,6 +135,7 @@ pub enum JsEvalResult {
|
|||
|
||||
impl LoadData {
|
||||
/// Create a new `LoadData` object.
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
pub fn new(
|
||||
load_origin: LoadOrigin,
|
||||
url: ServoUrl,
|
||||
|
|
@ -142,6 +144,7 @@ impl LoadData {
|
|||
referrer_policy: ReferrerPolicy,
|
||||
inherited_secure_context: Option<bool>,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> LoadData {
|
||||
LoadData {
|
||||
load_origin,
|
||||
|
|
@ -157,6 +160,7 @@ impl LoadData {
|
|||
inherited_secure_context,
|
||||
crash: None,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue