mirror of
https://github.com/servo/servo.git
synced 2025-06-06 16:45:39 +00:00
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the ancestor navigables has a potentially trustworthy origin. The "potentially trustworthy origin" concept appears to have gotten confused in a couple of places and we were instead testing if a URL had "potentially trustworthy" properties. The main test for the ancestor navigables is [mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js) --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #36108 <!-- Either: --> - [X] There are tests for these changes --------- Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C
GitHub
parent
478e876f6d
commit
76edcff202
84 changed files with 384 additions and 525 deletions
|
|
@ -1329,6 +1329,7 @@ where
|
|||
ReferrerPolicy::EmptyString,
|
||||
None,
|
||||
None,
|
||||
false,
|
||||
);
|
||||
let ctx_id = BrowsingContextId::from(webview_id);
|
||||
let pipeline_id = match self.browsing_contexts.get(&ctx_id) {
|
||||
|
|
@ -3046,6 +3047,7 @@ where
|
|||
ReferrerPolicy::EmptyString,
|
||||
None,
|
||||
None,
|
||||
false,
|
||||
);
|
||||
let sandbox = IFrameSandboxState::IFrameUnsandboxed;
|
||||
let is_private = false;
|
||||
|
|
@ -4464,6 +4466,7 @@ where
|
|||
ReferrerPolicy::EmptyString,
|
||||
None,
|
||||
None,
|
||||
false,
|
||||
);
|
||||
self.load_url_for_webdriver(
|
||||
webview_id,
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ use net_traits::{
|
|||
use rustls_pki_types::CertificateDer;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use servo_arc::Arc as ServoArc;
|
||||
use servo_url::{Host, ServoUrl};
|
||||
use servo_url::{Host, ImmutableOrigin, ServoUrl};
|
||||
use tokio::sync::mpsc::{UnboundedReceiver as TokioReceiver, UnboundedSender as TokioSender};
|
||||
|
||||
use super::fetch_params::FetchParams;
|
||||
|
|
@ -278,7 +278,6 @@ pub async fn main_fetch(
|
|||
// Step 7. If should request be blocked due to a bad port, should fetching request be blocked
|
||||
// as mixed content, or should request be blocked by Content Security Policy returns blocked,
|
||||
// then set response to a network error.
|
||||
// TODO: check "should fetching request be blocked as mixed content"
|
||||
if should_request_be_blocked_by_csp(request, &policy_container) == csp::CheckResult::Blocked {
|
||||
warn!("Request blocked by CSP");
|
||||
response = Some(Response::network_error(NetworkError::Internal(
|
||||
|
|
@ -290,6 +289,11 @@ pub async fn main_fetch(
|
|||
"Request attempted on bad port".into(),
|
||||
)));
|
||||
}
|
||||
if should_request_be_blocked_as_mixed_content(request) {
|
||||
response = Some(Response::network_error(NetworkError::Internal(
|
||||
"Blocked as mixed content".into(),
|
||||
)));
|
||||
}
|
||||
|
||||
// Step 8: If request’s referrer policy is the empty string, then set request’s referrer policy
|
||||
// to request’s policy container’s referrer policy.
|
||||
|
|
@ -480,6 +484,8 @@ pub async fn main_fetch(
|
|||
should_be_blocked_due_to_nosniff(request.destination, &response.headers);
|
||||
let should_replace_with_mime_type_error = !response_is_network_error &&
|
||||
should_be_blocked_due_to_mime_type(request.destination, &response.headers);
|
||||
let should_replace_with_mixed_content = !response_is_network_error &&
|
||||
should_response_be_blocked_as_mixed_content(request, &response);
|
||||
|
||||
// Step 15.
|
||||
let mut network_error_response = response
|
||||
|
|
@ -502,7 +508,7 @@ pub async fn main_fetch(
|
|||
}
|
||||
|
||||
// Step 19. If response is not a network error and any of the following returns blocked
|
||||
// TODO: * should internalResponse to request be blocked as mixed content
|
||||
// * should internalResponse to request be blocked as mixed content
|
||||
// TODO: * should internalResponse to request be blocked by Content Security Policy
|
||||
// * should internalResponse to request be blocked due to its MIME type
|
||||
// * should internalResponse to request be blocked due to nosniff
|
||||
|
|
@ -518,6 +524,10 @@ pub async fn main_fetch(
|
|||
blocked_error_response =
|
||||
Response::network_error(NetworkError::Internal("Blocked by mime type".into()));
|
||||
&blocked_error_response
|
||||
} else if should_replace_with_mixed_content {
|
||||
blocked_error_response =
|
||||
Response::network_error(NetworkError::Internal("Blocked as mixed content".into()));
|
||||
&blocked_error_response
|
||||
} else {
|
||||
internal_response
|
||||
};
|
||||
|
|
@ -525,7 +535,10 @@ pub async fn main_fetch(
|
|||
// Step 20. If response’s type is "opaque", internalResponse’s status is 206, internalResponse’s
|
||||
// range-requested flag is set, and request’s header list does not contain `Range`, then set
|
||||
// response and internalResponse to a network error.
|
||||
let internal_response = if response_type == ResponseType::Opaque &&
|
||||
// Also checking if internal response is a network error to prevent crash from attemtping to
|
||||
// read status of a network error if we blocked the request above.
|
||||
let internal_response = if !internal_response.is_network_error() &&
|
||||
response_type == ResponseType::Opaque &&
|
||||
internal_response.status.code() == StatusCode::PARTIAL_CONTENT &&
|
||||
internal_response.range_requested &&
|
||||
!request.headers.contains_key(RANGE)
|
||||
|
|
@ -914,6 +927,66 @@ pub fn should_request_be_blocked_due_to_a_bad_port(url: &ServoUrl) -> bool {
|
|||
false
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-mixed-content/#should-block-fetch>
|
||||
pub fn should_request_be_blocked_as_mixed_content(request: &Request) -> bool {
|
||||
// Step 1. Return allowed if one or more of the following conditions are met:
|
||||
// 1.1. Does settings prohibit mixed security contexts?
|
||||
// returns "Does Not Restrict Mixed Security Contexts" when applied to request’s client.
|
||||
if do_settings_prohibit_mixed_security_contexts(request) ==
|
||||
MixedSecurityProhibited::NotProhibited
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// 1.2. request’s URL is a potentially trustworthy URL.
|
||||
if request.url().is_potentially_trustworthy() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// 1.3. The user agent has been instructed to allow mixed content.
|
||||
|
||||
// 1.4. request’s destination is "document", and request’s target browsing context has
|
||||
// no parent browsing context.
|
||||
if request.destination == Destination::Document {
|
||||
// TODO: request's target browsing context has no parent browsing context
|
||||
return false;
|
||||
}
|
||||
|
||||
true
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-mixed-content/#should-block-response>
|
||||
pub fn should_response_be_blocked_as_mixed_content(request: &Request, response: &Response) -> bool {
|
||||
// Step 1. Return allowed if one or more of the following conditions are met:
|
||||
// 1.1. Does settings prohibit mixed security contexts? returns Does Not Restrict Mixed Content
|
||||
// when applied to request’s client.
|
||||
if do_settings_prohibit_mixed_security_contexts(request) ==
|
||||
MixedSecurityProhibited::NotProhibited
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// 1.2. response’s url is a potentially trustworthy URL.
|
||||
if response
|
||||
.actual_response()
|
||||
.url()
|
||||
.is_some_and(|response_url| response_url.is_potentially_trustworthy())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// 1.3. TODO: The user agent has been instructed to allow mixed content.
|
||||
|
||||
// 1.4. request’s destination is "document", and request’s target browsing context
|
||||
// has no parent browsing context.
|
||||
if request.destination == Destination::Document {
|
||||
// TODO: if requests target browsing context has no parent browsing context
|
||||
return false;
|
||||
}
|
||||
|
||||
true
|
||||
}
|
||||
|
||||
/// <https://fetch.spec.whatwg.org/#bad-port>
|
||||
fn is_bad_port(port: u16) -> bool {
|
||||
static BAD_PORTS: [u16; 78] = [
|
||||
|
|
@ -983,14 +1056,36 @@ fn should_upgrade_request_to_potentially_trustworty(
|
|||
request.insecure_requests_policy == InsecureRequestsPolicy::Upgrade
|
||||
}
|
||||
|
||||
// TODO : Needs to revisit
|
||||
#[derive(Debug, PartialEq)]
|
||||
pub enum MixedSecurityProhibited {
|
||||
Prohibited,
|
||||
NotProhibited,
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-mixed-content/#categorize-settings-object>
|
||||
fn does_settings_prohibit_mixed_security_contexts(url: &ServoUrl) -> bool {
|
||||
if url.is_origin_trustworthy() {
|
||||
return true;
|
||||
fn do_settings_prohibit_mixed_security_contexts(request: &Request) -> MixedSecurityProhibited {
|
||||
if let Origin::Origin(ref origin) = request.origin {
|
||||
// Workers created from a data: url are secure if they were created from secure contexts
|
||||
let is_origin_data_url_worker = matches!(
|
||||
*origin,
|
||||
ImmutableOrigin::Opaque(servo_url::OpaqueOrigin::SecureWorkerFromDataUrl(_))
|
||||
);
|
||||
|
||||
// Step 1. If settings’ origin is a potentially trustworthy origin,
|
||||
// then return "Prohibits Mixed Security Contexts".
|
||||
if origin.is_potentially_trustworthy() || is_origin_data_url_worker {
|
||||
return MixedSecurityProhibited::Prohibited;
|
||||
}
|
||||
}
|
||||
|
||||
false
|
||||
// Step 2.2. For each navigable navigable in document’s ancestor navigables:
|
||||
// Step 2.2.1. If navigable’s active document's origin is a potentially trustworthy origin,
|
||||
// then return "Prohibits Mixed Security Contexts".
|
||||
if request.has_trustworthy_ancestor_origin {
|
||||
return MixedSecurityProhibited::Prohibited;
|
||||
}
|
||||
|
||||
MixedSecurityProhibited::NotProhibited
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-mixed-content/#upgrade-algorithm>
|
||||
|
|
@ -1008,12 +1103,14 @@ fn should_upgrade_mixed_content_request(request: &Request) -> bool {
|
|||
}
|
||||
|
||||
// Step 1.3
|
||||
if !does_settings_prohibit_mixed_security_contexts(&url) {
|
||||
if do_settings_prohibit_mixed_security_contexts(request) ==
|
||||
MixedSecurityProhibited::NotProhibited
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Step 1.4 : request’s destination is not "image", "audio", or "video".
|
||||
if matches!(
|
||||
if !matches!(
|
||||
request.destination,
|
||||
Destination::Audio | Destination::Image | Destination::Video
|
||||
) {
|
||||
|
|
|
|||
|
|
@ -1010,7 +1010,7 @@ pub async fn http_redirect_fetch(
|
|||
// Step 8: Increase request’s redirect count by 1.
|
||||
request.redirect_count += 1;
|
||||
|
||||
// Step 7
|
||||
// Step 9
|
||||
let same_origin = match request.origin {
|
||||
Origin::Origin(ref origin) => *origin == location_url.origin(),
|
||||
Origin::Client => panic!(
|
||||
|
|
|
|||
|
|
@ -355,6 +355,8 @@ impl DedicatedWorkerGlobalScope {
|
|||
let referrer = current_global.get_referrer();
|
||||
let parent = current_global.runtime_handle();
|
||||
let current_global_https_state = current_global.get_https_state();
|
||||
let current_global_ancestor_trustworthy = current_global.has_trustworthy_ancestor_origin();
|
||||
let is_secure_context = current_global.is_secure_context();
|
||||
|
||||
thread::Builder::new()
|
||||
.name(format!("WW:{}", worker_url.debug_compact()))
|
||||
|
|
@ -384,8 +386,8 @@ impl DedicatedWorkerGlobalScope {
|
|||
.use_url_credentials(true)
|
||||
.pipeline_id(Some(pipeline_id))
|
||||
.referrer_policy(referrer_policy)
|
||||
.referrer_policy(referrer_policy)
|
||||
.insecure_requests_policy(insecure_requests_policy)
|
||||
.has_trustworthy_ancestor_origin(current_global_ancestor_trustworthy)
|
||||
.origin(origin);
|
||||
|
||||
let runtime = unsafe {
|
||||
|
|
@ -418,7 +420,12 @@ impl DedicatedWorkerGlobalScope {
|
|||
// > scope`'s url's scheme is "data", and `inherited origin`
|
||||
// > otherwise.
|
||||
if worker_url.scheme() == "data" {
|
||||
init.origin = ImmutableOrigin::new_opaque();
|
||||
// Workers created from a data: url are secure if they were created from secure contexts
|
||||
if is_secure_context {
|
||||
init.origin = ImmutableOrigin::new_opaque_data_url_worker();
|
||||
} else {
|
||||
init.origin = ImmutableOrigin::new_opaque();
|
||||
}
|
||||
}
|
||||
|
||||
let global = DedicatedWorkerGlobalScope::new(
|
||||
|
|
|
|||
|
|
@ -524,6 +524,8 @@ pub(crate) struct Document {
|
|||
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
|
||||
#[no_trace]
|
||||
inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
|
||||
//// <https://w3c.github.io/webappsec-mixed-content/#categorize-settings-object>
|
||||
has_trustworthy_ancestor_origin: Cell<bool>,
|
||||
/// <https://w3c.github.io/IntersectionObserver/#document-intersectionobservertaskqueued>
|
||||
intersection_observer_task_queued: Cell<bool>,
|
||||
/// Active intersection observers that should be processed by this document in
|
||||
|
|
@ -2479,7 +2481,9 @@ impl Document {
|
|||
mut request: RequestBuilder,
|
||||
listener: Listener,
|
||||
) {
|
||||
request = request.insecure_requests_policy(self.insecure_requests_policy());
|
||||
request = request
|
||||
.insecure_requests_policy(self.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
|
||||
let callback = NetworkListener {
|
||||
context: std::sync::Arc::new(Mutex::new(listener)),
|
||||
task_source: self
|
||||
|
|
@ -2498,7 +2502,9 @@ impl Document {
|
|||
mut request: RequestBuilder,
|
||||
listener: Listener,
|
||||
) {
|
||||
request = request.insecure_requests_policy(self.insecure_requests_policy());
|
||||
request = request
|
||||
.insecure_requests_policy(self.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
|
||||
let callback = NetworkListener {
|
||||
context: std::sync::Arc::new(Mutex::new(listener)),
|
||||
task_source: self
|
||||
|
|
@ -3735,6 +3741,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> Document {
|
||||
let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
|
||||
|
||||
|
|
@ -3895,6 +3902,7 @@ impl Document {
|
|||
is_initial_about_blank: Cell::new(is_initial_about_blank),
|
||||
allow_declarative_shadow_roots: Cell::new(allow_declarative_shadow_roots),
|
||||
inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
|
||||
has_trustworthy_ancestor_origin: Cell::new(has_trustworthy_ancestor_origin),
|
||||
intersection_observer_task_queued: Cell::new(false),
|
||||
intersection_observers: Default::default(),
|
||||
active_keyboard_modifiers: Cell::new(Modifiers::empty()),
|
||||
|
|
@ -4052,6 +4060,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<Document> {
|
||||
Self::new_with_proto(
|
||||
|
|
@ -4072,6 +4081,7 @@ impl Document {
|
|||
is_initial_about_blank,
|
||||
allow_declarative_shadow_roots,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
can_gc,
|
||||
)
|
||||
}
|
||||
|
|
@ -4095,6 +4105,7 @@ impl Document {
|
|||
is_initial_about_blank: bool,
|
||||
allow_declarative_shadow_roots: bool,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<Document> {
|
||||
let document = reflect_dom_object_with_proto(
|
||||
|
|
@ -4115,6 +4126,7 @@ impl Document {
|
|||
is_initial_about_blank,
|
||||
allow_declarative_shadow_roots,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
)),
|
||||
window,
|
||||
proto,
|
||||
|
|
@ -4248,6 +4260,7 @@ impl Document {
|
|||
false,
|
||||
self.allow_declarative_shadow_roots(),
|
||||
Some(self.insecure_requests_policy()),
|
||||
self.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
new_doc
|
||||
|
|
@ -4795,6 +4808,15 @@ impl Document {
|
|||
pub fn set_allow_declarative_shadow_roots(&self, value: bool) {
|
||||
self.allow_declarative_shadow_roots.set(value)
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_origin(&self) -> bool {
|
||||
self.has_trustworthy_ancestor_origin.get()
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_or_current_origin(&self) -> bool {
|
||||
self.has_trustworthy_ancestor_origin.get() ||
|
||||
self.origin().immutable().is_potentially_trustworthy()
|
||||
}
|
||||
}
|
||||
|
||||
#[allow(non_snake_case)]
|
||||
|
|
@ -4825,6 +4847,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
|
|||
false,
|
||||
doc.allow_declarative_shadow_roots(),
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
|
|||
DocumentSource::NotFromParser,
|
||||
loader,
|
||||
Some(self.document.insecure_requests_policy()),
|
||||
self.document.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
|
||||
|
|
@ -176,6 +177,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
|
|||
false,
|
||||
self.document.allow_declarative_shadow_roots(),
|
||||
Some(self.document.insecure_requests_policy()),
|
||||
self.document.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -90,6 +90,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
|
|||
false,
|
||||
false,
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
ServoParser::parse_html_document(&document, Some(s), url, can_gc);
|
||||
|
|
@ -114,6 +115,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
|
|||
false,
|
||||
false,
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
ServoParser::parse_xml_document(&document, Some(s), url, can_gc);
|
||||
|
|
|
|||
|
|
@ -561,6 +561,7 @@ impl EventSourceMethods<crate::DomTypeHolder> for EventSource {
|
|||
Some(true),
|
||||
global.get_referrer(),
|
||||
global.insecure_requests_policy(),
|
||||
global.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.origin(global.origin().immutable().clone())
|
||||
.pipeline_id(Some(global.pipeline_id()));
|
||||
|
|
|
|||
|
|
@ -2386,6 +2386,21 @@ impl GlobalScope {
|
|||
InsecureRequestsPolicy::DoNotUpgrade
|
||||
}
|
||||
|
||||
/// Whether this document has ancestor navigables that are trustworthy
|
||||
pub(crate) fn has_trustworthy_ancestor_origin(&self) -> bool {
|
||||
self.downcast::<Window>()
|
||||
.is_some_and(|window| window.Document().has_trustworthy_ancestor_origin())
|
||||
}
|
||||
|
||||
// Whether this document has a trustworthy origin or has trustowrthy ancestor navigables
|
||||
pub(crate) fn has_trustworthy_ancestor_or_current_origin(&self) -> bool {
|
||||
self.downcast::<Window>().is_some_and(|window| {
|
||||
window
|
||||
.Document()
|
||||
.has_trustworthy_ancestor_or_current_origin()
|
||||
})
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#report-the-error>
|
||||
pub(crate) fn report_an_error(&self, error_info: ErrorInfo, value: HandleValue, can_gc: CanGc) {
|
||||
// Step 1.
|
||||
|
|
|
|||
|
|
@ -867,6 +867,7 @@ impl HTMLFormElement {
|
|||
target_document.get_referrer_policy(),
|
||||
Some(target_window.as_global_scope().is_secure_context()),
|
||||
Some(target_document.insecure_requests_policy()),
|
||||
target_document.has_trustworthy_ancestor_origin(),
|
||||
);
|
||||
|
||||
// Step 22
|
||||
|
|
|
|||
|
|
@ -271,6 +271,7 @@ impl HTMLIFrameElement {
|
|||
document.get_referrer_policy(),
|
||||
Some(window.as_global_scope().is_secure_context()),
|
||||
Some(document.insecure_requests_policy()),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
);
|
||||
let element = self.upcast::<Element>();
|
||||
load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc")));
|
||||
|
|
@ -362,6 +363,7 @@ impl HTMLIFrameElement {
|
|||
referrer_policy,
|
||||
Some(window.as_global_scope().is_secure_context()),
|
||||
Some(document.insecure_requests_policy()),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
);
|
||||
|
||||
let pipeline_id = self.pipeline_id();
|
||||
|
|
@ -407,6 +409,7 @@ impl HTMLIFrameElement {
|
|||
document.get_referrer_policy(),
|
||||
Some(window.as_global_scope().is_secure_context()),
|
||||
Some(document.insecure_requests_policy()),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
);
|
||||
let browsing_context_id = BrowsingContextId::new();
|
||||
let webview_id = window.window_proxy().webview_id();
|
||||
|
|
|
|||
|
|
@ -424,6 +424,7 @@ impl HTMLImageElement {
|
|||
None,
|
||||
document.global().get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.origin(document.origin().immutable().clone())
|
||||
.pipeline_id(Some(document.global().pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ struct LinkProcessingOptions {
|
|||
source_set: Option<()>,
|
||||
base_url: ServoUrl,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
// Some fields that we don't need yet are missing
|
||||
}
|
||||
|
||||
|
|
@ -335,6 +336,7 @@ impl HTMLLinkElement {
|
|||
source_set: None, // FIXME
|
||||
base_url: document.borrow().base_url(),
|
||||
insecure_requests_policy: document.insecure_requests_policy(),
|
||||
has_trustworthy_ancestor_origin: document.has_trustworthy_ancestor_or_current_origin(),
|
||||
};
|
||||
|
||||
// Step 3. If el has an href attribute, then set options's href to the value of el's href attribute.
|
||||
|
|
@ -669,6 +671,7 @@ impl LinkProcessingOptions {
|
|||
None,
|
||||
Referrer::NoReferrer,
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
)
|
||||
.integrity_metadata(self.integrity)
|
||||
.policy_container(self.policy_container)
|
||||
|
|
|
|||
|
|
@ -894,6 +894,7 @@ impl HTMLMediaElement {
|
|||
None,
|
||||
self.global().get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.headers(headers)
|
||||
.origin(document.origin().immutable().clone())
|
||||
|
|
|
|||
|
|
@ -558,6 +558,7 @@ impl PreInvoke for ClassicContext {}
|
|||
|
||||
/// Steps 1-2 of <https://html.spec.whatwg.org/multipage/#fetch-a-classic-script>
|
||||
// This function is also used to prefetch a script in `script::dom::servoparser::prefetch`.
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
pub(crate) fn script_fetch_request(
|
||||
webview_id: WebViewId,
|
||||
url: ServoUrl,
|
||||
|
|
@ -566,6 +567,7 @@ pub(crate) fn script_fetch_request(
|
|||
pipeline_id: PipelineId,
|
||||
options: ScriptFetchOptions,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> RequestBuilder {
|
||||
// We intentionally ignore options' credentials_mode member for classic scripts.
|
||||
// The mode is initialized by create_a_potential_cors_request.
|
||||
|
|
@ -577,6 +579,7 @@ pub(crate) fn script_fetch_request(
|
|||
None,
|
||||
options.referrer,
|
||||
insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
)
|
||||
.origin(origin)
|
||||
.pipeline_id(Some(pipeline_id))
|
||||
|
|
@ -605,6 +608,7 @@ fn fetch_a_classic_script(
|
|||
script.global().pipeline_id(),
|
||||
options.clone(),
|
||||
doc.insecure_requests_policy(),
|
||||
doc.has_trustworthy_ancestor_origin(),
|
||||
);
|
||||
let request = doc.prepare_request(request);
|
||||
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@ impl Location {
|
|||
referrer_policy,
|
||||
None, // Top navigation doesn't inherit secure context
|
||||
Some(source_document.insecure_requests_policy()),
|
||||
source_document.has_trustworthy_ancestor_origin(),
|
||||
);
|
||||
self.window
|
||||
.load_url(history_handling, reload_triggered, load_data, can_gc);
|
||||
|
|
|
|||
|
|
@ -2661,6 +2661,7 @@ impl Node {
|
|||
false,
|
||||
document.allow_declarative_shadow_roots(),
|
||||
Some(document.insecure_requests_policy()),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
DomRoot::upcast::<Node>(document)
|
||||
|
|
|
|||
|
|
@ -820,6 +820,7 @@ impl Notification {
|
|||
None,
|
||||
global.get_referrer(),
|
||||
global.insecure_requests_policy(),
|
||||
global.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.origin(global.origin().immutable().clone())
|
||||
.pipeline_id(Some(global.pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequ
|
|||
.pipeline_id(Some(global.pipeline_id()))
|
||||
.https_state(global.get_https_state())
|
||||
.insecure_requests_policy(global.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_or_current_origin())
|
||||
.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -228,6 +228,7 @@ impl ServoParser {
|
|||
false,
|
||||
allow_declarative_shadow_roots,
|
||||
Some(context_document.insecure_requests_policy()),
|
||||
context_document.has_trustworthy_ancestor_or_current_origin(),
|
||||
can_gc,
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@ impl Tokenizer {
|
|||
// block the main parser.
|
||||
prefetching: Cell::new(false),
|
||||
insecure_requests_policy: document.insecure_requests_policy(),
|
||||
has_trustworthy_ancestor_origin: document.has_trustworthy_ancestor_or_current_origin(),
|
||||
};
|
||||
let options = Default::default();
|
||||
let inner = TraceableTokenizer(HtmlTokenizer::new(sink, options));
|
||||
|
|
@ -105,6 +106,7 @@ struct PrefetchSink {
|
|||
prefetching: Cell<bool>,
|
||||
#[no_trace]
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
}
|
||||
|
||||
/// The prefetch tokenizer produces trivial results
|
||||
|
|
@ -146,6 +148,7 @@ impl TokenSink for PrefetchSink {
|
|||
parser_metadata: ParserMetadata::ParserInserted,
|
||||
},
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
);
|
||||
let _ = self
|
||||
.resource_threads
|
||||
|
|
@ -164,6 +167,7 @@ impl TokenSink for PrefetchSink {
|
|||
None,
|
||||
self.referrer.clone(),
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
)
|
||||
.origin(self.origin.clone())
|
||||
.pipeline_id(Some(self.pipeline_id))
|
||||
|
|
@ -198,6 +202,7 @@ impl TokenSink for PrefetchSink {
|
|||
None,
|
||||
self.referrer.clone(),
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
)
|
||||
.origin(self.origin.clone())
|
||||
.pipeline_id(Some(self.pipeline_id))
|
||||
|
|
|
|||
|
|
@ -261,6 +261,7 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
|
|||
let request = RequestBuilder::new(global.webview_id(), url_record, Referrer::NoReferrer)
|
||||
.origin(global.origin().immutable().clone())
|
||||
.insecure_requests_policy(global.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_or_current_origin())
|
||||
.mode(RequestMode::WebSocket { protocols })
|
||||
.service_workers_mode(ServiceWorkersMode::None)
|
||||
.credentials_mode(CredentialsMode::Include)
|
||||
|
|
|
|||
|
|
@ -307,6 +307,7 @@ impl WindowProxy {
|
|||
document.get_referrer_policy(),
|
||||
None, // Doesn't inherit secure context
|
||||
None,
|
||||
false,
|
||||
);
|
||||
let load_info = AuxiliaryWebViewCreationRequest {
|
||||
load_data: load_data.clone(),
|
||||
|
|
@ -485,6 +486,11 @@ impl WindowProxy {
|
|||
Some(target_document) => target_document,
|
||||
None => return Ok(None),
|
||||
};
|
||||
let has_trustworthy_ancestor_origin = if new {
|
||||
target_document.has_trustworthy_ancestor_or_current_origin()
|
||||
} else {
|
||||
false
|
||||
};
|
||||
let target_window = target_document.window();
|
||||
// Step 13, and 14.4, will have happened elsewhere,
|
||||
// since we've created a new browsing context and loaded it with about:blank.
|
||||
|
|
@ -517,6 +523,7 @@ impl WindowProxy {
|
|||
referrer_policy,
|
||||
Some(secure),
|
||||
Some(target_document.insecure_requests_policy()),
|
||||
has_trustworthy_ancestor_origin,
|
||||
);
|
||||
let history_handling = if new {
|
||||
NavigationHistoryBehavior::Replace
|
||||
|
|
|
|||
|
|
@ -296,6 +296,9 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
|
|||
.use_url_credentials(true)
|
||||
.origin(global_scope.origin().immutable().clone())
|
||||
.insecure_requests_policy(self.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(
|
||||
global_scope.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));
|
||||
|
||||
let (url, source) = match fetch::load_whole_resource(
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ impl XMLDocument {
|
|||
source: DocumentSource,
|
||||
doc_loader: DocumentLoader,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> XMLDocument {
|
||||
XMLDocument {
|
||||
document: Document::new_inherited(
|
||||
|
|
@ -62,6 +63,7 @@ impl XMLDocument {
|
|||
false,
|
||||
false,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
),
|
||||
}
|
||||
}
|
||||
|
|
@ -79,6 +81,7 @@ impl XMLDocument {
|
|||
source: DocumentSource,
|
||||
doc_loader: DocumentLoader,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
can_gc: CanGc,
|
||||
) -> DomRoot<XMLDocument> {
|
||||
let doc = reflect_dom_object(
|
||||
|
|
@ -94,6 +97,7 @@ impl XMLDocument {
|
|||
source,
|
||||
doc_loader,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
)),
|
||||
window,
|
||||
can_gc,
|
||||
|
|
|
|||
|
|
@ -688,6 +688,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
|
|||
.origin(self.global().origin().immutable().clone())
|
||||
.referrer_policy(self.referrer_policy)
|
||||
.insecure_requests_policy(self.global().insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.global().has_trustworthy_ancestor_or_current_origin())
|
||||
.pipeline_id(Some(self.global().pipeline_id()));
|
||||
|
||||
// step 4 (second half)
|
||||
|
|
@ -1515,6 +1516,7 @@ impl XMLHttpRequest {
|
|||
false,
|
||||
false,
|
||||
Some(doc.insecure_requests_policy()),
|
||||
doc.has_trustworthy_ancestor_origin(),
|
||||
can_gc,
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,6 +123,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder {
|
|||
initiator: request.initiator,
|
||||
policy_container: request.policy_container,
|
||||
insecure_requests_policy: request.insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin: request.has_trustworthy_ancestor_origin,
|
||||
https_state: request.https_state,
|
||||
response_tainting: request.response_tainting,
|
||||
crash: None,
|
||||
|
|
@ -374,6 +375,7 @@ pub(crate) fn load_whole_resource(
|
|||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request>
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
pub(crate) fn create_a_potential_cors_request(
|
||||
webview_id: Option<WebViewId>,
|
||||
url: ServoUrl,
|
||||
|
|
@ -382,6 +384,7 @@ pub(crate) fn create_a_potential_cors_request(
|
|||
same_origin_fallback: Option<bool>,
|
||||
referrer: Referrer,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> RequestBuilder {
|
||||
RequestBuilder::new(webview_id, url, referrer)
|
||||
// https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
|
||||
|
|
@ -401,4 +404,5 @@ pub(crate) fn create_a_potential_cors_request(
|
|||
.destination(destination)
|
||||
.use_url_credentials(true)
|
||||
.insecure_requests_policy(insecure_requests_policy)
|
||||
.has_trustworthy_ancestor_origin(has_trustworthy_ancestor_origin)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -440,6 +440,7 @@ pub(crate) fn follow_hyperlink(
|
|||
referrer_policy,
|
||||
Some(secure),
|
||||
Some(document.insecure_requests_policy()),
|
||||
document.has_trustworthy_ancestor_origin(),
|
||||
);
|
||||
let target = Trusted::new(target_window);
|
||||
let task = task!(navigate_follow_hyperlink: move || {
|
||||
|
|
|
|||
|
|
@ -212,6 +212,7 @@ impl InProgressLoad {
|
|||
.inherited_insecure_requests_policy
|
||||
.unwrap_or(InsecureRequestsPolicy::DoNotUpgrade),
|
||||
)
|
||||
.has_trustworthy_ancestor_origin(self.load_data.has_trustworthy_ancestor_origin)
|
||||
.headers(self.load_data.headers.clone())
|
||||
.body(self.load_data.data.clone())
|
||||
.redirect_mode(RedirectMode::Manual)
|
||||
|
|
|
|||
|
|
@ -3193,6 +3193,7 @@ impl ScriptThread {
|
|||
is_initial_about_blank,
|
||||
true,
|
||||
incomplete.load_data.inherited_insecure_requests_policy,
|
||||
incomplete.load_data.has_trustworthy_ancestor_origin,
|
||||
can_gc,
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -321,7 +321,7 @@ impl ServiceWorkerManager {
|
|||
|
||||
/// <https://w3c.github.io/ServiceWorker/#register-algorithm>
|
||||
fn handle_register_job(&mut self, mut job: Job) {
|
||||
if !job.script_url.is_origin_trustworthy() {
|
||||
if !job.script_url.origin().is_potentially_trustworthy() {
|
||||
// Step 1.1
|
||||
let _ = job
|
||||
.client
|
||||
|
|
|
|||
|
|
@ -351,6 +351,7 @@ impl StylesheetLoader<'_> {
|
|||
None,
|
||||
self.elem.global().get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
)
|
||||
.origin(document.origin().immutable().clone())
|
||||
.pipeline_id(Some(self.elem.global().pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -292,6 +292,7 @@ pub struct RequestBuilder {
|
|||
/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
|
||||
pub policy_container: RequestPolicyContainer,
|
||||
pub insecure_requests_policy: InsecureRequestsPolicy,
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
|
||||
/// <https://fetch.spec.whatwg.org/#concept-request-referrer>
|
||||
pub referrer: Referrer,
|
||||
|
|
@ -344,6 +345,7 @@ impl RequestBuilder {
|
|||
origin: ImmutableOrigin::new_opaque(),
|
||||
policy_container: RequestPolicyContainer::default(),
|
||||
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
|
||||
has_trustworthy_ancestor_origin: false,
|
||||
referrer,
|
||||
referrer_policy: ReferrerPolicy::EmptyString,
|
||||
pipeline_id: None,
|
||||
|
|
@ -493,6 +495,14 @@ impl RequestBuilder {
|
|||
self
|
||||
}
|
||||
|
||||
pub fn has_trustworthy_ancestor_origin(
|
||||
mut self,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> RequestBuilder {
|
||||
self.has_trustworthy_ancestor_origin = has_trustworthy_ancestor_origin;
|
||||
self
|
||||
}
|
||||
|
||||
/// <https://fetch.spec.whatwg.org/#request-service-workers-mode>
|
||||
pub fn service_workers_mode(
|
||||
mut self,
|
||||
|
|
@ -546,6 +556,7 @@ impl RequestBuilder {
|
|||
request.crash = self.crash;
|
||||
request.policy_container = self.policy_container;
|
||||
request.insecure_requests_policy = self.insecure_requests_policy;
|
||||
request.has_trustworthy_ancestor_origin = self.has_trustworthy_ancestor_origin;
|
||||
request
|
||||
}
|
||||
}
|
||||
|
|
@ -621,6 +632,7 @@ pub struct Request {
|
|||
pub policy_container: RequestPolicyContainer,
|
||||
/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
|
||||
pub insecure_requests_policy: InsecureRequestsPolicy,
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
pub https_state: HttpsState,
|
||||
/// Servo internal: if crash details are present, trigger a crash error page with these details.
|
||||
pub crash: Option<String>,
|
||||
|
|
@ -668,6 +680,7 @@ impl Request {
|
|||
response_tainting: ResponseTainting::Basic,
|
||||
policy_container: RequestPolicyContainer::Client,
|
||||
insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
|
||||
has_trustworthy_ancestor_origin: false,
|
||||
https_state,
|
||||
crash: None,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -117,7 +117,8 @@ pub struct LoadData {
|
|||
pub inherited_secure_context: Option<bool>,
|
||||
/// The inherited policy for upgrading insecure requests; None if not inherited.
|
||||
pub inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
|
||||
/// Whether the page's ancestors have potentially trustworthy origin
|
||||
pub has_trustworthy_ancestor_origin: bool,
|
||||
/// Servo internal: if crash details are present, trigger a crash error page with these details.
|
||||
pub crash: Option<String>,
|
||||
}
|
||||
|
|
@ -134,6 +135,7 @@ pub enum JsEvalResult {
|
|||
|
||||
impl LoadData {
|
||||
/// Create a new `LoadData` object.
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
pub fn new(
|
||||
load_origin: LoadOrigin,
|
||||
url: ServoUrl,
|
||||
|
|
@ -142,6 +144,7 @@ impl LoadData {
|
|||
referrer_policy: ReferrerPolicy,
|
||||
inherited_secure_context: Option<bool>,
|
||||
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
) -> LoadData {
|
||||
LoadData {
|
||||
load_origin,
|
||||
|
|
@ -157,6 +160,7 @@ impl LoadData {
|
|||
inherited_secure_context,
|
||||
crash: None,
|
||||
inherited_insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -224,33 +224,7 @@ impl ServoUrl {
|
|||
return true;
|
||||
}
|
||||
// Step 3
|
||||
self.is_origin_trustworthy()
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>
|
||||
pub fn is_origin_trustworthy(&self) -> bool {
|
||||
// Step 1
|
||||
if !self.origin().is_tuple() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Step 3
|
||||
if self.scheme() == "https" || self.scheme() == "wss" {
|
||||
true
|
||||
// Steps 4-5
|
||||
} else if self.host().is_some() {
|
||||
let host = self.host_str().unwrap();
|
||||
// Step 4
|
||||
if let Ok(ip_addr) = host.parse::<IpAddr>() {
|
||||
ip_addr.is_loopback()
|
||||
// Step 5
|
||||
} else {
|
||||
host == "localhost" || host.ends_with(".localhost")
|
||||
}
|
||||
// Step 6
|
||||
} else {
|
||||
self.scheme() == "file"
|
||||
}
|
||||
self.origin().is_potentially_trustworthy()
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
||||
|
||||
use std::cell::RefCell;
|
||||
use std::net::IpAddr;
|
||||
use std::rc::Rc;
|
||||
|
||||
use malloc_size_of::malloc_size_of_is_0;
|
||||
|
|
@ -39,7 +40,14 @@ impl ImmutableOrigin {
|
|||
|
||||
/// Creates a new opaque origin that is only equal to itself.
|
||||
pub fn new_opaque() -> ImmutableOrigin {
|
||||
ImmutableOrigin::Opaque(OpaqueOrigin(servo_rand::random_uuid()))
|
||||
ImmutableOrigin::Opaque(OpaqueOrigin::Opaque(servo_rand::random_uuid()))
|
||||
}
|
||||
|
||||
// For use in mixed security context tests because data: URL workers inherit contexts
|
||||
pub fn new_opaque_data_url_worker() -> ImmutableOrigin {
|
||||
ImmutableOrigin::Opaque(OpaqueOrigin::SecureWorkerFromDataUrl(
|
||||
servo_rand::random_uuid(),
|
||||
))
|
||||
}
|
||||
|
||||
pub fn scheme(&self) -> Option<&str> {
|
||||
|
|
@ -79,6 +87,43 @@ impl ImmutableOrigin {
|
|||
}
|
||||
}
|
||||
|
||||
/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>
|
||||
pub fn is_potentially_trustworthy(&self) -> bool {
|
||||
// 1. If origin is an opaque origin return "Not Trustworthy"
|
||||
if matches!(self, ImmutableOrigin::Opaque(_)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if let ImmutableOrigin::Tuple(scheme, host, _) = self {
|
||||
// 3. If origin’s scheme is either "https" or "wss", return "Potentially Trustworthy"
|
||||
if scheme == "https" || scheme == "wss" {
|
||||
return true;
|
||||
}
|
||||
// 6. If origin’s scheme is "file", return "Potentially Trustworthy".
|
||||
if scheme == "file" {
|
||||
return true;
|
||||
}
|
||||
|
||||
// 4. If origin’s host matches one of the CIDR notations 127.0.0.0/8 or ::1/128,
|
||||
// return "Potentially Trustworthy".
|
||||
if let Ok(ip_addr) = host.to_string().parse::<IpAddr>() {
|
||||
return ip_addr.is_loopback();
|
||||
}
|
||||
// 5. If the user agent conforms to the name resolution rules in
|
||||
// [let-localhost-be-localhost] and one of the following is true:
|
||||
// * origin’s host is "localhost" or "localhost."
|
||||
// * origin’s host ends with ".localhost" or ".localhost."
|
||||
// then return "Potentially Trustworthy".
|
||||
if let Host::Domain(domain) = host {
|
||||
if domain == "localhost" || domain.ends_with(".localhost") {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
// 9. Return "Not Trustworthy".
|
||||
false
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#ascii-serialisation-of-an-origin>
|
||||
pub fn ascii_serialization(&self) -> String {
|
||||
self.clone().into_url_origin().ascii_serialization()
|
||||
|
|
@ -87,8 +132,13 @@ impl ImmutableOrigin {
|
|||
|
||||
/// Opaque identifier for URLs that have file or other schemes
|
||||
#[derive(Clone, Debug, Deserialize, Eq, Hash, PartialEq, Serialize)]
|
||||
pub struct OpaqueOrigin(Uuid);
|
||||
|
||||
pub enum OpaqueOrigin {
|
||||
Opaque(Uuid),
|
||||
// Workers created from `data:` urls will have opaque origins but need to be treated
|
||||
// as inheriting the secure context they were created in. This tracks that the origin
|
||||
// was created in such a context
|
||||
SecureWorkerFromDataUrl(Uuid),
|
||||
}
|
||||
malloc_size_of_is_0!(OpaqueOrigin);
|
||||
|
||||
/// A representation of an [origin](https://html.spec.whatwg.org/multipage/#origin-2).
|
||||
|
|
|
|||
3
tests/wpt/meta/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js.ini
vendored
Normal file
3
tests/wpt/meta/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js.ini
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[scheme-restriction.https.window.html]
|
||||
[Cross-Origin-Resource-Policy does not block Mixed Content <img>]
|
||||
expected: FAIL
|
||||
|
|
@ -133,3 +133,24 @@
|
|||
|
||||
[https-treat-as-public to http-private: success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-private to http-local: PUT success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-private to http-local: no-cors success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-public to http-local: PUT success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-public to http-local: no-cors success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-public to http-private: PUT success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-public to http-private: no-cors success.]
|
||||
expected: FAIL
|
||||
|
||||
[https-treat-as-public to http-local: success.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
[blob.https.sub.html]
|
||||
expected: ERROR
|
||||
[Mixed-Content: blob tests 1]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[csp.https.window.html]
|
||||
[Mixed content checks apply to fetches in sandboxed documents]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
[audio-tag.https.html]
|
||||
expected: TIMEOUT
|
||||
[Mixed-Content: Expects blocked for audio-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[img-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for img-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[link-css-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[link-prefetch-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[picture-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[script-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[audio-tag.https.html]
|
||||
expected: TIMEOUT
|
||||
[Mixed-Content: Expects blocked for audio-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
||||
[Mixed-Content: Expects blocked for audio-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[img-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for img-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for img-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[link-css-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[link-prefetch-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[picture-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[script-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
25
tests/wpt/meta/mixed-content/gen/top.meta/unset/audio-tag.https.html.ini
vendored
Normal file
25
tests/wpt/meta/mixed-content/gen/top.meta/unset/audio-tag.https.html.ini
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
[audio-tag.https.html]
|
||||
expected: TIMEOUT
|
||||
[Mixed-Content: Expects allowed for audio-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to same-https origin and keep-scheme redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
||||
[Mixed-Content: Expects allowed for audio-tag to same-https origin and no-redirect redirection from https context.]
|
||||
expected: NOTRUN
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
18
tests/wpt/meta/mixed-content/gen/top.meta/unset/img-tag.https.html.ini
vendored
Normal file
18
tests/wpt/meta/mixed-content/gen/top.meta/unset/img-tag.https.html.ini
vendored
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
[img-tag.https.html]
|
||||
[Mixed-Content: Expects allowed for img-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects allowed for img-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects allowed for img-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects allowed for img-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects allowed for img-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects allowed for img-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[link-css-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-css-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[link-prefetch-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for link-prefetch-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[picture-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for picture-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[script-tag.https.html]
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for script-tag to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,24 +1,6 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,24 +1,6 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,24 +1,6 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
[fetch.https.html]
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[xhr.https.html]
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[nested-iframes.window.html]
|
||||
[HTTP fetch]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[audio-upgrade.https.sub.html]
|
||||
[Audio autoupgraded]
|
||||
expected: FAIL
|
||||
|
||||
[Audio of other host autoupgraded]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[image-upgrade.https.sub.html]
|
||||
[Image autoupgraded]
|
||||
expected: FAIL
|
||||
|
||||
[Image of other host autoupgraded]
|
||||
expected: FAIL
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
[mixed-content-cors.https.sub.html]
|
||||
[Cross-Origin audio should get upgraded even if CORS is set]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-Origin image should get upgraded even if CORS is set]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-Origin video should get upgraded even if CORS is set]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[video-upgrade.https.sub.html]
|
||||
[Video autoupgraded]
|
||||
expected: FAIL
|
||||
|
||||
[Video of other host autoupgraded]
|
||||
expected: FAIL
|
||||
|
|
@ -1,12 +1,13 @@
|
|||
[shared-worker-insecure-first.https.html]
|
||||
expected: TIMEOUT
|
||||
[Shared worker in subframe]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Nested worker in shared worker in subframe]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Shared worker in popup]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Nested worker from shared worker in popup]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[shared-worker-secure-first.https.html]
|
||||
expected: TIMEOUT
|
||||
[Shared worker in subframe]
|
||||
expected: FAIL
|
||||
|
||||
|
|
@ -6,7 +7,7 @@
|
|||
expected: FAIL
|
||||
|
||||
[Shared worker in popup]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Nested worker from shared worker in popup]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
[img-tag.https.html]
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
[img-tag.https.html]
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
6
tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/unset/img-tag.https.html.ini
vendored
Normal file
6
tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/unset/img-tag.https.html.ini
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
[img-tag.https.html]
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Upgrade-Insecure-Requests: Expects blocked for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
Loading…
Add table
Add a link
Reference in a new issue