Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 07:13:52 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update FetchTaskTarget to propagate CSP violations. (#36409)

Browse source 
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.

However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].

[1]: https://github.com/servo/servo/issues/35028

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Tim van der Lippe 2025-04-13 22:54:59 +02:00 committed by GitHub
parent 5d84acc06e
commit 85e4a2b5c7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
146 changed files with 511 additions and 612 deletions
Download patch file Download diff file Expand all files Collapse all files

14
components/script/script_thread.rs
View file

@ -41,6 +41,7 @@ use constellation_traits::{
JsEvalResult, LoadData, LoadOrigin, NavigationHistoryBehavior, ScriptToConstellationChan,
ScriptToConstellationMessage, ScrollState, StructuredSerializedData, WindowSizeType,
};
use content_security_policy::{self as csp};
use crossbeam_channel::unbounded;
use devtools_traits::{
CSSError, DevtoolScriptControlMsg, DevtoolsPageInfo, NavigationState,
@ -3420,8 +3421,11 @@ impl ScriptThread {
FetchResponseMsg::ProcessResponseEOF(request_id, eof) => {
self.handle_fetch_eof(pipeline_id, request_id, eof)
},
FetchResponseMsg::ProcessRequestBody(..) => {},
FetchResponseMsg::ProcessRequestEOF(..) => {},
FetchResponseMsg::ProcessCspViolations(request_id, violations) => {
self.handle_csp_violations(pipeline_id, request_id, violations)
},
FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => {
},
}
}
@ -3477,6 +3481,12 @@ impl ScriptThread {
}
}
fn handle_csp_violations(&self, id: PipelineId, _: RequestId, violations: Vec<csp::Violation>) {
if let Some(global) = self.documents.borrow().find_global(id) {
global.report_csp_violations(violations);
}
}
fn handle_navigation_redirect(&self, id: PipelineId, metadata: &Metadata) {
// TODO(mrobinson): This tries to accomplish some steps from
// <https://html.spec.whatwg.org/multipage/#process-a-navigate-fetch>, but it's