Auto merge of #26111 - CYBAI:fix-origin-trustworthy, r=jdm

Update checking origin trustworthy align to spec

While reading the [spec of ` Is origin potentially trustworthy? `](https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy), I found our second step is wrong; then, I found Josh said we didn't check it with `https` because we didn't support https in tests yet (https://github.com/servo/servo/pull/13574#discussion_r89346191).

IIRC, we've supported https wpt tests now so it might be fine to change it to align with spec.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
This commit is contained in:
bors-servo 2020-04-13 01:45:57 -04:00 committed by GitHub
commit 8cc619cfdb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 7 deletions

View file

@ -74,14 +74,19 @@ impl UrlHelper {
}
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
pub fn is_origin_trustworthy(url: &ServoUrl) -> bool {
// Step 1
if !url.origin().is_tuple() {
return false;
}
// Step 3
if url.scheme() == "http" || url.scheme() == "wss" {
if url.scheme() == "https" || url.scheme() == "wss" {
true
// Step 4
} else if url.host().is_some() {
let host = url.host_str().unwrap();
host == "127.0.0.0/8" || host == "::1/128"
// Step 5
// Step 6
} else {
url.scheme() == "file"
}