Remove referrer policy from document (#34263)

* Remove the referrer policy from document and rely on its policy container Signed-off-by: Shane Handley <shanehandley@fastmail.com> * Make ReferrerPolicy non-optional, instead using a new enum value to represent the empty string case Signed-off-by: Shane Handley <shanehandley@fastmail.com> * Fix clippy issue Signed-off-by: Shane Handley <shanehandley@fastmail.com> * Fix usage of Option<ReferrerPolicy> in unit test Signed-off-by: Shane Handley <shanehandley@fastmail.com> --------- Signed-off-by: Shane Handley <shanehandley@fastmail.com>
2025-08-03 04:30:10 +01:00 · 2024-11-19 23:45:10 +11:00 · 2024-11-19 23:45:10 +11:00 · 975e2ae859
commit 975e2ae859
parent 83f8e88818
108 changed files with 171 additions and 1509 deletions
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@ -371,9 +371,6 @@ pub struct Document {
    /// The document's origin.
    #[no_trace]
    origin: MutableOrigin,
-    ///  <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-states>
-    #[no_trace]
-    referrer_policy: Cell<Option<ReferrerPolicy>>,
    /// <https://html.spec.whatwg.org/multipage/#dom-document-referrer>
    referrer: Option<String>,
    /// <https://html.spec.whatwg.org/multipage/#target-element>
@ -3295,7 +3292,6 @@ impl Document {
        source: DocumentSource,
        doc_loader: DocumentLoader,
        referrer: Option<String>,
-        referrer_policy: Option<ReferrerPolicy>,
        status_code: Option<u16>,
        canceller: FetchCanceller,
    ) -> Document {
@ -3401,7 +3397,6 @@ impl Document {
            https_state: Cell::new(HttpsState::None),
            origin,
            referrer,
-            referrer_policy: Cell::new(referrer_policy),
            target_element: MutNullableDom::new(None),
            policy_container: DomRefCell::new(PolicyContainer::default()),
            last_click_info: DomRefCell::new(None),
@ -3580,7 +3575,6 @@ impl Document {
        source: DocumentSource,
        doc_loader: DocumentLoader,
        referrer: Option<String>,
-        referrer_policy: Option<ReferrerPolicy>,
        status_code: Option<u16>,
        canceller: FetchCanceller,
        can_gc: CanGc,
@ -3598,7 +3592,6 @@ impl Document {
            source,
            doc_loader,
            referrer,
-            referrer_policy,
            status_code,
            canceller,
            can_gc,
@ -3619,7 +3612,6 @@ impl Document {
        source: DocumentSource,
        doc_loader: DocumentLoader,
        referrer: Option<String>,
-        referrer_policy: Option<ReferrerPolicy>,
        status_code: Option<u16>,
        canceller: FetchCanceller,
        can_gc: CanGc,
@ -3637,7 +3629,6 @@ impl Document {
                source,
                doc_loader,
                referrer,
-                referrer_policy,
                status_code,
                canceller,
            )),
@ -3762,7 +3753,6 @@ impl Document {
                    DocumentLoader::new(&self.loader()),
                    None,
                    None,
-                    None,
                    Default::default(),
                    can_gc,
                );
@ -3847,13 +3837,14 @@ impl Document {
        }
    }

-    pub fn set_referrer_policy(&self, policy: Option<ReferrerPolicy>) {
-        self.referrer_policy.set(policy);
+    pub fn set_referrer_policy(&self, policy: ReferrerPolicy) {
+        self.policy_container
+            .borrow_mut()
+            .set_referrer_policy(policy);
    }

-    //TODO - default still at no-referrer
-    pub fn get_referrer_policy(&self) -> Option<ReferrerPolicy> {
-        self.referrer_policy.get()
+    pub fn get_referrer_policy(&self) -> ReferrerPolicy {
+        self.policy_container.borrow().get_referrer_policy()
    }

    pub fn set_target_element(&self, node: Option<&Element>, can_gc: CanGc) {
@ -4301,7 +4292,6 @@ impl DocumentMethods for Document {
            docloader,
            None,
            None,
-            None,
            Default::default(),
            can_gc,
        ))
@ -5621,18 +5611,17 @@ fn update_with_current_instant(marker: &Cell<Option<CrossProcessInstant>>) {
 }

 /// <https://w3c.github.io/webappsec-referrer-policy/#determine-policy-for-token>
-pub fn determine_policy_for_token(token: &str) -> Option<ReferrerPolicy> {
+pub fn determine_policy_for_token(token: &str) -> ReferrerPolicy {
    match_ignore_ascii_case! { token,
-        "never" | "no-referrer" => Some(ReferrerPolicy::NoReferrer),
-        "no-referrer-when-downgrade" => Some(ReferrerPolicy::NoReferrerWhenDowngrade),
-        "origin" => Some(ReferrerPolicy::Origin),
-        "same-origin" => Some(ReferrerPolicy::SameOrigin),
-        "strict-origin" => Some(ReferrerPolicy::StrictOrigin),
-        "default" | "strict-origin-when-cross-origin" => Some(ReferrerPolicy::StrictOriginWhenCrossOrigin),
-        "origin-when-cross-origin" => Some(ReferrerPolicy::OriginWhenCrossOrigin),
-        "always" | "unsafe-url" => Some(ReferrerPolicy::UnsafeUrl),
-        "" => Some(ReferrerPolicy::default()),
-        _ => None,
+        "never" | "no-referrer" => ReferrerPolicy::NoReferrer,
+        "no-referrer-when-downgrade" => ReferrerPolicy::NoReferrerWhenDowngrade,
+        "origin" => ReferrerPolicy::Origin,
+        "same-origin" => ReferrerPolicy::SameOrigin,
+        "strict-origin" => ReferrerPolicy::StrictOrigin,
+        "default" | "strict-origin-when-cross-origin" => ReferrerPolicy::StrictOriginWhenCrossOrigin,
+        "origin-when-cross-origin" => ReferrerPolicy::OriginWhenCrossOrigin,
+        "always" | "unsafe-url" => ReferrerPolicy::UnsafeUrl,
+        _ => ReferrerPolicy::EmptyString,
    }
 }

--- a/components/script/dom/domimplementation.rs
+++ b/components/script/dom/domimplementation.rs
@ -159,7 +159,6 @@ impl DOMImplementationMethods for DOMImplementation {
            loader,
            None,
            None,
-            None,
            Default::default(),
            can_gc,
        );
--- a/components/script/dom/domparser.rs
+++ b/components/script/dom/domparser.rs
@ -86,7 +86,6 @@ impl DOMParserMethods for DOMParser {
                    loader,
                    None,
                    None,
-                    None,
                    Default::default(),
                    can_gc,
                );
@ -108,7 +107,6 @@ impl DOMParserMethods for DOMParser {
                    loader,
                    None,
                    None,
-                    None,
                    Default::default(),
                    can_gc,
                );
--- a/components/script/dom/element.rs
+++ b/components/script/dom/element.rs
@ -4539,11 +4539,11 @@ pub fn reflect_referrer_policy_attribute(element: &Element) -> DOMString {
    DOMString::new()
 }

-pub(crate) fn referrer_policy_for_element(element: &Element) -> Option<ReferrerPolicy> {
+pub(crate) fn referrer_policy_for_element(element: &Element) -> ReferrerPolicy {
    element
        .get_attribute_by_name(DOMString::from_string(String::from("referrerpolicy")))
-        .and_then(|attribute: DomRoot<Attr>| determine_policy_for_token(&attribute.Value()))
-        .or_else(|| document_from_node(element).get_referrer_policy())
+        .map(|attribute: DomRoot<Attr>| determine_policy_for_token(&attribute.Value()))
+        .unwrap_or(document_from_node(element).get_referrer_policy())
 }

 pub(crate) fn cors_setting_for_element(element: &Element) -> Option<CorsSettings> {
--- a/components/script/dom/globalscope.rs
+++ b/components/script/dom/globalscope.rs
@ -2426,7 +2426,7 @@ impl GlobalScope {
    }

    /// Get the Referrer Policy for this global scope.
-    pub fn get_referrer_policy(&self) -> Option<ReferrerPolicy> {
+    pub fn get_referrer_policy(&self) -> ReferrerPolicy {
        if let Some(window) = self.downcast::<Window>() {
            let document = window.Document();

@ -2435,7 +2435,7 @@ impl GlobalScope {
        if let Some(worker) = self.downcast::<WorkerGlobalScope>() {
            let policy_container = worker.policy_container().to_owned();

-            return Some(policy_container.referrer_policy);
+            return policy_container.get_referrer_policy();
        }
        unreachable!();
    }
--- a/components/script/dom/htmlimageelement.rs
+++ b/components/script/dom/htmlimageelement.rs
@ -336,7 +336,7 @@ pub(crate) fn image_fetch_request(
    referrer: Referrer,
    pipeline_id: PipelineId,
    cors_setting: Option<CorsSettings>,
-    referrer_policy: Option<ReferrerPolicy>,
+    referrer_policy: ReferrerPolicy,
    from_picture_or_srcset: FromPictureOrSrcSet,
 ) -> RequestBuilder {
    let mut request =
@ -1523,12 +1523,13 @@ fn get_correct_referrerpolicy_from_raw_token(token: &DOMString) -> DOMString {
        // so it should remain unchanged.
        DOMString::new()
    } else {
-        match determine_policy_for_token(token) {
-            Some(policy) => DOMString::from_string(policy.to_string()),
-            // If the policy is set to an incorrect value, then it should be
-            // treated as an invalid value default (empty string).
-            None => DOMString::new(),
+        let policy = determine_policy_for_token(token);
+
+        if policy == ReferrerPolicy::EmptyString {
+            return DOMString::new();
        }
+
+        DOMString::from_string(policy.to_string())
    }
 }

--- a/components/script/dom/htmllinkelement.rs
+++ b/components/script/dom/htmllinkelement.rs
@ -76,7 +76,7 @@ struct LinkProcessingOptions {
    integrity: String,
    link_type: String,
    cross_origin: Option<CorsSettings>,
-    referrer_policy: Option<ReferrerPolicy>,
+    referrer_policy: ReferrerPolicy,
    policy_container: PolicyContainer,
    source_set: Option<()>,
    base_url: ServoUrl,
@ -502,12 +502,12 @@ impl StylesheetOwner for HTMLLinkElement {
        self.parser_inserted.get()
    }

-    fn referrer_policy(&self) -> Option<ReferrerPolicy> {
+    fn referrer_policy(&self) -> ReferrerPolicy {
        if self.RelList().Contains("noreferrer".into()) {
-            return Some(ReferrerPolicy::NoReferrer);
+            return ReferrerPolicy::NoReferrer;
        }

-        None
+        ReferrerPolicy::EmptyString
    }

    fn set_origin_clean(&self, origin_clean: bool) {
--- a/components/script/dom/htmlstyleelement.rs
+++ b/components/script/dom/htmlstyleelement.rs
@ -266,8 +266,8 @@ impl StylesheetOwner for HTMLStyleElement {
        self.parser_inserted.get()
    }

-    fn referrer_policy(&self) -> Option<ReferrerPolicy> {
-        None
+    fn referrer_policy(&self) -> ReferrerPolicy {
+        ReferrerPolicy::EmptyString
    }

    fn set_origin_clean(&self, origin_clean: bool) {
--- a/components/script/dom/node.rs
+++ b/components/script/dom/node.rs
@ -2305,7 +2305,6 @@ impl Node {
                    DocumentSource::NotFromParser,
                    loader,
                    None,
-                    None,
                    document.status_code(),
                    Default::default(),
                    can_gc,
--- a/components/script/dom/request.rs
+++ b/components/script/dom/request.rs
@ -267,7 +267,7 @@ impl RequestMethods for Request {
            // Step 13.4
            request.referrer = global.get_referrer();
            // Step 13.5
-            request.referrer_policy = None;
+            request.referrer_policy = MsgReferrerPolicy::EmptyString;
        }

        // Step 14
@ -303,7 +303,7 @@ impl RequestMethods for Request {
        // Step 15
        if let Some(init_referrerpolicy) = init.referrerPolicy.as_ref() {
            let init_referrer_policy = (*init_referrerpolicy).into();
-            request.referrer_policy = Some(init_referrer_policy);
+            request.referrer_policy = init_referrer_policy;
        }

        // Step 16
@ -564,11 +564,7 @@ impl RequestMethods for Request {

    // https://fetch.spec.whatwg.org/#dom-request-referrerpolicy
    fn ReferrerPolicy(&self) -> ReferrerPolicy {
-        self.request
-            .borrow()
-            .referrer_policy
-            .map(|m| m.into())
-            .unwrap_or(ReferrerPolicy::_empty)
+        self.request.borrow().referrer_policy.into()
    }

    // https://fetch.spec.whatwg.org/#dom-request-mode
@ -825,6 +821,7 @@ impl From<ReferrerPolicy> for MsgReferrerPolicy {
 impl From<MsgReferrerPolicy> for ReferrerPolicy {
    fn from(policy: MsgReferrerPolicy) -> Self {
        match policy {
+            MsgReferrerPolicy::EmptyString => ReferrerPolicy::_empty,
            MsgReferrerPolicy::NoReferrer => ReferrerPolicy::No_referrer,
            MsgReferrerPolicy::NoReferrerWhenDowngrade => {
                ReferrerPolicy::No_referrer_when_downgrade
--- a/components/script/dom/servoparser/mod.rs
+++ b/components/script/dom/servoparser/mod.rs
@ -215,7 +215,6 @@ impl ServoParser {
            loader,
            None,
            None,
-            None,
            Default::default(),
            can_gc,
        );
--- a/components/script/dom/servoparser/prefetch.rs
+++ b/components/script/dom/servoparser/prefetch.rs
@ -76,7 +76,7 @@ struct PrefetchSink {
    #[no_trace]
    referrer: Referrer,
    #[no_trace]
-    referrer_policy: Option<ReferrerPolicy>,
+    referrer_policy: ReferrerPolicy,
    #[no_trace]
    resource_threads: ResourceThreads,
    prefetching: Cell<bool>,
@ -203,10 +203,10 @@ impl PrefetchSink {
        ServoUrl::parse_with_base(Some(base), &attr.value).ok()
    }

-    fn get_referrer_policy(&self, tag: &Tag, name: LocalName) -> Option<ReferrerPolicy> {
+    fn get_referrer_policy(&self, tag: &Tag, name: LocalName) -> ReferrerPolicy {
        self.get_attr(tag, name)
-            .and_then(|attr| determine_policy_for_token(&attr.value))
-            .or(self.referrer_policy)
+            .map(|attr| determine_policy_for_token(&attr.value))
+            .unwrap_or(self.referrer_policy)
    }

    fn get_cors_settings(&self, tag: &Tag, name: LocalName) -> Option<CorsSettings> {
--- a/components/script/dom/workerglobalscope.rs
+++ b/components/script/dom/workerglobalscope.rs
@ -277,8 +277,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope {
                .parser_metadata(ParserMetadata::NotParserInserted)
                .use_url_credentials(true)
                .origin(global_scope.origin().immutable().clone())
-                .pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()))
-                .referrer_policy(None);
+                .pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));

            let (url, source) = match fetch::load_whole_resource(
                request,
--- a/components/script/dom/xmldocument.rs
+++ b/components/script/dom/xmldocument.rs
@ -55,7 +55,6 @@ impl XMLDocument {
                doc_loader,
                None,
                None,
-                None,
                Default::default(),
            ),
        }
--- a/components/script/dom/xmlhttprequest.rs
+++ b/components/script/dom/xmlhttprequest.rs
@ -168,7 +168,7 @@ pub struct XMLHttpRequest {
    #[no_trace]
    referrer: Referrer,
    #[no_trace]
-    referrer_policy: Option<ReferrerPolicy>,
+    referrer_policy: ReferrerPolicy,
    canceller: DomRefCell<FetchCanceller>,
 }

@ -1533,7 +1533,6 @@ impl XMLHttpRequest {
            docloader,
            None,
            None,
-            None,
            Default::default(),
            can_gc,
        )
--- a/components/script/script_module.rs
+++ b/components/script/script_module.rs
@ -12,6 +12,7 @@ use std::sync::{Arc, Mutex};
 use std::{mem, ptr};

 use encoding_rs::UTF_8;
+use headers::{HeaderMapExt, ReferrerPolicy as ReferrerPolicyHeader};
 use html5ever::local_name;
 use hyper_serde::Serde;
 use indexmap::IndexSet;
@ -1189,6 +1190,19 @@ impl FetchResponseListener for ModuleContext {
                return Err(NetworkError::Internal("No MIME type".into()));
            }

+            // Step 13.4: Let referrerPolicy be the result of parsing the `Referrer-Policy` header
+            // given response.
+            let referrer_policy = meta
+                .headers
+                .and_then(|headers| headers.typed_get::<ReferrerPolicyHeader>())
+                .into();
+
+            // Step 13.5: If referrerPolicy is not the empty string, set options's referrer policy
+            // to referrerPolicy.
+            if referrer_policy != ReferrerPolicy::EmptyString {
+                self.options.referrer_policy = referrer_policy;
+            }
+
            // Step 10.
            let (source_text, _, _) = UTF_8.decode(&self.data);
            Ok(ScriptOrigin::external(
@ -1364,7 +1378,7 @@ pub struct ScriptFetchOptions {
    #[no_trace]
    pub parser_metadata: ParserMetadata,
    #[no_trace]
-    pub referrer_policy: Option<ReferrerPolicy>,
+    pub referrer_policy: ReferrerPolicy,
 }

 impl ScriptFetchOptions {
@ -1376,7 +1390,7 @@ impl ScriptFetchOptions {
            referrer: global.get_referrer(),
            parser_metadata: ParserMetadata::NotParserInserted,
            credentials_mode: CredentialsMode::CredentialsSameOrigin,
-            referrer_policy: None,
+            referrer_policy: ReferrerPolicy::EmptyString,
        }
    }

@ -1741,6 +1755,7 @@ fn fetch_single_module_script(
        .parser_metadata(options.parser_metadata)
        .integrity_metadata(options.integrity_metadata.clone())
        .credentials_mode(options.credentials_mode)
+        .referrer_policy(options.referrer_policy)
        .mode(mode);

    let context = Arc::new(Mutex::new(ModuleContext {
--- a/components/script/script_thread.rs
+++ b/components/script/script_thread.rs
@ -69,7 +69,7 @@ use net_traits::request::{
 };
 use net_traits::storage_thread::StorageType;
 use net_traits::{
-    FetchMetadata, FetchResponseListener, FetchResponseMsg, Metadata, NetworkError, ReferrerPolicy,
+    FetchMetadata, FetchResponseListener, FetchResponseMsg, Metadata, NetworkError,
    ResourceFetchTiming, ResourceThreads, ResourceTimingType,
 };
 use percent_encoding::percent_decode;
@ -3822,12 +3822,6 @@ impl ScriptThread {
            .as_ref()
            .map(|referrer| referrer.clone().into_string());

-        let referrer_policy = metadata
-            .headers
-            .as_deref()
-            .and_then(|h| h.typed_get::<ReferrerPolicyHeader>())
-            .map(ReferrerPolicy::from);
-
        let document = Document::new(
            &window,
            HasBrowsingContext::Yes,
@ -3840,11 +3834,18 @@ impl ScriptThread {
            DocumentSource::FromParser,
            loader,
            referrer,
-            referrer_policy,
            Some(metadata.status.raw_code()),
            incomplete.canceller,
            can_gc,
        );
+
+        let referrer_policy = metadata
+            .headers
+            .as_deref()
+            .and_then(|h| h.typed_get::<ReferrerPolicyHeader>())
+            .into();
+
+        document.set_referrer_policy(referrer_policy);
        document.set_ready_state(DocumentReadyState::Loading, can_gc);

        self.documents
--- a/components/script/stylesheet_loader.rs
+++ b/components/script/stylesheet_loader.rs
@ -52,9 +52,8 @@ pub trait StylesheetOwner {
    /// trigger a document-load-blocking load).
    fn parser_inserted(&self) -> bool;

-    /// Which referrer policy should loads triggered by this owner follow, or
-    /// `None` for the default.
-    fn referrer_policy(&self) -> Option<ReferrerPolicy>;
+    /// Which referrer policy should loads triggered by this owner follow
+    fn referrer_policy(&self) -> ReferrerPolicy;

    /// Notes that a new load is pending to finish.
    fn increment_pending_loads_count(&self);
@ -335,9 +334,7 @@ impl<'a> StylesheetLoader<'a> {
            .upcast::<Element>()
            .as_stylesheet_owner()
            .expect("Stylesheet not loaded by <style> or <link> element!");
-        let referrer_policy = owner
-            .referrer_policy()
-            .or_else(|| document.get_referrer_policy());
+        let referrer_policy = owner.referrer_policy();
        owner.increment_pending_loads_count();
        if owner.parser_inserted() {
            document.increment_script_blocking_stylesheet_count();
@ -366,7 +363,7 @@ pub(crate) fn stylesheet_fetch_request(
    origin: ImmutableOrigin,
    pipeline_id: PipelineId,
    referrer: Referrer,
-    referrer_policy: Option<ReferrerPolicy>,
+    referrer_policy: ReferrerPolicy,
    integrity_metadata: String,
 ) -> RequestBuilder {
    create_a_potential_cors_request(url, Destination::Style, cors_setting, None, referrer)