Set correct policy-container for worker construction (#36603)

This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-04-21 14:47:06 +02:00 committed by GitHub
parent d724c8e9e3
commit 9a14ad8535
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 67 additions and 136 deletions

View file

@ -12,6 +12,7 @@ use std::time::Duration;
use base::cross_process_instant::CrossProcessInstant;
use base::id::{PipelineId, PipelineNamespace};
use constellation_traits::WorkerGlobalScopeInit;
use content_security_policy::CspList;
use crossbeam_channel::Receiver;
use devtools_traits::{DevtoolScriptControlMsg, WorkerId};
use dom_struct::dom_struct;
@ -246,6 +247,10 @@ impl WorkerGlobalScope {
self.policy_container.borrow()
}
pub(crate) fn set_csp_list(&self, csp_list: Option<CspList>) {
self.policy_container.borrow_mut().set_csp_list(csp_list);
}
/// Get a mutable reference to the [`TimerScheduler`] for this [`ServiceWorkerGlobalScope`].
pub(crate) fn timer_scheduler(&self) -> RefMut<TimerScheduler> {
self.timer_scheduler.borrow_mut()
@ -300,6 +305,7 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
.use_url_credentials(true)
.origin(global_scope.origin().immutable().clone())
.insecure_requests_policy(self.insecure_requests_policy())
.policy_container(global_scope.policy_container())
.has_trustworthy_ancestor_origin(
global_scope.has_trustworthy_ancestor_or_current_origin(),
)