Add simple implementation of content-security-policy on scripts / styles

This needs a lot more hooks before it'll actually be a good
implementation, but for a start it can help get some feedback on if this
is the right way to go about it.

Part of servo/servo#4577
This commit is contained in:
Michael Howell 2019-09-28 19:42:40 +00:00
parent 6d488f1be2
commit b8f3e8bb2e
16 changed files with 175 additions and 41 deletions

View file

@ -38,6 +38,7 @@ use crate::task_source::websocket::WebsocketTaskSource;
use crate::task_source::TaskSourceName;
use crate::timers::{IsInterval, OneshotTimerCallback, OneshotTimerHandle};
use crate::timers::{OneshotTimers, TimerCallback};
use content_security_policy::CspList;
use devtools_traits::{ScriptToDevtoolsControlMsg, WorkerId};
use dom_struct::dom_struct;
use ipc_channel::ipc::IpcSender;
@ -812,6 +813,15 @@ impl GlobalScope {
pub fn get_user_agent(&self) -> Cow<'static, str> {
self.user_agent.clone()
}
/// https://www.w3.org/TR/CSP/#get-csp-of-object
pub fn get_csp_list(&self) -> Option<CspList> {
if let Some(window) = self.downcast::<Window>() {
return window.Document().get_csp_list().map(|c| c.clone());
}
// TODO: Worker and Worklet global scopes.
None
}
}
fn timestamp_in_ms(time: Timespec) -> u64 {