mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Network Security : Implement StrictOrigin and StrictOriginWhenCrossOrigin
Referer policy strict-origin and strict-origin-when-cross-origin changes have been implemented. Relevant unit test cases have been added. Enum for RefererPolicy has been added to hyper codebase and v 0.9.11 of hyper contains these changes. This commit also contains changes related to upgrade of hyper from v0.9.10 to v0.9.11. Other dependencies changed are rayon, utils, num_cpus.
This commit is contained in:
parent
05f4512433
commit
c24aa56377
14 changed files with 246 additions and 55 deletions
|
@ -437,6 +437,27 @@ fn no_referrer_when_downgrade_header(referrer_url: Url, url: Url) -> Option<Url>
|
|||
return strip_url(referrer_url, false);
|
||||
}
|
||||
|
||||
/// https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin
|
||||
fn strict_origin(referrer_url: Url, url: Url) -> Option<Url> {
|
||||
if referrer_url.scheme() == "https" && url.scheme() != "https" {
|
||||
return None;
|
||||
}
|
||||
return strip_url(referrer_url, true);
|
||||
}
|
||||
|
||||
/// https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin
|
||||
fn strict_origin_when_cross_origin(referrer_url: Url, url: Url) -> Option<Url> {
|
||||
let cross_origin = referrer_url.origin() != url.origin();
|
||||
if referrer_url.scheme() == "https" && url.scheme() != "https" {
|
||||
return None;
|
||||
} else {
|
||||
if cross_origin {
|
||||
return strip_url(referrer_url, true);
|
||||
}
|
||||
return strip_url(referrer_url, false);
|
||||
}
|
||||
}
|
||||
|
||||
/// https://w3c.github.io/webappsec-referrer-policy/#strip-url
|
||||
fn strip_url(mut referrer_url: Url, origin_only: bool) -> Option<Url> {
|
||||
if referrer_url.scheme() == "https" || referrer_url.scheme() == "http" {
|
||||
|
@ -467,6 +488,8 @@ pub fn determine_request_referrer(headers: &mut Headers,
|
|||
Some(ReferrerPolicy::SameOrigin) => if cross_origin { None } else { strip_url(ref_url, false) },
|
||||
Some(ReferrerPolicy::UnsafeUrl) => strip_url(ref_url, false),
|
||||
Some(ReferrerPolicy::OriginWhenCrossOrigin) => strip_url(ref_url, cross_origin),
|
||||
Some(ReferrerPolicy::StrictOrigin) => strict_origin(ref_url, url),
|
||||
Some(ReferrerPolicy::StrictOriginWhenCrossOrigin) => strict_origin_when_cross_origin(ref_url, url),
|
||||
Some(ReferrerPolicy::NoReferrerWhenDowngrade) | None =>
|
||||
no_referrer_when_downgrade_header(ref_url, url),
|
||||
};
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue