Set cryptographic nonce metadata for module script fetch operations (#36776)

This fixes a bunch of CSP errors on reddit.com

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This commit is contained in:
Simon Wülker 2025-04-30 22:53:24 +02:00 committed by GitHub
parent 53107ec157
commit d8c2a7eaf1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 4 additions and 83 deletions

View file

@ -1369,7 +1369,7 @@ pub(crate) unsafe extern "C" fn host_import_module_dynamically(
true
}
#[derive(Clone, JSTraceable, MallocSizeOf)]
#[derive(Clone, Debug, JSTraceable, MallocSizeOf)]
/// <https://html.spec.whatwg.org/multipage/#script-fetch-options>
pub(crate) struct ScriptFetchOptions {
#[no_trace]
@ -1763,7 +1763,8 @@ fn fetch_single_module_script(
.mode(mode)
.insecure_requests_policy(global.insecure_requests_policy())
.has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_origin())
.policy_container(global.policy_container().to_owned());
.policy_container(global.policy_container().to_owned())
.cryptographic_nonce_metadata(options.cryptographic_nonce.clone());
let context = Arc::new(Mutex::new(ModuleContext {
owner,

View file

@ -1,9 +0,0 @@
[code-cache-nonce.html]
[First dynamic import should use nonce=abc]
expected: FAIL
[Second dynamic import should use nonce=def]
expected: FAIL
[Third dynamic import should use nonce=ghi]
expected: FAIL

View file

@ -1,3 +0,0 @@
[propagate-nonce-external-classic.html]
[Dynamically imported module should eval when imported from script w/ a valid nonce.]
expected: FAIL

View file

@ -1,2 +0,0 @@
[propagate-nonce-external-module.html]
expected: TIMEOUT

View file

@ -1,3 +0,0 @@
[propagate-nonce-inline-classic.html]
[Dynamically imported module should eval when imported from script w/ a valid nonce.]
expected: FAIL

View file

@ -1,3 +0,0 @@
[propagate-nonce-inline-module.html]
[Dynamically imported module should eval when imported from script w/ a valid nonce.]
expected: FAIL

View file

@ -1,18 +1,3 @@
[string-compilation-nonce-classic.html]
[reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
expected: PASS
[inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
expected: PASS
[setTimeout must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[direct eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[indirect eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[the Function constructor must inherit the nonce from the triggering script, thus execute]
expected: FAIL

View file

@ -1,18 +1,3 @@
[string-compilation-nonce-module.html]
[reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
expected: PASS
[inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
expected: PASS
[direct eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[indirect eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[the Function constructor must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[setTimeout must inherit the nonce from the triggering script, thus execute]
expected: FAIL
expected: FAIL

View file

@ -1,30 +0,0 @@
[v8-code-cache.html]
[text/javascript: Run #1]
expected: FAIL
[text/javascript: Run #2]
expected: FAIL
[text/javascript: Run #3]
expected: FAIL
[text/javascript: Run #4]
expected: FAIL
[text/javascript: Run #5]
expected: FAIL
[module: Run #1]
expected: FAIL
[module: Run #2]
expected: FAIL
[module: Run #3]
expected: FAIL
[module: Run #4]
expected: FAIL
[module: Run #5]
expected: FAIL