Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-22 23:03:42 +01:00
Code Issues Projects Releases Packages Wiki Activity

Set cryptographic nonce metadata for module script fetch operations (#36776)

Browse source 
This fixes a bunch of CSP errors on reddit.com

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This commit is contained in:
Simon Wülker 2025-04-30 22:53:24 +02:00 committed by GitHub
parent 53107ec157
commit d8c2a7eaf1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 4 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

5
components/script/script_module.rs
View file

@ -1369,7 +1369,7 @@ pub(crate) unsafe extern "C" fn host_import_module_dynamically(
true
}
#[derive(Clone, JSTraceable, MallocSizeOf)]
#[derive(Clone, Debug, JSTraceable, MallocSizeOf)]
/// <https://html.spec.whatwg.org/multipage/#script-fetch-options>
pub(crate) struct ScriptFetchOptions {
#[no_trace]
@ -1763,7 +1763,8 @@ fn fetch_single_module_script(
.mode(mode)
.insecure_requests_policy(global.insecure_requests_policy())
.has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_origin())
.policy_container(global.policy_container().to_owned());
.policy_container(global.policy_container().to_owned())
.cryptographic_nonce_metadata(options.cryptographic_nonce.clone());
let context = Arc::new(Mutex::new(ModuleContext {
owner,