mirror of
https://github.com/servo/servo.git
synced 2025-08-05 21:50:18 +01:00
Auto merge of #26546 - splav:tls-protected-checks, r=jdm
check http_state in determine_request_referrer <!-- Please describe your changes on the following line: --> Check https status inside determine_request_referrer. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #14506 (GitHub issue number if applicable) <!-- Either: --> - [ ] There are tests for these changes OR - [ ] These changes do not require tests because ___ <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
This commit is contained in:
commit
e17b53eba5
15 changed files with 138 additions and 67 deletions
|
@ -306,6 +306,7 @@ impl DedicatedWorkerGlobalScope {
|
|||
let current_global = GlobalScope::current().expect("No current global object");
|
||||
let origin = current_global.origin().immutable().clone();
|
||||
let parent = current_global.runtime_handle();
|
||||
let current_global_https_state = current_global.get_https_state();
|
||||
|
||||
thread::Builder::new()
|
||||
.name(name)
|
||||
|
@ -375,6 +376,8 @@ impl DedicatedWorkerGlobalScope {
|
|||
let scope = global.upcast::<WorkerGlobalScope>();
|
||||
let global_scope = global.upcast::<GlobalScope>();
|
||||
|
||||
global_scope.set_https_state(current_global_https_state);
|
||||
|
||||
let (metadata, bytes) = match load_whole_resource(
|
||||
request,
|
||||
&global_scope.resource_threads().sender(),
|
||||
|
@ -395,6 +398,7 @@ impl DedicatedWorkerGlobalScope {
|
|||
Ok((metadata, bytes)) => (metadata, bytes),
|
||||
};
|
||||
scope.set_url(metadata.final_url);
|
||||
global_scope.set_https_state(metadata.https_state);
|
||||
let source = String::from_utf8_lossy(&bytes);
|
||||
|
||||
unsafe {
|
||||
|
|
|
@ -1887,6 +1887,7 @@ impl Document {
|
|||
fetch_target: IpcSender<FetchResponseMsg>,
|
||||
) {
|
||||
request.csp_list = self.get_csp_list().map(|x| x.clone());
|
||||
request.https_state = self.https_state.get();
|
||||
let mut loader = self.loader.borrow_mut();
|
||||
loader.fetch_async(load, request, fetch_target);
|
||||
}
|
||||
|
|
|
@ -87,6 +87,7 @@ use net_traits::filemanager_thread::{
|
|||
FileManagerResult, FileManagerThreadMsg, ReadFileProgress, RelativePos,
|
||||
};
|
||||
use net_traits::image_cache::ImageCache;
|
||||
use net_traits::response::HttpsState;
|
||||
use net_traits::{CoreResourceMsg, CoreResourceThread, IpcSend, ResourceThreads};
|
||||
use parking_lot::Mutex;
|
||||
use profile_traits::{ipc as profile_ipc, mem as profile_mem, time as profile_time};
|
||||
|
@ -238,6 +239,9 @@ pub struct GlobalScope {
|
|||
// https://w3c.github.io/performance-timeline/#supportedentrytypes-attribute
|
||||
#[ignore_malloc_size_of = "mozjs"]
|
||||
frozen_supported_performance_entry_types: DomRefCell<Option<Heap<JSVal>>>,
|
||||
|
||||
/// currect https state (from previous request)
|
||||
https_state: Cell<HttpsState>,
|
||||
}
|
||||
|
||||
/// A wrapper for glue-code between the ipc router and the event-loop.
|
||||
|
@ -588,6 +592,7 @@ impl GlobalScope {
|
|||
user_agent,
|
||||
gpu_id_hub,
|
||||
frozen_supported_performance_entry_types: DomRefCell::new(Default::default()),
|
||||
https_state: Cell::new(HttpsState::None),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2503,6 +2508,14 @@ impl GlobalScope {
|
|||
self.user_agent.clone()
|
||||
}
|
||||
|
||||
pub fn get_https_state(&self) -> HttpsState {
|
||||
self.https_state.get()
|
||||
}
|
||||
|
||||
pub fn set_https_state(&self, https_state: HttpsState) {
|
||||
self.https_state.set(https_state);
|
||||
}
|
||||
|
||||
/// https://www.w3.org/TR/CSP/#get-csp-of-object
|
||||
pub fn get_csp_list(&self) -> Option<CspList> {
|
||||
if let Some(window) = self.downcast::<Window>() {
|
||||
|
|
|
@ -507,8 +507,9 @@ impl Request {
|
|||
|
||||
fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequest {
|
||||
let origin = Origin::Origin(global.get_url().origin());
|
||||
let https_state = global.get_https_state();
|
||||
let pipeline_id = global.pipeline_id();
|
||||
NetTraitsRequest::new(url, Some(origin), Some(pipeline_id))
|
||||
NetTraitsRequest::new(url, Some(origin), Some(pipeline_id), https_state)
|
||||
}
|
||||
|
||||
// https://fetch.spec.whatwg.org/#concept-method-normalize
|
||||
|
|
|
@ -72,23 +72,4 @@ impl UrlHelper {
|
|||
pub fn SetUsername(url: &mut ServoUrl, value: USVString) {
|
||||
let _ = quirks::set_username(url.as_mut_url(), &value.0);
|
||||
}
|
||||
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
||||
pub fn is_origin_trustworthy(url: &ServoUrl) -> bool {
|
||||
// Step 1
|
||||
if !url.origin().is_tuple() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Step 3
|
||||
if url.scheme() == "https" || url.scheme() == "wss" {
|
||||
true
|
||||
// Step 4
|
||||
} else if url.host().is_some() {
|
||||
let host = url.host_str().unwrap();
|
||||
host == "127.0.0.0/8" || host == "::1/128"
|
||||
// Step 6
|
||||
} else {
|
||||
url.scheme() == "file"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -128,6 +128,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder {
|
|||
parser_metadata: request.parser_metadata,
|
||||
initiator: request.initiator,
|
||||
csp_list: None,
|
||||
https_state: request.https_state,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -315,6 +316,7 @@ pub fn load_whole_resource(
|
|||
core_resource_thread: &CoreResourceThread,
|
||||
global: &GlobalScope,
|
||||
) -> Result<(Metadata, Vec<u8>), NetworkError> {
|
||||
let request = request.https_state(global.get_https_state());
|
||||
let (action_sender, action_receiver) = ipc::channel().unwrap();
|
||||
let url = request.url.clone();
|
||||
core_resource_thread
|
||||
|
|
|
@ -16,7 +16,6 @@ use crate::dom::bindings::root::Dom;
|
|||
use crate::dom::client::Client;
|
||||
use crate::dom::promise::Promise;
|
||||
use crate::dom::serviceworkerregistration::ServiceWorkerRegistration;
|
||||
use crate::dom::urlhelper::UrlHelper;
|
||||
use crate::script_thread::ScriptThread;
|
||||
use crate::task_source::dom_manipulation::DOMManipulationTaskSource;
|
||||
use crate::task_source::TaskSource;
|
||||
|
@ -162,7 +161,7 @@ impl JobQueue {
|
|||
let global = &*job.client.global();
|
||||
let pipeline_id = global.pipeline_id();
|
||||
// Step 1-3
|
||||
if !UrlHelper::is_origin_trustworthy(&job.script_url) {
|
||||
if !job.script_url.is_origin_trustworthy() {
|
||||
// Step 1.1
|
||||
reject_job_promise(
|
||||
job,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue