Auto merge of #26546 - splav:tls-protected-checks, r=jdm

check http_state in determine_request_referrer

<!-- Please describe your changes on the following line: -->
Check https status inside determine_request_referrer.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #14506 (GitHub issue number if applicable)

<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
This commit is contained in:
bors-servo 2020-05-19 18:03:35 -04:00 committed by GitHub
commit e17b53eba5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 138 additions and 67 deletions

View file

@ -306,6 +306,7 @@ impl DedicatedWorkerGlobalScope {
let current_global = GlobalScope::current().expect("No current global object");
let origin = current_global.origin().immutable().clone();
let parent = current_global.runtime_handle();
let current_global_https_state = current_global.get_https_state();
thread::Builder::new()
.name(name)
@ -375,6 +376,8 @@ impl DedicatedWorkerGlobalScope {
let scope = global.upcast::<WorkerGlobalScope>();
let global_scope = global.upcast::<GlobalScope>();
global_scope.set_https_state(current_global_https_state);
let (metadata, bytes) = match load_whole_resource(
request,
&global_scope.resource_threads().sender(),
@ -395,6 +398,7 @@ impl DedicatedWorkerGlobalScope {
Ok((metadata, bytes)) => (metadata, bytes),
};
scope.set_url(metadata.final_url);
global_scope.set_https_state(metadata.https_state);
let source = String::from_utf8_lossy(&bytes);
unsafe {

View file

@ -1887,6 +1887,7 @@ impl Document {
fetch_target: IpcSender<FetchResponseMsg>,
) {
request.csp_list = self.get_csp_list().map(|x| x.clone());
request.https_state = self.https_state.get();
let mut loader = self.loader.borrow_mut();
loader.fetch_async(load, request, fetch_target);
}

View file

@ -87,6 +87,7 @@ use net_traits::filemanager_thread::{
FileManagerResult, FileManagerThreadMsg, ReadFileProgress, RelativePos,
};
use net_traits::image_cache::ImageCache;
use net_traits::response::HttpsState;
use net_traits::{CoreResourceMsg, CoreResourceThread, IpcSend, ResourceThreads};
use parking_lot::Mutex;
use profile_traits::{ipc as profile_ipc, mem as profile_mem, time as profile_time};
@ -238,6 +239,9 @@ pub struct GlobalScope {
// https://w3c.github.io/performance-timeline/#supportedentrytypes-attribute
#[ignore_malloc_size_of = "mozjs"]
frozen_supported_performance_entry_types: DomRefCell<Option<Heap<JSVal>>>,
/// currect https state (from previous request)
https_state: Cell<HttpsState>,
}
/// A wrapper for glue-code between the ipc router and the event-loop.
@ -588,6 +592,7 @@ impl GlobalScope {
user_agent,
gpu_id_hub,
frozen_supported_performance_entry_types: DomRefCell::new(Default::default()),
https_state: Cell::new(HttpsState::None),
}
}
@ -2503,6 +2508,14 @@ impl GlobalScope {
self.user_agent.clone()
}
pub fn get_https_state(&self) -> HttpsState {
self.https_state.get()
}
pub fn set_https_state(&self, https_state: HttpsState) {
self.https_state.set(https_state);
}
/// https://www.w3.org/TR/CSP/#get-csp-of-object
pub fn get_csp_list(&self) -> Option<CspList> {
if let Some(window) = self.downcast::<Window>() {

View file

@ -507,8 +507,9 @@ impl Request {
fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequest {
let origin = Origin::Origin(global.get_url().origin());
let https_state = global.get_https_state();
let pipeline_id = global.pipeline_id();
NetTraitsRequest::new(url, Some(origin), Some(pipeline_id))
NetTraitsRequest::new(url, Some(origin), Some(pipeline_id), https_state)
}
// https://fetch.spec.whatwg.org/#concept-method-normalize

View file

@ -72,23 +72,4 @@ impl UrlHelper {
pub fn SetUsername(url: &mut ServoUrl, value: USVString) {
let _ = quirks::set_username(url.as_mut_url(), &value.0);
}
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
pub fn is_origin_trustworthy(url: &ServoUrl) -> bool {
// Step 1
if !url.origin().is_tuple() {
return false;
}
// Step 3
if url.scheme() == "https" || url.scheme() == "wss" {
true
// Step 4
} else if url.host().is_some() {
let host = url.host_str().unwrap();
host == "127.0.0.0/8" || host == "::1/128"
// Step 6
} else {
url.scheme() == "file"
}
}
}