mirror of
https://github.com/servo/servo.git
synced 2025-08-03 12:40:06 +01:00
net: Perform CSP checks on fetch responses. (#37154)
Also add clarifying comments to the SRI WPT tests with regards to the `www.` domain and how that interacts with the integrity checks. Lastly, adjust the casing for `Strict-Dynamic`, as in the post-request check that should also be case-insensitive. Closes servo/servo#37200 Closes servo/servo#36760 Fixes servo/servo#36499 Part of w3c/webappsec-csp#727 Fixes w3c/webappsec-csp#728 Part of servo/servo#4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net> Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
parent
ed888e284b
commit
f710e2cab4
18 changed files with 104 additions and 88 deletions
|
@ -43,7 +43,8 @@ use crate::async_runtime::HANDLE;
|
|||
use crate::connector::{CACertificates, TlsConfig, create_tls_config};
|
||||
use crate::cookie::ServoCookie;
|
||||
use crate::fetch::methods::{
|
||||
should_request_be_blocked_by_csp, should_request_be_blocked_due_to_a_bad_port,
|
||||
convert_request_to_csp_request, should_request_be_blocked_by_csp,
|
||||
should_request_be_blocked_due_to_a_bad_port,
|
||||
};
|
||||
use crate::hosts::replace_host;
|
||||
use crate::http_loader::HttpState;
|
||||
|
@ -390,14 +391,18 @@ fn connect(
|
|||
RequestPolicyContainer::PolicyContainer(container) => container.to_owned(),
|
||||
};
|
||||
|
||||
let (check_result, violations) = should_request_be_blocked_by_csp(&request, &policy_container);
|
||||
if let Some(csp_request) = convert_request_to_csp_request(&request) {
|
||||
let (check_result, violations) =
|
||||
should_request_be_blocked_by_csp(&csp_request, &policy_container);
|
||||
|
||||
if !violations.is_empty() {
|
||||
let _ = resource_event_sender.send(WebSocketNetworkEvent::ReportCSPViolations(violations));
|
||||
}
|
||||
if !violations.is_empty() {
|
||||
let _ =
|
||||
resource_event_sender.send(WebSocketNetworkEvent::ReportCSPViolations(violations));
|
||||
}
|
||||
|
||||
if check_result == csp::CheckResult::Blocked {
|
||||
return Err("Blocked by Content-Security-Policy".to_string());
|
||||
if check_result == csp::CheckResult::Blocked {
|
||||
return Err("Blocked by Content-Security-Policy".to_string());
|
||||
}
|
||||
}
|
||||
|
||||
let client = match create_request(
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue