Commit graph

212 commits

Author SHA1 Message Date
Keith Yeung
ed9c16575c Update main fetch 2017-08-08 09:22:29 -07:00
Corey Farwell
23e5bfaf27 Audit usages of unicode case-changing methods. 2017-07-26 23:44:01 +00:00
Fabrice Desré
990b85049e Ignore mime type parameters in nosniff
This patch implements the following changes:
- Only check for the toplevel/sublevel part of the mime type when
  deciding if it's a js or css resource, ignoring the mime parameters.
- Fix the wpt tests that did not escape url parameters properly and
  also used an invalid syntax for the mime parameter.
- Update the wpt manifest.
2017-05-15 14:43:45 +02:00
Anthony Ramine
c0f9fb8f55 Do not return an error for non-GET data: requests (fixes #13293) 2017-04-08 21:47:55 +02:00
Anthony Ramine
16863017a9 Move the HTTP connector in HttpState 2017-04-06 19:35:11 +02:00
Anthony Ramine
e6cc88e5a2 Kill some commented-out code 2017-04-05 15:01:31 +02:00
Anthony Ramine
fb86bfebf4 Introduce HstsList::switch_known_hsts_host_domain_url_to_https 2017-04-05 14:42:59 +02:00
bors-servo
1071c3339f Auto merge of #16126 - ferjm:issue-14520-block-media-csv, r=nox
Block scripts with text/csv, audio/*, video/* and image/* mime types

This patch implements step 12 of the Main Fetch section of the Fetch API standard. It blocks the load of scripts with `text/csv`, `audio/*`, `video/*` and `image/*` mime types.

Credit for the logic of `should_block_mime_type` function should go to the author of #14770.

- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #14520
- [X] There are tests for these changes

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16126)
<!-- Reviewable:end -->
2017-04-05 02:34:27 -05:00
Anthony Ramine
901877da1a Introduce http_loader::set_default_accept 2017-04-04 13:17:18 +02:00
Anthony Ramine
4281205662 Update the steps in fetch_with_cors_cache 2017-04-04 13:17:17 +02:00
Fernando Jiménez Moreno
29a56c4d1a Block scripts with text/csv, audio/*, video/* and image/* mime types 2017-04-03 18:25:15 +02:00
Anthony Ramine
64ba597a3a Move Arc out of HttpState 2017-04-03 14:00:36 +02:00
Anthony Ramine
016fee016b Move the HTTP connector to FetchContext 2017-04-03 12:47:33 +02:00
Anthony Ramine
7b16021a89 Make Response::url_list be a bare Vec<ServoUrl> 2017-04-03 12:47:28 +02:00
Anthony Ramine
28f1f669bc Update steps of main_fetch according to the Fetch spec 2017-04-03 12:39:13 +02:00
Anthony Ramine
cb2eb81208 Remove all internal mutability from Request 2017-04-03 12:39:07 +02:00
Anthony Ramine
f42a63baea Make fetch take a &Request 2017-04-03 12:33:43 +02:00
Anthony Ramine
d022535f9c Make the WebSocket handshake ourselves to ease switching libs
We need to switch to tungstenite to finally update openssl, this commit
rewrites the whole websocket infrastructure to properly follow the Fetch
spec and to make switching to a different websocket library easier.
2017-03-29 19:17:27 +02:00
Anthony Ramine
d64aa9c5bf Simplify should_be_blocked_due_to_nosniff 2017-03-27 14:14:34 +02:00
Anthony Ramine
54d37d920c Remove some useless Option<T> wrappers from ServoUrl methods 2017-03-26 16:15:06 +02:00
Anthony Ramine
0bd54b904b Properly follow the spec in WebSocket::Constructor 2017-03-24 09:43:14 +01:00
Anthony Ramine
fb2c9e7bf5 Introduce fetch::methods::should_be_blocked_due_to_bad_port 2017-03-23 14:48:23 +01:00
Fernando Jiménez Moreno
469eb192c5 Allow for redirects after a CORS-preflight 2017-03-10 16:39:33 +01:00
Sumant Manne
8aac575019 Implemented nosniff for fetch algorithm 2017-03-03 15:50:58 +01:00
mrnayak
a3026499f4 Implement Subresource Integrity
Implemented response validation part of
https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity
metadata, then following steps are performed
*Wait for response body
*If the response does not have a termination reason and response does not
match request’s integrity metadata, set response to a
network error.# Please enter the commit message for your changes. Lines starting
2017-01-08 08:52:18 +05:30
Raghav
6020b4c15c Implement HSTS fetch step
Implemented step nine of the main fetch. If current URL scheme is 'HTTP'
and current URL's host is domain and if current URL's host matched with
Known
HSTS Host Domain Name Matching results in either a superdomain match with
an asserted includeSubDomains directive or a congruent match then we
change request scheme to 'https'. This change has been made in method.rs

A test case to validate this has been added in fetch.rs. For asserting
https scheme, a https localhost was required. For this purpose I have
created a self-signed certificate and refactored fetch-context and
connector.rs to programmatically trust this certificate for running this
test case.
2016-12-29 12:55:31 +05:30
Nick Price
a56a7baa9a Implement port-based blocking 2016-12-21 09:43:39 -05:00
Ms2ger
1e0ab08c42 Stop returning the response from fetch(). 2016-12-15 10:50:15 +01:00
Ms2ger
217f44b67a Make the fetch target non-optional. 2016-12-15 10:49:04 +01:00
Ms2ger
1222db62aa Remove Request::done.
It does not appear to be used at all.
2016-12-09 12:36:46 -10:00
Ms2ger
12aa4694cb Rewrite determine_request_referrer() to explicitly limit it to the checks it can do.
Checks for the Client value should reside in the script thread.

I also noted some other issues in this code.
2016-12-08 12:05:44 -10:00
Ms2ger
3a27fda368 Stop handling a None referrer policy in determine_request_referrer(). 2016-12-08 09:39:41 -10:00
Ms2ger
38db554b5e Move the http-specific fetch code to http_loader. 2016-11-24 14:00:35 +01:00
Ms2ger
675d8f518c Unify ReadResult and Data. 2016-11-24 14:00:34 +01:00
Ms2ger
ffc2e09ea7 Remove unused CancellationListener argument to obtain_response. 2016-11-24 11:46:26 +01:00
Ms2ger
ae1340bf50 Pass the UIProvider to FileManager::handle() as needed. 2016-11-21 10:37:26 +01:00
Emilio Cobos Álvarez
913c874cb5
Urlmageddon: Use refcounted urls more often. 2016-11-17 18:34:23 +01:00
bors-servo
e3f07dfa16 Auto merge of #14156 - frewsxcv:cors-capitalization, r=KiChjang
Update CORS naming from 'CORS' to 'Cors'.

As per:

https://aturon.github.io/style/naming/README.html#general-conventions-[rfc-#430]

Acronyms should be considered one word and not all caps.

<!-- Reviewable:start -->

---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14156)
<!-- Reviewable:end -->
2016-11-10 14:43:36 -06:00
Ms2ger
15b55c3231 Make Response::url private. 2016-11-10 13:18:43 +01:00
Ms2ger
c1e1695f66 Pass the URL to Response::new(). 2016-11-10 13:17:02 +01:00
Corey Farwell
bf8752ac9e Update CORS naming from 'CORS' to 'Cors'.
As per:

https://aturon.github.io/style/naming/README.html#general-conventions-[rfc-#430]

Acronyms should be considered one word and not all caps.
2016-11-09 18:30:30 -05:00
Ms2ger
234b47e33e Pass a borrowed fetch context to fetch().
This will allow inspecting its state after fetching in unit tests.
2016-11-08 18:01:23 +01:00
bors-servo
32a953f0ba Auto merge of #14106 - servo:deindent-http-network-fetch, r=nox
Deindent some of the code in http_network_fetch.

<!-- Reviewable:start -->
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14106)
<!-- Reviewable:end -->
2016-11-08 00:03:24 -06:00
bors-servo
4a7ea72429 Auto merge of #14114 - servo:fetch-unit-http, r=jdm
Start using fetch for the HTTP unit tests.

<!-- Reviewable:start -->
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14114)
<!-- Reviewable:end -->
2016-11-07 22:04:27 -06:00
Ms2ger
d777016b3a Use set_default_accept_language in fetch_with_cors_cache. 2016-11-07 19:42:16 +01:00
Ms2ger
14bd876400 Stop creating an unused Response in the error case. 2016-11-07 09:47:27 +01:00
Ms2ger
40c6b21fd7 Deindent some of the code in http_network_fetch. 2016-11-07 09:47:26 +01:00
Ms2ger
621d018dbd Stop unnecessarily wrapping the response argument to http_redirect_fetch in Rc. 2016-11-07 09:37:21 +01:00
Ms2ger
277c6d0154 Move ReferrerPolicy to net_traits. 2016-11-04 10:43:37 +01:00
Ms2ger
479cf1ef23 Stop panicking when trying to load ftp URLs. 2016-11-02 16:15:26 +01:00