These changes allow a minimal set of checks for font-src
CSP checks to pass.
Part of #4577
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Rework the `WebViewDelegate::intercept_web_resource_load` into
`WebViewDelegate::load_web_resource` and clean up internal messaging.
The main thing here is adding objects which manage the response to these
delegate methods. Now we have `WebResourceLoad` and
`InterceptedWebResourceLoad` which make it much harder to misuse the
API.
In addition, the internal messaging for this is cleaned up. Canceling
and finishing the load are unrelated to the HTTP body so they are no
longer subtypes of an HttpBodyData message. Processing of messages is
made a bit more efficient by collecting all body chunks in a vector and
only flattening the chunks at the end.
Finally, "interceptor" is a much more common spelling than "intercepter"
so I've gone ahead and made this change everywhere.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This change replaces OpenSSL with rustls and also the manually curated
CA certs file with webpki-roots (effectively the same thing, but as a
crate).
Generally speaking the design of the network stack is the same. Changes:
- Code around certificate overrides needed to be refactored to work with
rustls so the various thread-safe list of certificates is refactored
into `CertificateErrorOverrideManager`
- hyper-rustls takes care of setting ALPN protocols for HTTP requests,
so for WebSockets this is moved to the WebSocket code.
- The safe set of cypher suites is chosen, which seem to correspond to
the "Modern" configuration from [1]. This can be adjusted later.
- Instead of passing a string of PEM CA certificates around, an enum is
used that includes parsed Certificates (or the default which reads
them from webpki-roots).
- Code for starting up an SSL server for testing is cleaned up a little,
due to the fact that the certificates need to be overriden explicitly
now. This is due to the fact that the `webpki` crate is more stringent
with self-signed certificates than SSL (CA certificates cannot used as
end-entity certificates). [2]
1. https://wiki.mozilla.org/Security/Server_Side_TLS
2. https://github.com/briansmith/webpki/issues/114Fixes#7888.
Fixes#13749.
Fixes#26835.
Fixes#29291.
This is based on compiling with `RUSTFLAGS="-W unused_crate_dependencies"` (CC https://github.com/rust-lang/rust/pull/72342) in a recent Nightly (more so than used in the tree as of this writing, CC https://github.com/servo/servo/issues/26661 for work-arounds).
Only one crate is actually removed from the dependency graph, others are still dependended from other places.
Made the memory cache data structure derive MallocSizeOf, along with
manual size_of() implementations in malloc_size_of.
Added a Measurable struct that acts as a container for fields size_of() can be called for.
Added a new IpcReceiver used for listening to messages from the memory profiler,
and used run_with_memory reporting to register a memory reporter in the thread.
Now when a message from the memory profiler arrives, report includes sizes of public and private http caches.
Updated test file.
This removes 3927 lines of Rust code in 6 crates from the dependency graph:
parse-hosts, multistr, bow, extra-default, len-trait, and push-trait.
One of these crates doesn’t build in today’s Nightly:
https://github.com/rust-lang/rust/issues/46328
Doom cache entries based on the initial response, and prevent matching against doomed cache enties.
Evict cache entries that have passed their expiry date instead of matching them.
Document the cache. Refactor incomplete entries to lessen Option-itis.
Revalidate expired cache entries instead of unconditionally evicting them.
Forbid missing docs in cache code.
Revalidate must-revalidate entries.
Fetch content tests from a local HTTP server.
Track requests made to the test HTTP server.
Add a simple test that a cached resource with no expiry is not revalidated. Correct inverted expiry check in revalidation code.
Fix incorrect revalidation logic that dropped the consumer channels on the floor.
Ensure that requests are cached based on their request headers.
Run a separate http server instance for each test to avoid intermittent failures due to concurrent cache tests.
Add a test for uncacheable responses.
Address review comments.
