This changes includes two semi-related things:
1. Fixes some specification compliance issues when parsing mime
types and charsets for `XMLHttpRequest`.
2. Implements a `<stylesheet>` parsing quirk involving mime types.
Testing: There are tests for these changes.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
When slicing a blob that is already sliced we should reference it's
parent's data instead of creating a subview into the sliced blob. This
keeps the blob ancestry chain small and reduces the number of blobs that
we have to resolve.
Testing: Includes a new crashtest
Fixes: https://github.com/servo/servo/issues/36843
[try
run](1484487366)
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
- Remove `EmbedderMethods::get_user_agent_string`. This is now part of
the `Preferences` data structure, which should allow it to be
per-`WebView` in the future.
- Remove `EmbedderMethods::get_version_string`. This was used to include
some data along with WebRender captures about the Servo version. This
isn't really necessary and it was done to replace code in the past
that output the WebRender version, so also isn't what the original
code did. I think we can just remove this entirely.
The idea with these changes is that `EmbedderMethods` can be removed
in a followup and the rest of the methods can be added to
`ServoDelegate`. These two methods are ones that cannot be added to a
delegate as they are used during `Servo` initialization.
Testing: There is currently no testing for libservo. These changes are
meant
as preparation for adding a suite of `WebView` unit tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Add doc comments to RequestBuilder fields/methods
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Request::cryptographic_nonce_metadata
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement HTMLOrSVGElement::nonce
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request cryptographic nonce metadata for link elements
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request's cryptographic nonce when fetching scripts
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Forward request nonce to rust-content-security-policy
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This patch exposes a servo internal DOM API that is only made available to about:
pages on the navigator object to request memory reports. The about:memory page itself is
loaded like other html resources (eg. bad cert, net error) and makes use of this new API.
On the implementation side, notable changes:
- components/script/routed_promise.rs abstracts the setup used to fulfill a promise when the
work needs to be routed through the constellation. The goal is to migrate other similar
promise APIs in followup (eg. dom/webgpu/gpu.rs, bluetooth.rs).
- a new message is added to request a report from the memory reporter, and the memory reporter
creates a json representation of the set of memory reports.
- the post-processing of memory reports is done in Javascript in the about-memory.html page,
providing the same results as the current Rust code that outputs to stdout. We can decide
later if we want to remove the current output.
Signed-off-by: webbeef <me@webbeef.org>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Rework the `WebViewDelegate::intercept_web_resource_load` into
`WebViewDelegate::load_web_resource` and clean up internal messaging.
The main thing here is adding objects which manage the response to these
delegate methods. Now we have `WebResourceLoad` and
`InterceptedWebResourceLoad` which make it much harder to misuse the
API.
In addition, the internal messaging for this is cleaned up. Canceling
and finishing the load are unrelated to the HTTP body so they are no
longer subtypes of an HttpBodyData message. Processing of messages is
made a bit more efficient by collecting all body chunks in a vector and
only flattening the chunks at the end.
Finally, "interceptor" is a much more common spelling than "intercepter"
so I've gone ahead and made this change everywhere.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Blocking a fetch due to a bad port should be grouped together
with CSP blocks as per the spec, but these steps were previously
seperated.
Additionally, remove handling of ftp in
should_request_be_blocked_due_to_a_bad_port, since it did nothing
anyways.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
`EmbedderMsg` was previously paired with an implicit
`Option<WebViewId>`, even though almost all variants were either always
`Some` or always `None`, depending on whether there was a `WebView
involved.
This patch adds the `WebViewId` to as many `EmbedderMsg` variants as
possible, so we can call their associated `WebView` delegate methods
without needing to check and unwrap the `Option`. In many cases, this
required more changes to plumb through the `WebViewId`.
Notably, all `Request`s now explicitly need a `WebView` or not, in order
to ensure that it is passed when appropriate.
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Instead of creating an IPC channel for every fetch, allow cancelling
fetches based on the `RequestId` of the original request. This requires
that `RequestId`s be UUIDs so that they are unique between processes
that might communicating with the resource process.
In addition, the resource process loop now keeps a `HashMap` or `Weak`
handles to cancellers and cleans them up.
This allows for creating mutiple `FetchCanceller`s in `script` for a
single fetch request, allowing integration of the media and video
elements to integrate with the `Document` canceller list -- meaning
these fetches also get cancelled when the `Document` unloads.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This allows reusing the asynchrnous fetch mechanism that we use for page
resources and is likely a step toward removing the `FetchThread`.
Benefits:
- Reduces IPC traffic during navigation. Now instead of bouncing
between the constellation and the `ScriptThread` responses are sent
directly to the `ScriptThread`.
- Allows cancelling loads after redirects, which was not possible
before.
There is the question of what to do when a redirect is cross-origin
(#23037). This currently isn't handled properly as the `Constellation`
sends data to the same `Pipeline` that initiated the load. This change
doesn't fix this issue, but does make it more possible for the
`ScriptThread` to shut down the pipeline and ask the `Constellation` to
replace it with a new one.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Remove the referrer policy from document and rely on its policy container
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Make ReferrerPolicy non-optional, instead using a new enum value to represent the empty string case
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Fix clippy issue
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Fix usage of Option<ReferrerPolicy> in unit test
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
---------
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Implement PolicyContainer
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* implement small parts of fetch that interact with policy container
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* fix: allow policy container's csp list to be unset
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* fix: use the correct default policy when parsing from a token
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
---------
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
Instead of creating a `ROUTER` for each fetch, create a fetch thread
which handles all incoming and outcoming fetch requests. Now messages
involving fetches carry a "request id" which indicates which fetch is
being addressed by the message. This greatly reduces the number of file
descriptors used by fetch.
In addition, the interface for kicking off fetches is simplified when
using the `Listener` with `Document`s and the `GlobalScope`.
This does not fix all leaked file descriptors / mach ports, but greatly
eliminates the number used. Now tests can be run without limiting
procesess on modern macOS systems.
Followup work:
1. There are more instances where fetch is done using the old method.
Some of these require more changes in order to be converted to the
`FetchThread` approach.
2. Eliminate usage of IPC channels when doing redirects.
3. Also eliminate the IPC channel used for cancel handling.
4. This change opens up the possiblity of controlling the priority of
fetch requests.
Fixes#29834.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Implement sec-fetch-dest header
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement "is same site" algorithm
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement remaining sec-fetch-* headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix casing of header names
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix handling Destination::None in sec-fetch-dest
This also removes the comment about wanting to upgrade
to a newer content-security-protocol version because
the csp doesn't implement the "empty" case.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove colon from spec comment
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Adjust expected default headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix test expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This adds a 'is_fetchable()' method on the ProtocolHandler trait that is then used in the fetch code.
The 'data:' protocol handler is updated to return true instead of hardcoding the scheme comparison, as well
as the 'urlinfo:' handler since it's just a testing one.
Signed-off-by: webbeef <me@webbeef.org>
* Properly store link relations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Send fetch request for prefetch links
We don't actually *do* anything with the response yet
(handle errors etc) but its a first step.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fire load/error events for prefetch loads
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set prefetch destination/cors setting correctly
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ./mach test-tidy errors
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set correct "Accept" value for prefetch requests
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add spec text to individual steps
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* clippy: fix `result_unit_err` warnings
* feat: fix result warnings in script
* doc: document `generate_key` return type
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
* feat: add back result to RangeRequestBounds::get_final
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
* Fix clippy warnings in components/shared
* Fix build error
* Fixes in order to solve some merge issues
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
