A recent refactoring (#33531) made a change that resulted in the
`Origin` header including the port even when the default port for a
scheme was used. This made the serialization different from that used
for `rust-url`'s `Origin::ascii_serialization()`, breaking CORS on some
sites. This change makes it so that the serialization is consistent
again.
This change also fixes the visiblity on a few methods in
`http_loader.rs` since visibility needs to be adjusted for testing
anyway.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Use ROUTER::add_typed_route where possible
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update webxr, media and ipc-channel
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Instead of creating a `ROUTER` for each fetch, create a fetch thread
which handles all incoming and outcoming fetch requests. Now messages
involving fetches carry a "request id" which indicates which fetch is
being addressed by the message. This greatly reduces the number of file
descriptors used by fetch.
In addition, the interface for kicking off fetches is simplified when
using the `Listener` with `Document`s and the `GlobalScope`.
This does not fix all leaked file descriptors / mach ports, but greatly
eliminates the number used. Now tests can be run without limiting
procesess on modern macOS systems.
Followup work:
1. There are more instances where fetch is done using the old method.
Some of these require more changes in order to be converted to the
`FetchThread` approach.
2. Eliminate usage of IPC channels when doing redirects.
3. Also eliminate the IPC channel used for cancel handling.
4. This change opens up the possiblity of controlling the priority of
fetch requests.
Fixes#29834.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Implement sec-fetch-dest header
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement "is same site" algorithm
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement remaining sec-fetch-* headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix casing of header names
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix handling Destination::None in sec-fetch-dest
This also removes the comment about wanting to upgrade
to a newer content-security-protocol version because
the csp doesn't implement the "empty" case.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove colon from spec comment
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Adjust expected default headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix test expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Make checking for cookie prefixes case-insensitive
Cookie-Prefixes like "__Host-" and "__Secure-" are case insensitive
as per https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#name-storage-model.
This is tested by many WPT tests in cookies/prefix, for example
* cookies/prefix/__host.document-cookie.html
* cookies/prefix/__host.document-cookie.https.html
Since the implementation and the specification had diverged quite
significantly i also updated/added spec comments where appropriate
and slightly restructured code so its easier to follow. However,
the only change in behaviour is the prefix check described above.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove unused import
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix cookie test cases
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ignore cookie with __Host prefix and no specified path attribute
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix another cookie test case
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This removes the last few uses of `time@0.1` in Servo. There are still
dependencies from `style` and `webrender`, but they will be removed soon
as well. The uses of this version of `time` are replaced with
`std::time` types and `time@0.3` when negative `Duration` is necessary.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This changes updates to the new version of the `cookie` crate in Servo
which no longer uses the old `time@0.1` data types. This requires using
a new version of `time` while we transition off of the old one. This is
the first step in that process.
In addition, the overloading of the `cookie::Cookie` name was causing a
great deal of confusion, so I've renamed the Servo wrapper to
`ServoCookie` like we do with `ServoUrl`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
For a long time, `gfx_traits` has held a lot of things unrelated to graphics
and also unrelated to the `gfx` crate (which is mostly about fonts).
This is a cleanup which does a few things:
1. Move non `gfx` crate things out of `gfx_traits`. This is important in
order to prevent dependency cycles with a different integration between
layout, script, and fonts.
2. Rename the `msg` crate to `base`. It didn't really contain anything
to do with messages and instead mostly holds ids, which are used
across many different crates in Servo. This new crate will hold the
*rare* data types that are widely used.
Details:
- All BackgroundHangMonitor-related things from base to a new
`background_hang_monitor_api` crate.
- Moved `TraversalDirection` to `script_traits`
- Moved `Epoch`-related things from `gfx_traits` to `base`.
- Moved `PrintTree` to base. This should be widely useful in Servo.
- Moved `WebrenderApi` from `base` to `webrender_traits` and renamed it
to `WebRenderFontApi`.
This change replaces OpenSSL with rustls and also the manually curated
CA certs file with webpki-roots (effectively the same thing, but as a
crate).
Generally speaking the design of the network stack is the same. Changes:
- Code around certificate overrides needed to be refactored to work with
rustls so the various thread-safe list of certificates is refactored
into `CertificateErrorOverrideManager`
- hyper-rustls takes care of setting ALPN protocols for HTTP requests,
so for WebSockets this is moved to the WebSocket code.
- The safe set of cypher suites is chosen, which seem to correspond to
the "Modern" configuration from [1]. This can be adjusted later.
- Instead of passing a string of PEM CA certificates around, an enum is
used that includes parsed Certificates (or the default which reads
them from webpki-roots).
- Code for starting up an SSL server for testing is cleaned up a little,
due to the fact that the certificates need to be overriden explicitly
now. This is due to the fact that the `webpki` crate is more stringent
with self-signed certificates than SSL (CA certificates cannot used as
end-entity certificates). [2]
1. https://wiki.mozilla.org/Security/Server_Side_TLS
2. https://github.com/briansmith/webpki/issues/114Fixes#7888.
Fixes#13749.
Fixes#26835.
Fixes#29291.
This does not (yet) upgrade ./rust-toolchain
The warnings:
* dead_code "field is never read"
* redundant_semicolons "unnecessary trailing semicolon"
* non_fmt_panic "panic message is not a string literal, this is no longer accepted in Rust 2021"
* unstable_name_collisions "a method with this name may be added to the standard library in the future"
* legacy_derive_helpers "derive helper attribute is used before it is introduced" https://github.com/rust-lang/rust/issues/79202
