Implemented response validation part of
https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity
metadata, then following steps are performed
*Wait for response body
*If the response does not have a termination reason and response does not
match request’s integrity metadata, set response to a
network error.# Please enter the commit message for your changes. Lines starting
Implemented step nine of the main fetch. If current URL scheme is 'HTTP'
and current URL's host is domain and if current URL's host matched with
Known
HSTS Host Domain Name Matching results in either a superdomain match with
an asserted includeSubDomains directive or a congruent match then we
change request scheme to 'https'. This change has been made in method.rs
A test case to validate this has been added in fetch.rs. For asserting
https scheme, a https localhost was required. For this purpose I have
created a self-signed certificate and refactored fetch-context and
connector.rs to programmatically trust this certificate for running this
test case.
fetch() returns immediately after processing EOF, at the latest, so not
spinning up a thread should not cause noticeable delays. OTOH, it might
reduce the contention for cores, and reduce the overall time needed.
The spec removed it. Check the scheme instead, data is always same origin now,
except for workers.
This also updates the comments to make step numbers match the spec.
Closes#13362
- Hack to stop hitting unreachable on referer
- add fetch_done to make sync work
- Make datauris work by setting the response URI, spec bug
- Allow for empty bodies
- Make request bodies work (pass to http, fix fencepost in iter count)
Remove the CORSCache trait, CORSCacheSender, CORSCacheThreadMsg, and
CORSCacheThread. Rename BasicCORSCache to CORSCache and keep its old
implementation of CORSCache.
The current logic for a cors cache match does not consider "credentials
is false and request's credentials mode is not "include" or credentials
is true."
implements data-url fetching
Fixes#10165
jdm mentioned of decoupling the, payload loading mechanism to data_loader.rs. So accordingly a `decoder` method has been added to data_loader.
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/10272)
<!-- Reviewable:end -->
When fetching about:blank, response body should be the empty byte
sequence.
Spec: https://fetch.spec.whatwg.org/#concept-basic-fetch
Before this change, response body would be set to `ResponseBody::Empty`,
and then fetching would result in an infinite loop at step 19 in fn
`main_fetch` (methods.rs).
