* Make checking for cookie prefixes case-insensitive
Cookie-Prefixes like "__Host-" and "__Secure-" are case insensitive
as per https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#name-storage-model.
This is tested by many WPT tests in cookies/prefix, for example
* cookies/prefix/__host.document-cookie.html
* cookies/prefix/__host.document-cookie.https.html
Since the implementation and the specification had diverged quite
significantly i also updated/added spec comments where appropriate
and slightly restructured code so its easier to follow. However,
the only change in behaviour is the prefix check described above.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove unused import
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix cookie test cases
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ignore cookie with __Host prefix and no specified path attribute
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix another cookie test case
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This removes the last few uses of `time@0.1` in Servo. There are still
dependencies from `style` and `webrender`, but they will be removed soon
as well. The uses of this version of `time` are replaced with
`std::time` types and `time@0.3` when negative `Duration` is necessary.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This changes updates to the new version of the `cookie` crate in Servo
which no longer uses the old `time@0.1` data types. This requires using
a new version of `time` while we transition off of the old one. This is
the first step in that process.
In addition, the overloading of the `cookie::Cookie` name was causing a
great deal of confusion, so I've renamed the Servo wrapper to
`ServoCookie` like we do with `ServoUrl`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
For a long time, `gfx_traits` has held a lot of things unrelated to graphics
and also unrelated to the `gfx` crate (which is mostly about fonts).
This is a cleanup which does a few things:
1. Move non `gfx` crate things out of `gfx_traits`. This is important in
order to prevent dependency cycles with a different integration between
layout, script, and fonts.
2. Rename the `msg` crate to `base`. It didn't really contain anything
to do with messages and instead mostly holds ids, which are used
across many different crates in Servo. This new crate will hold the
*rare* data types that are widely used.
Details:
- All BackgroundHangMonitor-related things from base to a new
`background_hang_monitor_api` crate.
- Moved `TraversalDirection` to `script_traits`
- Moved `Epoch`-related things from `gfx_traits` to `base`.
- Moved `PrintTree` to base. This should be widely useful in Servo.
- Moved `WebrenderApi` from `base` to `webrender_traits` and renamed it
to `WebRenderFontApi`.
This change replaces OpenSSL with rustls and also the manually curated
CA certs file with webpki-roots (effectively the same thing, but as a
crate).
Generally speaking the design of the network stack is the same. Changes:
- Code around certificate overrides needed to be refactored to work with
rustls so the various thread-safe list of certificates is refactored
into `CertificateErrorOverrideManager`
- hyper-rustls takes care of setting ALPN protocols for HTTP requests,
so for WebSockets this is moved to the WebSocket code.
- The safe set of cypher suites is chosen, which seem to correspond to
the "Modern" configuration from [1]. This can be adjusted later.
- Instead of passing a string of PEM CA certificates around, an enum is
used that includes parsed Certificates (or the default which reads
them from webpki-roots).
- Code for starting up an SSL server for testing is cleaned up a little,
due to the fact that the certificates need to be overriden explicitly
now. This is due to the fact that the `webpki` crate is more stringent
with self-signed certificates than SSL (CA certificates cannot used as
end-entity certificates). [2]
1. https://wiki.mozilla.org/Security/Server_Side_TLS
2. https://github.com/briansmith/webpki/issues/114Fixes#7888.
Fixes#13749.
Fixes#26835.
Fixes#29291.
This does not (yet) upgrade ./rust-toolchain
The warnings:
* dead_code "field is never read"
* redundant_semicolons "unnecessary trailing semicolon"
* non_fmt_panic "panic message is not a string literal, this is no longer accepted in Rust 2021"
* unstable_name_collisions "a method with this name may be added to the standard library in the future"
* legacy_derive_helpers "derive helper attribute is used before it is introduced" https://github.com/rust-lang/rust/issues/79202
