Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity
The Servo Browser Engine
51204 commits 148 branches 5 tags 1.7 GiB
Find a file
Tim van der Lippe baa18e18af
Support CSP report-only header (#36623) 
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.

I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.

Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.

Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.

Part of #36437

Requires servo/rust-content-security-policy#5

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
2025-04-25 19:59:44 +00:00
.cargo Move various reflector types and traits to script_bindings (#35279) 2025-02-04 06:58:08 +00:00
.github Fixup dependabot.yml (#36642) 2025-04-22 05:44:47 +00:00
.vscode
components Support CSP report-only header (#36623) 2025-04-25 19:59:44 +00:00
docs Update in-tree docs to point to the new book (#32743) 2024-07-09 15:42:00 +00:00
etc Devtools parser: reassemble fragmented messages (#36033) 2025-03-29 05:44:43 +00:00
ports/servoshell Initial support for marking custom protocol secure (#36656) 2025-04-25 10:39:33 +00:00
python Fix taplo test target directories (#36690) 2025-04-25 12:52:20 +00:00
resources layout: Add initial support for the ::marker pseudo-element (#36317) 2025-04-07 17:49:05 +00:00
support crown: Do not check trait item projections. (#36095) 2025-03-22 19:55:27 +00:00
tests Support CSP report-only header (#36623) 2025-04-25 19:59:44 +00:00
third_party Update rustfmt to the 2024 style edition (#35764) 2025-03-03 11:26:53 +00:00
.clang-format
.flake8
.gitattributes openharmony: add servoshell for ohos (#33295) 2024-09-20 08:20:27 +00:00
.gitignore mach: fix logic to override paths for legacy layout (#34467) 2024-12-04 12:38:58 +00:00
.mailmap
.python-version Set python version to 3.11 (#34707) 2024-12-19 18:42:36 +00:00
Cargo.lock Support CSP report-only header (#36623) 2025-04-25 19:59:44 +00:00
Cargo.toml Support CSP report-only header (#36623) 2025-04-25 19:59:44 +00:00
CLOBBER
CODE_OF_CONDUCT.md Clarify the Code of Conduct (closes servo/servo.org#164) (#32835) 2024-07-23 09:12:03 +00:00
CONTRIBUTING.md Update in-tree docs to point to the new book (#32743) 2024-07-09 15:42:00 +00:00
deny.toml chore: Update wgpu to v25 (#36486) 2025-04-18 07:49:06 +00:00
Info.plist
LICENSE
LICENSE_WHATWG_SPECS Add license for WHATWG specifications in code (#36282) 2025-04-03 04:33:06 +00:00
mach Fix mach argument quoting on NixOS (#35573) 2025-02-21 08:21:50 +00:00
mach.bat mach: adopt uv and avoid system python (#34632) 2024-12-16 09:20:37 +00:00
PULL_REQUEST_TEMPLATE.md Use a simpler GitHub pull request template (#36203) 2025-03-30 10:14:13 +00:00
README.md mach: adopt uv and avoid system python (#34632) 2024-12-16 09:20:37 +00:00
rust-toolchain.toml Bump channel in shell.nix to support rustc 1.85. (#35643) 2025-02-25 11:49:31 +00:00
rustfmt.toml Update rustfmt to the 2024 style edition (#35764) 2025-03-03 11:26:53 +00:00
SECURITY.md Update new issue URL in SECURITY.md (#31698) 2024-03-15 15:03:49 +00:00
servo-tidy.toml Remove legacy layout (layout 2013) (#35943) 2025-03-13 07:26:57 +00:00
servobuild.example Add medium profile for daily work scenario (#34035) 2024-11-21 11:28:15 +00:00
shell.nix Install tshark for automated tests in #36033 (#36201) 2025-03-28 09:43:03 +00:00
taplo.toml
uv.toml uv: Use native-tls (#36564) 2025-04-16 11:47:49 +00:00

README.md

The Servo Parallel Browser Engine Project

Servo is a prototype web browser engine written in the Rust language. It is currently developed on 64-bit macOS, 64-bit Linux, 64-bit Windows, 64-bit OpenHarmony, and Android.

Servo welcomes contribution from everyone. Check out The Servo Book to get started, or go to servo.org for news and guides.

Getting started

For more detailed build instructions, see the Servo book under Setting up your environment, Building Servo, Building for Android and Building for OpenHarmony.

macOS

  • Download and install Xcode and brew.
  • Install uv: curl -LsSf https://astral.sh/uv/install.sh | sh
  • Install rustup: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: ./mach bootstrap
  • Build servoshell: ./mach build

Linux

  • Install curl:
    • Arch: sudo pacman -S --needed curl
    • Debian, Ubuntu: sudo apt install curl
    • Fedora: sudo dnf install curl
    • Gentoo: sudo emerge net-misc/curl
  • Install uv: curl -LsSf https://astral.sh/uv/install.sh | sh
  • Install rustup: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: ./mach bootstrap
  • Build servoshell: ./mach build

Windows

  • Download uv, choco, and rustup
    • Be sure to select Quick install via the Visual Studio Community installer
  • In the Visual Studio Installer, ensure the following components are installed:
    • Windows 10 SDK (10.0.19041.0) (Microsoft.VisualStudio.Component.Windows10SDK.19041)
    • MSVC v143 - VS 2022 C++ x64/x86 build tools (Latest) (Microsoft.VisualStudio.Component.VC.Tools.x86.x64)
    • C++ ATL for latest v143 build tools (x86 & x64) (Microsoft.VisualStudio.Component.VC.ATL)
    • C++ MFC for latest v143 build tools (x86 & x64) (Microsoft.VisualStudio.Component.VC.ATLMFC)
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: .\mach bootstrap
  • Build servoshell: .\mach build

Android

  • Ensure that the following environment variables are set:
    • ANDROID_SDK_ROOT
    • ANDROID_NDK_ROOT: $ANDROID_SDK_ROOT/ndk/26.2.11394342/ ANDROID_SDK_ROOT can be any directory (such as ~/android-sdk). All of the Android build dependencies will be installed there.
  • Install the latest version of the Android command-line tools to $ANDROID_SDK_ROOT/cmdline-tools/latest.
  • Run the following command to install the necessary components: 
    sudo $ANDROID_SDK_ROOT/cmdline-tools/latest/bin/sdkmanager --install \
 "build-tools;34.0.0" \
 "emulator" \
 "ndk;26.2.11394342" \
 "platform-tools" \
 "platforms;android-33" \
 "system-images;android-33;google_apis;x86_64"
  • Follow the instructions above for the platform you are building on

OpenHarmony

  • Follow the instructions above for the platform you are building on to prepare the environment.
  • Depending on the target distribution (e.g. HarmonyOS NEXT vs pure OpenHarmony) the build configuration will differ slightly.
  • Ensure that the following environment variables are set
    • DEVECO_SDK_HOME (Required when targeting HarmonyOS NEXT)
    • OHOS_BASE_SDK_HOME (Required when targeting OpenHarmony)
    • OHOS_SDK_NATIVE (e.g. ${DEVECO_SDK_HOME}/default/openharmony/native or ${OHOS_BASE_SDK_HOME}/${API_VERSION}/native)
    • SERVO_OHOS_SIGNING_CONFIG: Path to json file containing a valid signing configuration for the demo app.
  • Review the detailed instructions at Building for OpenHarmony.
  • The target distribution can be modified by passing --flavor=<default|harmonyos> to `mach <build|package|install>.