Tim van der Lippe baa18e18af Support CSP report-only header (#36623) ... This turned out to be a full rabbit hole. The new header is parsed in the new `parse_csp_list_from_metadata` which sets `disposition` to `report. I was testing this with `script-src-report-only-policy-works-with-external-hash-policy.html` which was blocking the script incorrectly. Turns out that there were multiple bugs in the CSP library, as well as a missing check in `fetch` to report violations. Additionally, in several locations we were manually reporting csp violations, instead of the new `global.report_csp_violations`. As a result of that, they would double report, since the report-only header would be appended as a policy and now would report twice. Now, all callsides use `global.report_csp_violations`. As a nice side-effect, I added the code to set source file information, since that was already present for the `eval` check, but nowhere else. Part of #36437 Requires servo/rust-content-security-policy#5 --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>		2025-04-25 19:59:44 +00:00
..
docs	doc: fix broken link to UnrootedMustRoot plugin (#36198)	2025-03-28 10:23:41 +00:00
dom	Support CSP report-only header (#36623)	2025-04-25 19:59:44 +00:00
layout_dom	Use version of markup5ever with web_atoms crate (#36542)	2025-04-19 11:49:37 +00:00
svgpath	Add Path2D (#35783)	2025-03-26 12:12:44 +00:00
xpath	Use version of markup5ever with web_atoms crate (#36542)	2025-04-19 11:49:37 +00:00
animation_timeline.rs	script: Limit public exports. (#34915)	2025-01-10 08:19:19 +00:00
animations.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
body.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
build.rs	script: copy include! files from script_bindings to script's OUT_DIR (#36384)	2025-04-08 19:22:24 +00:00
canvas_context.rs	Introduce snapshot concept of canvas (#36119)	2025-04-23 07:32:47 +00:00
canvas_state.rs	Introduce snapshot concept of canvas (#36119)	2025-04-23 07:32:47 +00:00
Cargo.toml	Introduce snapshot concept of canvas (#36119)	2025-04-23 07:32:47 +00:00
clipboard_provider.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
conversions.rs	suppress build warnings when disabling webgpu and webxr (#35379)	2025-02-08 08:16:21 +00:00
devtools.rs	add CanGc as argument to methods in HTMLCollection, HTMLDataListElement, HTMLDialogElement, HTMLElement, HTMLFieldSetElement, HTMLFormControlsCollection, HTMLFormElement, HTMLIFrameElement (#36495)	2025-04-13 07:10:00 +00:00
document_collection.rs	Update rustfmt to the 2024 style edition (#35764)	2025-03-03 11:26:53 +00:00
document_loader.rs	script: LoadBlocker's drop impl shouldn't run after termination. (#36508)	2025-04-21 07:17:00 +00:00
drag_data_store.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
fetch.rs	Update FetchTaskTarget to propagate CSP violations. (#36409)	2025-04-13 20:54:59 +00:00
iframe_collection.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
image_animation.rs	Animation: Aggregate Animated Image Info to Document (#36141)	2025-03-28 23:19:49 +00:00
init.rs	Make generated bindings generic over DOM types (#35169)	2025-01-25 05:08:49 +00:00
layout_image.rs	layout_image: Include missing request settings in layout-initiated image loads (#36621)	2025-04-24 12:12:39 +00:00
lib.rs	Switch to data_url::mime for document content type (#36522)	2025-04-15 17:12:48 +00:00
links.rs	Use version of markup5ever with web_atoms crate (#36542)	2025-04-19 11:49:37 +00:00
messaging.rs	compositor: Tick animations for an entire WebView at once (#36662)	2025-04-24 19:03:14 +00:00
microtask.rs	script: Mark callback methods with CanGc. (#35753)	2025-03-03 12:17:25 +00:00
mime.rs	Switch to data_url::mime for document content type (#36522)	2025-04-15 17:12:48 +00:00
navigation.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
network_listener.rs	Propagate CanGc arguments through callers in constructors (#35541)	2025-02-20 16:17:45 +00:00
realms.rs	Move generated bindings to script_bindings (#36323)	2025-04-04 06:45:08 +00:00
routed_promise.rs	webgpu: leverage routed_promise in calls returning promises (#35859)	2025-03-23 18:52:46 +00:00
script_module.rs	Fix missing settings in script module requests (#36606)	2025-04-20 11:54:20 +00:00
script_runtime.rs	Support CSP report-only header (#36623)	2025-04-25 19:59:44 +00:00
script_thread.rs	Report exceptions for async script executions to webdriver (#27041)	2025-04-25 06:50:00 +00:00
security_manager.rs	Implement trusted types url setter (#36596)	2025-04-21 06:56:40 +00:00
serviceworker_manager.rs	Move ScriptToConstellationMsg to constellation_traits (#36364)	2025-04-05 22:13:29 +00:00
stylesheet_loader.rs	Update FetchTaskTarget to propagate CSP violations. (#36409)	2025-04-13 20:54:59 +00:00
stylesheet_set.rs	script: Limit public exports. (#34915)	2025-01-10 08:19:19 +00:00
task.rs	Migrate to the 2024 edition (#35755)	2025-03-13 10:28:11 +00:00
task_manager.rs	async clipboard: implement writeText (#36498)	2025-04-14 13:49:43 +00:00
task_queue.rs	Use strum to iterate through enum variants and get their names (#35933)	2025-03-13 12:00:31 +00:00
task_source.rs	async clipboard: implement writeText (#36498)	2025-04-14 13:49:43 +00:00
test.rs	Update rustfmt to the 2024 style edition (#35764)	2025-03-03 11:26:53 +00:00
textinput.rs	Fix Backspace deleting entire previous line in <textarea> (#36112)	2025-03-26 18:37:48 +00:00
timers.rs	Support CSP report-only header (#36623)	2025-04-25 19:59:44 +00:00
unminify.rs	Update rustfmt to the 2024 style edition (#35764)	2025-03-03 11:26:53 +00:00
webdriver_handlers.rs	Report exceptions for async script executions to webdriver (#27041)	2025-04-25 06:50:00 +00:00
window_named_properties.rs	Migrate to the 2024 edition (#35755)	2025-03-13 10:28:11 +00:00