diff options
| author | bors-servo <lbergstrom+bors@mozilla.com> | 2020-02-11 13:27:14 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-11 13:27:14 -0500 |
| commit | ba23c5afee380930bd0f2c5fd665d318443ed19f (patch) | |
| tree | 3c47cdc0d159320a3053752781c116103a943ff4 | |
| parent | 419954474b6d14f06d0dfb2d6696a128e3f5df15 (diff) | |
| parent | 41d896c201256636dc13bbf5b6cfda9270466f24 (diff) | |
| download | servo-ba23c5afee380930bd0f2c5fd665d318443ed19f.tar.gz servo-ba23c5afee380930bd0f2c5fd665d318443ed19f.zip | |
Auto merge of #25687 - pshaughn:taintfile, r=jdm
Filter file: and about: responses opaquely
<!-- Please describe your changes on the following line: -->
file: and about: schemes were being treated like data: for cors purposes, when in fact they should have been subject to opaque response filtering. A comment indicated that this was necessary for some CSS tests, but I think the comment was out of date; the only tests depending on the unfiltered responses are unit tests that do not test any CSS functionality. I've updated those tests to now test for the opaque-filtering itself.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25686
<!-- Either: -->
- [X] There are tests for these changes, but also some loss of unit test coverage (#25693) and a newly failing test case (#25692)
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
| -rw-r--r-- | components/net/fetch/methods.rs | 9 | ||||
| -rw-r--r-- | components/net/tests/fetch.rs | 37 | ||||
| -rw-r--r-- | tests/wpt/metadata/fetch/api/basic/scheme-about.any.js.ini | 41 | ||||
| -rw-r--r-- | tests/wpt/metadata/workers/constructors/Worker/same-origin.html.ini | 4 | ||||
| -rw-r--r-- | tests/wpt/metadata/xhr/send-non-same-origin.htm.ini | 5 |
5 files changed, 29 insertions, 67 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 101cf467444..e8c35e4a901 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -279,14 +279,7 @@ pub fn main_fetch( false }; - if (same_origin && !cors_flag ) || - current_url.scheme() == "data" || - current_url.scheme() == "file" || // FIXME: Fetch spec has already dropped filtering against file: - // and about: schemes, but CSS tests will break on loading Ahem - // since we load them through a file: URL. - current_url.scheme() == "about" || - request.mode == RequestMode::Navigate - { + if (same_origin && !cors_flag) || current_url.scheme() == "data" { // Substep 1. request.response_tainting = ResponseTainting::Basic; diff --git a/components/net/tests/fetch.rs b/components/net/tests/fetch.rs index d26343684f0..eddd8f67779 100644 --- a/components/net/tests/fetch.rs +++ b/components/net/tests/fetch.rs @@ -113,12 +113,21 @@ fn test_fetch_aboutblank() { let origin = Origin::Origin(url.origin()); let mut request = Request::new(url, Some(origin), None); request.referrer = Referrer::NoReferrer; + let fetch_response = fetch(&mut request, None); + // We should see an opaque-filtered response. + assert_eq!(fetch_response.response_type, ResponseType::Opaque); assert!(!fetch_response.is_network_error()); - assert_eq!( - *fetch_response.body.lock().unwrap(), - ResponseBody::Done(vec![]) - ); + assert_eq!(fetch_response.headers.len(), 0); + let resp_body = fetch_response.body.lock().unwrap(); + assert_eq!(*resp_body, ResponseBody::Empty); + + // The underlying response behind the filter should + // have a 0-byte body. + let actual_response = fetch_response.actual_response(); + assert!(!actual_response.is_network_error()); + let resp_body = actual_response.body.lock().unwrap(); + assert_eq!(*resp_body, ResponseBody::Done(vec![])); } #[test] @@ -176,7 +185,6 @@ fn test_fetch_blob() { methods::fetch(&mut request, &mut target, &context); let fetch_response = receiver.recv().unwrap(); - assert!(!fetch_response.is_network_error()); assert_eq!(fetch_response.headers.len(), 2); @@ -198,25 +206,36 @@ fn test_fetch_blob() { } #[test] -fn test_fetch_file() { +fn test_file() { let path = Path::new("../../resources/servo.css") .canonicalize() .unwrap(); let url = ServoUrl::from_file_path(path.clone()).unwrap(); + let origin = Origin::Origin(url.origin()); let mut request = Request::new(url, Some(origin), None); let fetch_response = fetch(&mut request, None); + // We should see an opaque-filtered response. + assert_eq!(fetch_response.response_type, ResponseType::Opaque); assert!(!fetch_response.is_network_error()); - assert_eq!(fetch_response.headers.len(), 1); - let content_type: Mime = fetch_response + assert_eq!(fetch_response.headers.len(), 0); + let resp_body = fetch_response.body.lock().unwrap(); + assert_eq!(*resp_body, ResponseBody::Empty); + + // The underlying response behind the filter should + // have the file's MIME type and contents. + let actual_response = fetch_response.actual_response(); + assert!(!actual_response.is_network_error()); + assert_eq!(actual_response.headers.len(), 1); + let content_type: Mime = actual_response .headers .typed_get::<ContentType>() .unwrap() .into(); assert_eq!(content_type, mime::TEXT_CSS); - let resp_body = fetch_response.body.lock().unwrap(); + let resp_body = actual_response.body.lock().unwrap(); let file = fs::read(path).unwrap(); match *resp_body { diff --git a/tests/wpt/metadata/fetch/api/basic/scheme-about.any.js.ini b/tests/wpt/metadata/fetch/api/basic/scheme-about.any.js.ini deleted file mode 100644 index e070826dde4..00000000000 --- a/tests/wpt/metadata/fetch/api/basic/scheme-about.any.js.ini +++ /dev/null @@ -1,41 +0,0 @@ -[scheme-about.any.html] - type: testharness - [Fetching about:blank (GET) is OK] - expected: FAIL - - [Fetching about:blank (PUT) is OK] - expected: FAIL - - [Fetching about:blank (POST) is OK] - expected: FAIL - - [Fetching about:blank with method GET is KO] - expected: FAIL - - [Fetching about:blank with method PUT is KO] - expected: FAIL - - [Fetching about:blank with method POST is KO] - expected: FAIL - - -[scheme-about.any.worker.html] - type: testharness - [Fetching about:blank (GET) is OK] - expected: FAIL - - [Fetching about:blank (PUT) is OK] - expected: FAIL - - [Fetching about:blank (POST) is OK] - expected: FAIL - - [Fetching about:blank with method GET is KO] - expected: FAIL - - [Fetching about:blank with method PUT is KO] - expected: FAIL - - [Fetching about:blank with method POST is KO] - expected: FAIL - diff --git a/tests/wpt/metadata/workers/constructors/Worker/same-origin.html.ini b/tests/wpt/metadata/workers/constructors/Worker/same-origin.html.ini index de990d5d1e6..40a980b618b 100644 --- a/tests/wpt/metadata/workers/constructors/Worker/same-origin.html.ini +++ b/tests/wpt/metadata/workers/constructors/Worker/same-origin.html.ini @@ -1,9 +1,5 @@ [same-origin.html] type: testharness - expected: TIMEOUT [unsupported_scheme] expected: FAIL - [about_blank] - expected: TIMEOUT - diff --git a/tests/wpt/metadata/xhr/send-non-same-origin.htm.ini b/tests/wpt/metadata/xhr/send-non-same-origin.htm.ini deleted file mode 100644 index 6e2cd942631..00000000000 --- a/tests/wpt/metadata/xhr/send-non-same-origin.htm.ini +++ /dev/null @@ -1,5 +0,0 @@ -[send-non-same-origin.htm] - type: testharness - [XMLHttpRequest: send() - non same-origin (about:blank)] - expected: FAIL - |