diff options
| author | elomscansio <163124154+elomscansio@users.noreply.github.com> | 2025-04-20 12:54:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-20 11:54:20 +0000 |
| commit | 2366a67260ea4f50380ab8d88fe511145f708592 (patch) | |
| tree | f81a45a2fac526f3bba4ef9d84cf04696e0e4b8b /components/canvas | |
| parent | c915bf05fc9abcfba8a64cd4d50166a363a61109 (diff) | |
| download | servo-2366a67260ea4f50380ab8d88fe511145f708592.tar.gz servo-2366a67260ea4f50380ab8d88fe511145f708592.zip | |
Fix missing settings in script module requests (#36606)
This PR resolves [#36592](https://github.com/servo/servo/issues/36592)
by updating the `RequestBuilder` used in `script_module.rs` to include:
- `insecure_requests_policy`
- `has_trustworthy_ancestor_origin`
- `policy_container`
These fields are critical for enforcing proper fetch behavior under
modern web security models, and were previously omitted from module
script requests.
This change ensures that scripts loaded via `<script type="module">` or
dynamic `import()` correctly reflect the calling document’s security
environment.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36592
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
Diffstat (limited to 'components/canvas')
0 files changed, 0 insertions, 0 deletions