diff options
| author | Matthias Deiml <matthias@deiml.net> | 2020-06-15 18:44:59 +0200 |
|---|---|---|
| committer | Matthias Deiml <matthias@deiml.net> | 2020-06-17 19:07:14 +0200 |
| commit | fa18cf620f1c271bee8808026ab40ffbaa11aee6 (patch) | |
| tree | b5f1aa3518bf1c21dca0c43cf1299ee9e3ad7d4e /components/script/dom/globalscope.rs | |
| parent | 37394a892c79d6edbef868d6451710648669cc1c (diff) | |
| download | servo-fa18cf620f1c271bee8808026ab40ffbaa11aee6.tar.gz servo-fa18cf620f1c271bee8808026ab40ffbaa11aee6.zip | |
Make url for "client" referrer mandatory
Diffstat (limited to 'components/script/dom/globalscope.rs')
| -rw-r--r-- | components/script/dom/globalscope.rs | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 987ae4e7c13..f84c0caa4ec 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -94,6 +94,7 @@ use net_traits::filemanager_thread::{ FileManagerResult, FileManagerThreadMsg, ReadFileProgress, RelativePos, }; use net_traits::image_cache::ImageCache; +use net_traits::request::Referrer; use net_traits::response::HttpsState; use net_traits::{CoreResourceMsg, CoreResourceThread, IpcSend, ResourceThreads}; use parking_lot::Mutex; @@ -105,7 +106,7 @@ use script_traits::{ ScriptToConstellationChan, TimerEvent, }; use script_traits::{TimerEventId, TimerSchedulerMsg, TimerSource}; -use servo_url::{MutableOrigin, ServoUrl}; +use servo_url::{ImmutableOrigin, MutableOrigin, ServoUrl}; use std::borrow::Cow; use std::cell::Cell; use std::collections::hash_map::Entry; @@ -2331,6 +2332,43 @@ impl GlobalScope { unreachable!(); } + /// Determine the Referrer for a request whose Referrer is "client" + pub fn get_referrer(&self) -> Referrer { + // Step 3 of https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer + if let Some(window) = self.downcast::<Window>() { + // Substep 3.1 + + // Substep 3.1.1 + let mut document = window.Document(); + + // Substep 3.1.2 + if let ImmutableOrigin::Opaque(_) = document.origin().immutable() { + return Referrer::NoReferrer; + } + + let mut url = document.url(); + + // Substep 3.1.3 + while url.as_str() == "about:srcdoc" { + document = document + .browsing_context() + .expect("iframe should have browsing context") + .parent() + .expect("iframes browsing_context should have parent") + .document() + .expect("iframes parent should have document"); + + url = document.url(); + } + + // Substep 3.1.4 + return Referrer::Client(url); + } else { + // Substep 3.2 + return Referrer::ReferrerUrl(self.get_url()); + } + } + /// Extract a `Window`, panic if the global object is not a `Window`. pub fn as_window(&self) -> &Window { self.downcast::<Window>().expect("expected a Window scope") |