Propagate parent policy container to local iframes (#36710)

This follows the rules as defined in https://w3c.github.io/webappsec-csp/#security-inherit-csp where local iframes (about:blank and about:srcdoc) should initially start with the CSP rules of the parent. After that, all new CSP headers should only be set on the policy container of the iframe. Part of #36437 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
author: Tim van der Lippe <TimvdLippe@users.noreply.github.com> 2025-05-03 10:47:40 +0200
committer: GitHub <noreply@github.com> 2025-05-03 08:47:40 +0000
commit: 539ca272843bd0937bc7ed48d6103a6338d2a3c9 (patch)
tree: 3b0b98de94c8d4a66ff8d0f420a94bed5c4d9eb5 /components/script/dom/htmliframeelement.rs
parent: 4164f76769db21103ee3c46d6d669a03310f2717 (diff)
download: servo-539ca272843bd0937bc7ed48d6103a6338d2a3c9.tar.gz
servo-539ca272843bd0937bc7ed48d6103a6338d2a3c9.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs
index da7a53bbf0b..0fbff86e44a 100644
--- a/components/script/dom/htmliframeelement.rs
+++ b/components/script/dom/htmliframeelement.rs
@@ -279,6 +279,7 @@ impl HTMLIFrameElement {
                 Some(document.insecure_requests_policy()),
                 document.has_trustworthy_ancestor_or_current_origin(),
             );
+            load_data.policy_container = Some(window.as_global_scope().policy_container());
             let element = self.upcast::<Element>();
             load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc")));
             self.navigate_or_reload_child_browsing_context(
@@ -361,7 +362,7 @@ impl HTMLIFrameElement {
             None
         };
 
-        let load_data = LoadData::new(
+        let mut load_data = LoadData::new(
             LoadOrigin::Script(document.origin().immutable().clone()),
             url,
             creator_pipeline_id,
@@ -378,6 +379,10 @@ impl HTMLIFrameElement {
         let is_about_blank =
             pipeline_id.is_some() && pipeline_id == self.about_blank_pipeline_id.get();
 
+        if is_about_blank {
+            load_data.policy_container = Some(window.as_global_scope().policy_container());
+        }
+
         let history_handling = if is_about_blank {
             NavigationHistoryBehavior::Replace
         } else {
@@ -407,7 +412,7 @@ impl HTMLIFrameElement {
         let document = self.owner_document();
         let window = self.owner_window();
         let pipeline_id = Some(window.pipeline_id());
-        let load_data = LoadData::new(
+        let mut load_data = LoadData::new(
             LoadOrigin::Script(document.origin().immutable().clone()),
             url,
             pipeline_id,
@@ -417,6 +422,7 @@ impl HTMLIFrameElement {
             Some(document.insecure_requests_policy()),
             document.has_trustworthy_ancestor_or_current_origin(),
         );
+        load_data.policy_container = Some(window.as_global_scope().policy_container());
         let browsing_context_id = BrowsingContextId::new();
         let webview_id = window.window_proxy().webview_id();
         self.pipeline_id.set(None);
author	Tim van der Lippe <TimvdLippe@users.noreply.github.com>	2025-05-03 10:47:40 +0200
committer	GitHub <noreply@github.com>	2025-05-03 08:47:40 +0000
commit	539ca272843bd0937bc7ed48d6103a6338d2a3c9 (patch)
tree	3b0b98de94c8d4a66ff8d0f420a94bed5c4d9eb5 /components/script/dom/htmliframeelement.rs
parent	4164f76769db21103ee3c46d6d669a03310f2717 (diff)
download	servo-539ca272843bd0937bc7ed48d6103a6338d2a3c9.tar.gz servo-539ca272843bd0937bc7ed48d6103a6338d2a3c9.zip