diff options
| author | Tim van der Lippe <TimvdLippe@users.noreply.github.com> | 2025-04-13 22:54:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-13 20:54:59 +0000 |
| commit | 85e4a2b5c7b4d6422d29d65e9948e61c5d2b00f9 (patch) | |
| tree | c497c1b3897f68bef1ec715b8d21c6757a68a0d1 /components/script/dom/htmlimageelement.rs | |
| parent | 5d84acc06e2cb4ee6360059aa0497c6f013acbb8 (diff) | |
| download | servo-85e4a2b5c7b4d6422d29d65e9948e61c5d2b00f9.tar.gz servo-85e4a2b5c7b4d6422d29d65e9948e61c5d2b00f9.zip | |
Update FetchTaskTarget to propagate CSP violations. (#36409)
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Diffstat (limited to 'components/script/dom/htmlimageelement.rs')
| -rw-r--r-- | components/script/dom/htmlimageelement.rs | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/components/script/dom/htmlimageelement.rs b/components/script/dom/htmlimageelement.rs index 28ed3c2d13a..e6b4336fe54 100644 --- a/components/script/dom/htmlimageelement.rs +++ b/components/script/dom/htmlimageelement.rs @@ -10,6 +10,7 @@ use std::sync::Arc; use std::{char, mem}; use app_units::{AU_PER_PX, Au}; +use content_security_policy as csp; use cssparser::{Parser, ParserInput}; use dom_struct::dom_struct; use euclid::Point2D; @@ -294,6 +295,11 @@ impl FetchResponseListener for ImageContext { fn submit_resource_timing(&mut self) { network_listener::submit_timing(self, CanGc::note()) } + + fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) { + let global = &self.resource_timing_global(); + global.report_csp_violations(violations); + } } impl ResourceTimingListener for ImageContext { @@ -416,15 +422,17 @@ impl HTMLImageElement { // https://html.spec.whatwg.org/multipage/#update-the-image-data steps 17-20 // This function is also used to prefetch an image in `script::dom::servoparser::prefetch`. + let global = document.global(); let mut request = create_a_potential_cors_request( Some(window.webview_id()), img_url.clone(), Destination::Image, cors_setting_for_element(self.upcast()), None, - document.global().get_referrer(), + global.get_referrer(), document.insecure_requests_policy(), document.has_trustworthy_ancestor_or_current_origin(), + global.policy_container(), ) .origin(document.origin().immutable().clone()) .pipeline_id(Some(document.global().pipeline_id())) |