Add support for Upgrade request to a potentially trustworthy URL. (#34986)

* Add support for Upgrade request to a potentially trustworthy URL. Signed-off-by: Shubham Gupta <shubham13297@gmail.com> * script: Support inheritable insecure request policy in documents and workers. Signed-off-by: Josh Matthews <josh@joshmatthews.net> --------- Signed-off-by: Shubham Gupta <shubham13297@gmail.com> Signed-off-by: Josh Matthews <josh@joshmatthews.net> Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
author: Shubham Gupta <32428749+shubhamg13@users.noreply.github.com> 2025-02-05 20:49:56 +0800
committer: GitHub <noreply@github.com> 2025-02-05 12:49:56 +0000
commit: 1e164738d8ca12a5b69b6f7adfc1b79555890726 (patch)
tree: e67c884567d9b022d39850e31881eb20fc22cf4b /components/script/dom/htmlscriptelement.rs
parent: 7b36f2beb3b8266460a03090eba7fa6e9999cce0 (diff)
download: servo-1e164738d8ca12a5b69b6f7adfc1b79555890726.tar.gz
servo-1e164738d8ca12a5b69b6f7adfc1b79555890726.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs
index 164a1ba2909..c9bbdf1089c 100644
--- a/components/script/dom/htmlscriptelement.rs
+++ b/components/script/dom/htmlscriptelement.rs
@@ -21,7 +21,8 @@ use js::jsval::UndefinedValue;
 use js::rust::{transform_str_to_source_text, CompileOptionsWrapper, HandleObject, Stencil};
 use net_traits::http_status::HttpStatus;
 use net_traits::request::{
-    CorsSettings, CredentialsMode, Destination, ParserMetadata, RequestBuilder, RequestId,
+    CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
+    RequestBuilder, RequestId,
 };
 use net_traits::{
     FetchMetadata, FetchResponseListener, Metadata, NetworkError, ResourceFetchTiming,
@@ -548,6 +549,7 @@ pub(crate) fn script_fetch_request(
     origin: ImmutableOrigin,
     pipeline_id: PipelineId,
     options: ScriptFetchOptions,
+    insecure_requests_policy: InsecureRequestsPolicy,
 ) -> RequestBuilder {
     // We intentionally ignore options' credentials_mode member for classic scripts.
     // The mode is initialized by create_a_potential_cors_request.
@@ -558,6 +560,7 @@ pub(crate) fn script_fetch_request(
         cors_setting,
         None,
         options.referrer,
+        insecure_requests_policy,
     )
     .origin(origin)
     .pipeline_id(Some(pipeline_id))
@@ -584,6 +587,7 @@ fn fetch_a_classic_script(
         doc.origin().immutable().clone(),
         script.global().pipeline_id(),
         options.clone(),
+        doc.insecure_requests_policy(),
     );
     let request = doc.prepare_request(request);
author	Shubham Gupta <32428749+shubhamg13@users.noreply.github.com>	2025-02-05 20:49:56 +0800
committer	GitHub <noreply@github.com>	2025-02-05 12:49:56 +0000
commit	1e164738d8ca12a5b69b6f7adfc1b79555890726 (patch)
tree	e67c884567d9b022d39850e31881eb20fc22cf4b /components/script/dom/htmlscriptelement.rs
parent	7b36f2beb3b8266460a03090eba7fa6e9999cce0 (diff)
download	servo-1e164738d8ca12a5b69b6f7adfc1b79555890726.tar.gz servo-1e164738d8ca12a5b69b6f7adfc1b79555890726.zip