Implement `nonce` attribute to pass more CSP checks (#35876)

* Add doc comments to RequestBuilder fields/methods Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement Request::cryptographic_nonce_metadata Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement HTMLOrSVGElement::nonce Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request cryptographic nonce metadata for link elements Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request's cryptographic nonce when fetching scripts Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Forward request nonce to rust-content-security-policy Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
author: Simon Wülker <simon.wuelker@arcor.de> 2025-03-10 10:25:34 +0100
committer: GitHub <noreply@github.com> 2025-03-10 09:25:34 +0000
commit: 1b6b21cb8579622955e2a25c59ebb2bb0875b169 (patch)
tree: 922bc204a8fbb0958493e594d33b2d2e103f295f /components/script/dom/servoparser/prefetch.rs
parent: ce4ba309924ffa35e0dd4309527586b8f0c22b75 (diff)
download: servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.tar.gz
servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/components/script/dom/servoparser/prefetch.rs b/components/script/dom/servoparser/prefetch.rs
index 2d3c1569375..81a6f6ce5b1 100644
--- a/components/script/dom/servoparser/prefetch.rs
+++ b/components/script/dom/servoparser/prefetch.rs
@@ -109,6 +109,10 @@ impl TokenSink for PrefetchSink {
                         .get_attr(tag, local_name!("integrity"))
                         .map(|attr| String::from(&attr.value))
                         .unwrap_or_default();
+                    let cryptographic_nonce = self
+                        .get_attr(tag, local_name!("nonce"))
+                        .map(|attr| String::from(&attr.value))
+                        .unwrap_or_default();
                     let request = script_fetch_request(
                         self.webview_id,
                         url,
@@ -119,7 +123,7 @@ impl TokenSink for PrefetchSink {
                             referrer: self.referrer.clone(),
                             referrer_policy: self.referrer_policy,
                             integrity_metadata,
-                            cryptographic_nonce: String::new(),
+                            cryptographic_nonce,
                             credentials_mode: CredentialsMode::CredentialsSameOrigin,
                             parser_metadata: ParserMetadata::ParserInserted,
                         },
author	Simon Wülker <simon.wuelker@arcor.de>	2025-03-10 10:25:34 +0100
committer	GitHub <noreply@github.com>	2025-03-10 09:25:34 +0000
commit	1b6b21cb8579622955e2a25c59ebb2bb0875b169 (patch)
tree	922bc204a8fbb0958493e594d33b2d2e103f295f /components/script/dom/servoparser/prefetch.rs
parent	ce4ba309924ffa35e0dd4309527586b8f0c22b75 (diff)
download	servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.tar.gz servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.zip