diff options
| author | Sebastian C <sebsebmc@gmail.com> | 2025-04-05 00:38:24 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-05 05:38:24 +0000 |
| commit | 76edcff20262543556f7b14ddbefdf6aaf0059ec (patch) | |
| tree | 14d36c0608355be15a3e432e435b5837121a68f5 /components/shared/net/request.rs | |
| parent | 478e876f6d094d889bafb0fea5b0b7b6ebb8d1aa (diff) | |
| download | servo-76edcff20262543556f7b14ddbefdf6aaf0059ec.tar.gz servo-76edcff20262543556f7b14ddbefdf6aaf0059ec.zip | |
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
Diffstat (limited to 'components/shared/net/request.rs')
| -rw-r--r-- | components/shared/net/request.rs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/components/shared/net/request.rs b/components/shared/net/request.rs index 58cba5cba5c..8dec7668077 100644 --- a/components/shared/net/request.rs +++ b/components/shared/net/request.rs @@ -292,6 +292,7 @@ pub struct RequestBuilder { /// <https://fetch.spec.whatwg.org/#concept-request-policy-container> pub policy_container: RequestPolicyContainer, pub insecure_requests_policy: InsecureRequestsPolicy, + pub has_trustworthy_ancestor_origin: bool, /// <https://fetch.spec.whatwg.org/#concept-request-referrer> pub referrer: Referrer, @@ -344,6 +345,7 @@ impl RequestBuilder { origin: ImmutableOrigin::new_opaque(), policy_container: RequestPolicyContainer::default(), insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade, + has_trustworthy_ancestor_origin: false, referrer, referrer_policy: ReferrerPolicy::EmptyString, pipeline_id: None, @@ -493,6 +495,14 @@ impl RequestBuilder { self } + pub fn has_trustworthy_ancestor_origin( + mut self, + has_trustworthy_ancestor_origin: bool, + ) -> RequestBuilder { + self.has_trustworthy_ancestor_origin = has_trustworthy_ancestor_origin; + self + } + /// <https://fetch.spec.whatwg.org/#request-service-workers-mode> pub fn service_workers_mode( mut self, @@ -546,6 +556,7 @@ impl RequestBuilder { request.crash = self.crash; request.policy_container = self.policy_container; request.insecure_requests_policy = self.insecure_requests_policy; + request.has_trustworthy_ancestor_origin = self.has_trustworthy_ancestor_origin; request } } @@ -621,6 +632,7 @@ pub struct Request { pub policy_container: RequestPolicyContainer, /// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy> pub insecure_requests_policy: InsecureRequestsPolicy, + pub has_trustworthy_ancestor_origin: bool, pub https_state: HttpsState, /// Servo internal: if crash details are present, trigger a crash error page with these details. pub crash: Option<String>, @@ -668,6 +680,7 @@ impl Request { response_tainting: ResponseTainting::Basic, policy_container: RequestPolicyContainer::Client, insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade, + has_trustworthy_ancestor_origin: false, https_state, crash: None, } |