diff options
| author | Matthias Deiml <matthias@deiml.net> | 2020-06-15 18:44:59 +0200 |
|---|---|---|
| committer | Matthias Deiml <matthias@deiml.net> | 2020-06-17 19:07:14 +0200 |
| commit | fa18cf620f1c271bee8808026ab40ffbaa11aee6 (patch) | |
| tree | b5f1aa3518bf1c21dca0c43cf1299ee9e3ad7d4e /components | |
| parent | 37394a892c79d6edbef868d6451710648669cc1c (diff) | |
| download | servo-fa18cf620f1c271bee8808026ab40ffbaa11aee6.tar.gz servo-fa18cf620f1c271bee8808026ab40ffbaa11aee6.zip | |
Make url for "client" referrer mandatory
Diffstat (limited to 'components')
37 files changed, 409 insertions, 213 deletions
diff --git a/components/constellation/constellation.rs b/components/constellation/constellation.rs index 1106325a1a9..cfca54e8da5 100644 --- a/components/constellation/constellation.rs +++ b/components/constellation/constellation.rs @@ -136,7 +136,7 @@ use msg::constellation_msg::{ TopLevelBrowsingContextId, }; use net_traits::pub_domains::reg_host; -use net_traits::request::RequestBuilder; +use net_traits::request::{Referrer, RequestBuilder}; use net_traits::storage_thread::{StorageThreadMsg, StorageType}; use net_traits::{self, FetchResponseMsg, IpcSend, ResourceThreads}; use profile_traits::mem; @@ -1544,7 +1544,13 @@ where // If there is already a pending page (self.pending_changes), it will not be overridden; // However, if the id is not encompassed by another change, it will be. FromCompositorMsg::LoadUrl(top_level_browsing_context_id, url) => { - let load_data = LoadData::new(LoadOrigin::Constellation, url, None, None, None); + let load_data = LoadData::new( + LoadOrigin::Constellation, + url, + None, + Referrer::NoReferrer, + None, + ); let ctx_id = BrowsingContextId::from(top_level_browsing_context_id); let pipeline_id = match self.browsing_contexts.get(&ctx_id) { Some(ctx) => ctx.pipeline_id, @@ -2888,7 +2894,13 @@ where warn!("creating replacement pipeline for about:failure"); let new_pipeline_id = PipelineId::new(); - let load_data = LoadData::new(LoadOrigin::Constellation, failure_url, None, None, None); + let load_data = LoadData::new( + LoadOrigin::Constellation, + failure_url, + None, + Referrer::NoReferrer, + None, + ); let sandbox = IFrameSandboxState::IFrameSandboxed; let is_private = false; self.new_pipeline( @@ -2998,7 +3010,13 @@ where ); self.embedder_proxy.send(msg); let browsing_context_id = BrowsingContextId::from(top_level_browsing_context_id); - let load_data = LoadData::new(LoadOrigin::Constellation, url, None, None, None); + let load_data = LoadData::new( + LoadOrigin::Constellation, + url, + None, + Referrer::NoReferrer, + None, + ); let sandbox = IFrameSandboxState::IFrameUnsandboxed; let is_private = false; let is_visible = true; diff --git a/components/constellation/network_listener.rs b/components/constellation/network_listener.rs index ccbe00d4940..ec962b42f17 100644 --- a/components/constellation/network_listener.rs +++ b/components/constellation/network_listener.rs @@ -116,7 +116,8 @@ impl NetworkListener { self.request_builder.referrer = metadata .referrer .clone() - .map(|referrer_url| Referrer::ReferrerUrl(referrer_url)); + .map(|referrer_url| Referrer::ReferrerUrl(referrer_url)) + .unwrap_or(Referrer::NoReferrer); self.request_builder.referrer_policy = metadata.referrer_policy; let headers = if let Some(ref headers) = metadata.headers { diff --git a/components/gfx/font_cache_thread.rs b/components/gfx/font_cache_thread.rs index 21771b151da..866d3c68cfd 100644 --- a/components/gfx/font_cache_thread.rs +++ b/components/gfx/font_cache_thread.rs @@ -14,7 +14,7 @@ use crate::platform::font_template::FontTemplateData; use app_units::Au; use gfx_traits::{FontData, WebrenderApi}; use ipc_channel::ipc::{self, IpcReceiver, IpcSender}; -use net_traits::request::{Destination, RequestBuilder}; +use net_traits::request::{Destination, Referrer, RequestBuilder}; use net_traits::{fetch_async, CoreResourceThread, FetchResponseMsg}; use servo_atoms::Atom; use servo_url::ServoUrl; @@ -235,7 +235,10 @@ impl FontCache { None => return, }; - let request = RequestBuilder::new(url.clone()).destination(Destination::Font); + // FIXME: + // This shouldn't use NoReferrer, but the current documents url + let request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) + .destination(Destination::Font); let channel_to_self = self.channel_to_self.clone(); let bytes = Mutex::new(Vec::new()); diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 1aabb545354..41b804fb7fc 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -239,13 +239,7 @@ pub fn main_fetch( { let referrer_url = match mem::replace(&mut request.referrer, Referrer::NoReferrer) { Referrer::NoReferrer => None, - Referrer::Client => { - // FIXME(#14507): We should never get this value here; it should - // already have been handled in the script thread. - request.headers.remove(header::REFERER); - None - }, - Referrer::ReferrerUrl(url) => { + Referrer::ReferrerUrl(url) | Referrer::Client(url) => { request.headers.remove(header::REFERER); let current_url = request.current_url(); determine_request_referrer( diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 33a6e4415e3..eaed2ff1989 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -1141,7 +1141,8 @@ fn http_network_or_cache_fetch( // Step 5.9 match http_request.referrer { Referrer::NoReferrer => (), - Referrer::ReferrerUrl(ref http_request_referrer) => { + Referrer::ReferrerUrl(ref http_request_referrer) | + Referrer::Client(ref http_request_referrer) => { if let Ok(referer) = http_request_referrer.to_string().parse::<Referer>() { http_request.headers.typed_insert(referer); } else { @@ -1151,12 +1152,6 @@ fn http_network_or_cache_fetch( error!("Failed to parse {} as referer", http_request_referrer); } }, - Referrer::Client => - // it should be impossible for referrer to be anything else during fetching - // https://fetch.spec.whatwg.org/#concept-request-referrer - { - unreachable!() - }, }; // Step 5.10 @@ -1938,7 +1933,7 @@ fn cors_preflight_fetch( context: &FetchContext, ) -> Response { // Step 1 - let mut preflight = RequestBuilder::new(request.current_url()) + let mut preflight = RequestBuilder::new(request.current_url(), request.referrer.clone()) .method(Method::OPTIONS) .origin(match &request.origin { Origin::Client => { @@ -1949,7 +1944,6 @@ fn cors_preflight_fetch( .pipeline_id(request.pipeline_id) .initiator(request.initiator.clone()) .destination(request.destination.clone()) - .referrer(Some(request.referrer.clone())) .referrer_policy(request.referrer_policy) .build(); diff --git a/components/net/tests/data_loader.rs b/components/net/tests/data_loader.rs index 3e7cde682f4..aa985a17d2b 100644 --- a/components/net/tests/data_loader.rs +++ b/components/net/tests/data_loader.rs @@ -6,7 +6,7 @@ use crate::fetch; use headers::{ContentType, HeaderMapExt}; use hyper_serde::Serde; use mime::{self, Mime}; -use net_traits::request::{Origin, Request}; +use net_traits::request::{Origin, Referrer, Request}; use net_traits::response::{HttpsState, ResponseBody}; use net_traits::{FetchMetadata, FilteredMetadata, NetworkError}; use servo_url::ServoUrl; @@ -21,7 +21,13 @@ fn assert_parse( ) { let url = ServoUrl::parse(url).unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let response = fetch(&mut request, None); diff --git a/components/net/tests/fetch.rs b/components/net/tests/fetch.rs index dc4c0f032c0..821e81a00c2 100644 --- a/components/net/tests/fetch.rs +++ b/components/net/tests/fetch.rs @@ -59,8 +59,13 @@ fn test_fetch_response_is_not_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -73,8 +78,13 @@ fn test_fetch_response_is_not_network_error() { fn test_fetch_on_bad_port_is_network_error() { let url = ServoUrl::parse("http://www.example.org:6667").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); let fetch_error = fetch_response.get_network_error().unwrap(); @@ -93,8 +103,13 @@ fn test_fetch_response_body_matches_const_message() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -113,8 +128,13 @@ fn test_fetch_response_body_matches_const_message() { fn test_fetch_aboutblank() { let url = ServoUrl::parse("about:blank").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); // We should see an opaque-filtered response. @@ -177,6 +197,7 @@ fn test_fetch_blob() { let mut request = Request::new( url, Some(Origin::Origin(origin.origin())), + Referrer::NoReferrer, None, HttpsState::None, ); @@ -220,7 +241,13 @@ fn test_file() { let url = ServoUrl::from_file_path(path.clone()).unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let pool = CoreResourceThreadPool::new(1); let pool_handle = Arc::new(pool); @@ -262,8 +289,13 @@ fn test_file() { fn test_fetch_ftp() { let url = ServoUrl::parse("ftp://not-supported").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); } @@ -272,8 +304,13 @@ fn test_fetch_ftp() { fn test_fetch_bogus_scheme() { let url = ServoUrl::parse("bogus://whatever").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); } @@ -319,8 +356,13 @@ fn test_cors_preflight_fetch() { let target_url = url.clone().join("a.html").unwrap(); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url.clone(), Some(origin), None, HttpsState::None); - request.referrer = Referrer::ReferrerUrl(target_url); + let mut request = Request::new( + url.clone(), + Some(origin), + Referrer::ReferrerUrl(target_url), + None, + HttpsState::None, + ); request.referrer_policy = Some(ReferrerPolicy::Origin); request.use_cors_preflight = true; request.mode = RequestMode::CorsMode; @@ -371,8 +413,13 @@ fn test_cors_preflight_cache_fetch() { let (server, url) = make_server(handler); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url.clone(), Some(origin.clone()), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url.clone(), + Some(origin.clone()), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.use_cors_preflight = true; request.mode = RequestMode::CorsMode; let mut wrapped_request0 = request.clone(); @@ -433,9 +480,14 @@ fn test_cors_preflight_fetch_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.method = Method::from_bytes(b"CHICKEN").unwrap(); - request.referrer = Referrer::NoReferrer; request.use_cors_preflight = true; request.mode = RequestMode::CorsMode; let fetch_response = fetch(&mut request, None); @@ -462,8 +514,13 @@ fn test_fetch_response_is_basic_filtered() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -525,8 +582,13 @@ fn test_fetch_response_is_cors_filtered() { // an origin mis-match will stop it from defaulting to a basic filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.mode = RequestMode::CorsMode; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -559,8 +621,13 @@ fn test_fetch_response_is_opaque_filtered() { // an origin mis-match will fall through to an Opaque filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -607,8 +674,13 @@ fn test_fetch_response_is_opaque_redirect_filtered() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.redirect_mode = RedirectMode::Manual; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -641,8 +713,13 @@ fn test_fetch_with_local_urls_only() { let do_fetch = |url: ServoUrl| { let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); // Set the flag. request.local_urls_only = true; @@ -708,8 +785,13 @@ fn test_fetch_with_hsts() { ); } let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); // Set the flag. request.local_urls_only = false; let response = fetch_with_context(&mut request, &mut context); @@ -759,7 +841,7 @@ fn test_load_adds_host_to_hsts_list_when_url_is_https() { ))), }; - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -824,7 +906,7 @@ fn test_fetch_self_signed() { ))), }; - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -850,7 +932,7 @@ fn test_fetch_self_signed() { let (server, mut url) = make_ssl_server(handler, cert_path.clone(), key_path.clone()); url.as_mut_url().set_scheme("https").unwrap(); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -874,8 +956,13 @@ fn test_fetch_with_sri_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); // To calulate hash use : // echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A request.integrity_metadata = @@ -898,8 +985,13 @@ fn test_fetch_with_sri_sucess() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); // To calulate hash use : // echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A request.integrity_metadata = @@ -938,7 +1030,13 @@ fn test_fetch_blocked_nosniff() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.destination = destination; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -982,8 +1080,13 @@ fn setup_server_and_fetch(message: &'static [u8], redirect_cap: u32) -> Response let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); let _ = server.close(); fetch_response @@ -1070,8 +1173,13 @@ fn test_fetch_redirect_updates_method_runner( let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.method = method; let _ = fetch(&mut request, None); @@ -1153,8 +1261,13 @@ fn test_fetch_async_returns_complete_response() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); @@ -1172,8 +1285,13 @@ fn test_opaque_filtered_fetch_async_returns_complete_response() { // an origin mis-match will fall through to an Opaque filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); let fetch_response = fetch(&mut request, None); @@ -1208,8 +1326,13 @@ fn test_opaque_redirect_filtered_fetch_async_returns_complete_response() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None, HttpsState::None); - request.referrer = Referrer::NoReferrer; + let mut request = Request::new( + url, + Some(origin), + Referrer::NoReferrer, + None, + HttpsState::None, + ); request.redirect_mode = RedirectMode::Manual; let fetch_response = fetch(&mut request, None); @@ -1233,10 +1356,10 @@ fn test_fetch_with_devtools() { let mut request = Request::new( url.clone(), Some(origin), + Referrer::NoReferrer, Some(TEST_PIPELINE_ID), HttpsState::None, ); - request.referrer = Referrer::NoReferrer; let (devtools_chan, devtools_port) = unbounded(); diff --git a/components/net/tests/http_cache.rs b/components/net/tests/http_cache.rs index c56f4c59d72..6d2cd50ce47 100644 --- a/components/net/tests/http_cache.rs +++ b/components/net/tests/http_cache.rs @@ -7,7 +7,7 @@ use http::header::{HeaderValue, EXPIRES}; use http::StatusCode; use msg::constellation_msg::TEST_PIPELINE_ID; use net::http_cache::HttpCache; -use net_traits::request::{Origin, Request}; +use net_traits::request::{Origin, Referrer, Request}; use net_traits::response::{HttpsState, Response, ResponseBody}; use net_traits::{ResourceFetchTiming, ResourceTimingType}; use servo_url::ServoUrl; @@ -23,6 +23,7 @@ fn test_refreshing_resource_sets_done_chan_the_appropriate_value() { let request = Request::new( url.clone(), Some(Origin::Origin(url.clone().origin())), + Referrer::NoReferrer, Some(TEST_PIPELINE_ID), HttpsState::None, ); diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index 48f18560d54..f5b5a82cb5a 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -33,7 +33,7 @@ use net::http_loader::determine_request_referrer; use net::resource_thread::AuthCacheEntry; use net::test::replace_host_table; use net_traits::request::{ - BodyChunkRequest, BodyChunkResponse, BodySource, CredentialsMode, Destination, RequestBody, + BodyChunkRequest, BodyChunkResponse, BodySource, CredentialsMode, Destination, RequestBody, Referrer RequestBuilder, RequestMode, }; use net_traits::response::{HttpsState, ResponseBody}; @@ -159,7 +159,7 @@ fn test_check_default_headers_loaded_in_every_request() { *expected_headers.lock().unwrap() = Some(headers.clone()); // Testing for method.GET - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(url.clone().origin()) @@ -186,7 +186,7 @@ fn test_check_default_headers_loaded_in_every_request() { HeaderValue::from_str(&url_str[..url_str.len() - 1]).unwrap(), ); *expected_headers.lock().unwrap() = Some(post_headers); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::POST) .destination(Destination::Document) .origin(url.clone().origin()) @@ -216,7 +216,7 @@ fn test_load_when_request_is_not_get_or_head_and_there_is_no_body_content_length }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::POST) .body(None) .destination(Destination::Document) @@ -248,7 +248,7 @@ fn test_request_and_response_data_with_network_messages() { let mut request_headers = HeaderMap::new(); request_headers.typed_insert(Host::from("bar.foo".parse::<Authority>().unwrap())); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .headers(request_headers) .body(None) @@ -343,7 +343,7 @@ fn test_request_and_response_message_from_devtool_without_pipeline_id() { }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -385,7 +385,7 @@ fn test_redirected_request_to_devtools() { }; let (pre_server, pre_url) = make_server(pre_handler); - let mut request = RequestBuilder::new(pre_url.clone()) + let mut request = RequestBuilder::new(pre_url.clone(), Referrer::NoReferrer) .method(Method::POST) .destination(Destination::Document) .pipeline_id(Some(TEST_PIPELINE_ID)) @@ -434,7 +434,7 @@ fn test_load_when_redirecting_from_a_post_should_rewrite_next_request_as_get() { }; let (pre_server, pre_url) = make_server(pre_handler); - let mut request = RequestBuilder::new(pre_url.clone()) + let mut request = RequestBuilder::new(pre_url.clone(), Referrer::NoReferrer) .method(Method::POST) .destination(Destination::Document) .origin(mock_origin()) @@ -464,7 +464,7 @@ fn test_load_should_decode_the_response_as_deflate_when_response_headers_have_co }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -497,7 +497,7 @@ fn test_load_should_decode_the_response_as_gzip_when_response_headers_have_conte }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -552,7 +552,7 @@ fn test_load_doesnt_send_request_body_on_any_redirect() { let content = b"Body on POST!"; let request_body = create_request_body_with_content(content.to_vec()); - let mut request = RequestBuilder::new(pre_url.clone()) + let mut request = RequestBuilder::new(pre_url.clone(), Referrer::NoReferrer) .body(Some(request_body)) .method(Method::POST) .destination(Destination::Document) @@ -580,7 +580,7 @@ fn test_load_doesnt_add_host_to_hsts_list_when_url_is_http_even_if_hsts_headers_ }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -626,7 +626,7 @@ fn test_load_sets_cookies_in_the_resource_manager_when_it_get_set_cookie_header_ assert_cookie_for_domain(&context.state.cookie_jar, url.as_str(), None); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -678,7 +678,7 @@ fn test_load_sets_requests_cookies_header_for_url_by_getting_cookies_from_the_re cookie_jar.push(cookie, &url, CookieSource::HTTP); } - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -724,7 +724,7 @@ fn test_load_sends_cookie_if_nonhttp() { cookie_jar.push(cookie, &url, CookieSource::HTTP); } - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -761,7 +761,7 @@ fn test_cookie_set_with_httponly_should_not_be_available_using_getcookiesforurl( assert_cookie_for_domain(&context.state.cookie_jar, url.as_str(), None); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -808,7 +808,7 @@ fn test_when_cookie_received_marked_secure_is_ignored_for_http() { assert_cookie_for_domain(&context.state.cookie_jar, url.as_str(), None); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -847,7 +847,7 @@ fn test_load_sets_content_length_to_length_of_request_body() { let request_body = create_request_body_with_content(content.to_vec()); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::POST) .body(Some(request_body)) .destination(Destination::Document) @@ -886,7 +886,7 @@ fn test_load_uses_explicit_accept_from_headers_in_load_data() { let mut accept_headers = HeaderMap::new(); accept_headers.insert(header::ACCEPT, HeaderValue::from_static("text/html")); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .headers(accept_headers) .destination(Destination::Document) @@ -923,7 +923,7 @@ fn test_load_sets_default_accept_to_html_xhtml_xml_and_then_anything_else() { }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -961,7 +961,7 @@ fn test_load_uses_explicit_accept_encoding_from_load_data_headers() { let mut accept_encoding_headers = HeaderMap::new(); accept_encoding_headers.insert(header::ACCEPT_ENCODING, HeaderValue::from_static("chunked")); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .headers(accept_encoding_headers) .destination(Destination::Document) @@ -998,7 +998,7 @@ fn test_load_sets_default_accept_encoding_to_gzip_and_deflate() { }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1051,7 +1051,7 @@ fn test_load_errors_when_there_a_redirect_loop() { *url_b_for_a.lock().unwrap() = Some(url_b.clone()); - let mut request = RequestBuilder::new(url_a.clone()) + let mut request = RequestBuilder::new(url_a.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1107,7 +1107,7 @@ fn test_load_succeeds_with_a_redirect_loop() { *url_b_for_a.lock().unwrap() = Some(url_b.clone()); - let mut request = RequestBuilder::new(url_a.clone()) + let mut request = RequestBuilder::new(url_a.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1146,7 +1146,7 @@ fn test_load_follows_a_redirect() { }; let (pre_server, pre_url) = make_server(pre_handler); - let mut request = RequestBuilder::new(pre_url.clone()) + let mut request = RequestBuilder::new(pre_url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1229,7 +1229,7 @@ fn test_redirect_from_x_to_y_provides_y_cookies_from_y() { cookie_jar.push(cookie_y, &url_y, CookieSource::HTTP); } - let mut request = RequestBuilder::new(url_x.clone()) + let mut request = RequestBuilder::new(url_x.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1278,7 +1278,7 @@ fn test_redirect_from_x_to_x_provides_x_with_cookie_from_first_response() { let url = url.join("/initial/").unwrap(); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .destination(Destination::Document) .origin(mock_origin()) @@ -1309,7 +1309,7 @@ fn test_if_auth_creds_not_in_url_but_in_cache_it_sets_it() { }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -1353,7 +1353,7 @@ fn test_auth_ui_needs_www_auth() { }; let (server, url) = make_server(handler); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .body(None) .destination(Destination::Document) @@ -1390,7 +1390,7 @@ fn test_origin_set() { let mut origin = Origin::try_from_parts(url.scheme(), url.host_str().unwrap(), url.port()).unwrap(); *origin_header_clone.lock().unwrap() = Some(origin.clone()); - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::POST) .body(None) .origin(url.clone().origin()) @@ -1409,7 +1409,7 @@ fn test_origin_set() { origin = Origin::try_from_parts(origin_url.scheme(), origin_url.host_str().unwrap(), None).unwrap(); // Test Origin header is set on Get request with CORS mode - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::GET) .mode(RequestMode::CorsMode) .body(None) @@ -1427,7 +1427,7 @@ fn test_origin_set() { .is_success()); // Test Origin header is not set on method Head - let mut request = RequestBuilder::new(url.clone()) + let mut request = RequestBuilder::new(url.clone(), Referrer::NoReferrer) .method(Method::HEAD) .body(None) .origin(url.clone().origin()) diff --git a/components/net_traits/request.rs b/components/net_traits/request.rs index c15063c7a70..cc67ca0cd27 100644 --- a/components/net_traits/request.rs +++ b/components/net_traits/request.rs @@ -37,8 +37,12 @@ pub enum Origin { #[derive(Clone, Debug, Deserialize, MallocSizeOf, PartialEq, Serialize)] pub enum Referrer { NoReferrer, - /// Default referrer if nothing is specified - Client, + /// Contains the url that "client" would be resolved to. See + /// [https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer](https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer) + /// + /// If you are unsure you should probably use + /// [`GlobalScope::get_referrer`](https://doc.servo.org/script/dom/globalscope/struct.GlobalScope.html#method.get_referrer) + Client(ServoUrl), ReferrerUrl(ServoUrl), } @@ -231,7 +235,7 @@ pub struct RequestBuilder { pub use_url_credentials: bool, pub origin: ImmutableOrigin, // XXXManishearth these should be part of the client object - pub referrer: Option<Referrer>, + pub referrer: Referrer, pub referrer_policy: Option<ReferrerPolicy>, pub pipeline_id: Option<PipelineId>, pub redirect_mode: RedirectMode, @@ -249,7 +253,7 @@ pub struct RequestBuilder { } impl RequestBuilder { - pub fn new(url: ServoUrl) -> RequestBuilder { + pub fn new(url: ServoUrl, referrer: Referrer) -> RequestBuilder { RequestBuilder { method: Method::GET, url: url, @@ -265,7 +269,7 @@ impl RequestBuilder { credentials_mode: CredentialsMode::Omit, use_url_credentials: false, origin: ImmutableOrigin::new_opaque(), - referrer: None, + referrer: referrer, referrer_policy: None, pipeline_id: None, redirect_mode: RedirectMode::Follow, @@ -338,11 +342,6 @@ impl RequestBuilder { self } - pub fn referrer(mut self, referrer: Option<Referrer>) -> RequestBuilder { - self.referrer = referrer; - self - } - pub fn referrer_policy(mut self, referrer_policy: Option<ReferrerPolicy>) -> RequestBuilder { self.referrer_policy = referrer_policy; self @@ -377,6 +376,7 @@ impl RequestBuilder { let mut request = Request::new( self.url.clone(), Some(Origin::Origin(self.origin)), + self.referrer, self.pipeline_id, self.https_state, ); @@ -393,7 +393,6 @@ impl RequestBuilder { request.credentials_mode = self.credentials_mode; request.use_url_credentials = self.use_url_credentials; request.cache_mode = self.cache_mode; - request.referrer = self.referrer.unwrap_or(Referrer::Client); request.referrer_policy = self.referrer_policy; request.redirect_mode = self.redirect_mode; let mut url_list = self.url_list; @@ -484,6 +483,7 @@ impl Request { pub fn new( url: ServoUrl, origin: Option<Origin>, + referrer: Referrer, pipeline_id: Option<PipelineId>, https_state: HttpsState, ) -> Request { @@ -500,7 +500,7 @@ impl Request { initiator: Initiator::None, destination: Destination::None, origin: origin.unwrap_or(Origin::Client), - referrer: Referrer::Client, + referrer: referrer, referrer_policy: None, pipeline_id: pipeline_id, synchronous: false, @@ -569,7 +569,8 @@ impl Request { impl Referrer { pub fn to_url(&self) -> Option<&ServoUrl> { match *self { - Referrer::NoReferrer | Referrer::Client => None, + Referrer::NoReferrer => None, + Referrer::Client(ref url) => Some(url), Referrer::ReferrerUrl(ref url) => Some(url), } } diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index c764678b80a..0095429b571 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -330,6 +330,7 @@ impl DedicatedWorkerGlobalScope { let top_level_browsing_context_id = TopLevelBrowsingContextId::installed(); let current_global = GlobalScope::current().expect("No current global object"); let origin = current_global.origin().immutable().clone(); + let referrer = current_global.get_referrer(); let parent = current_global.runtime_handle(); let current_global_https_state = current_global.get_https_state(); @@ -351,16 +352,17 @@ impl DedicatedWorkerGlobalScope { pipeline_id, } = worker_load_origin; - let referrer = referrer_url.map(|referrer_url| Referrer::ReferrerUrl(referrer_url)); + let referrer = referrer_url + .map(|url| Referrer::ReferrerUrl(url)) + .unwrap_or(referrer); - let request = RequestBuilder::new(worker_url.clone()) + let request = RequestBuilder::new(worker_url.clone(), referrer) .destination(Destination::Worker) .mode(RequestMode::SameOrigin) .credentials_mode(CredentialsMode::CredentialsSameOrigin) .parser_metadata(ParserMetadata::NotParserInserted) .use_url_credentials(true) .pipeline_id(Some(pipeline_id)) - .referrer(referrer) .referrer_policy(referrer_policy) .origin(origin); diff --git a/components/script/dom/eventsource.rs b/components/script/dom/eventsource.rs index 4ab9d11f906..49e612cd6eb 100644 --- a/components/script/dom/eventsource.rs +++ b/components/script/dom/eventsource.rs @@ -532,6 +532,7 @@ impl EventSource { Destination::None, Some(cors_attribute_state), Some(true), + global.get_referrer(), ) .origin(global.origin().immutable().clone()) .pipeline_id(Some(global.pipeline_id())); diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 987ae4e7c13..f84c0caa4ec 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -94,6 +94,7 @@ use net_traits::filemanager_thread::{ FileManagerResult, FileManagerThreadMsg, ReadFileProgress, RelativePos, }; use net_traits::image_cache::ImageCache; +use net_traits::request::Referrer; use net_traits::response::HttpsState; use net_traits::{CoreResourceMsg, CoreResourceThread, IpcSend, ResourceThreads}; use parking_lot::Mutex; @@ -105,7 +106,7 @@ use script_traits::{ ScriptToConstellationChan, TimerEvent, }; use script_traits::{TimerEventId, TimerSchedulerMsg, TimerSource}; -use servo_url::{MutableOrigin, ServoUrl}; +use servo_url::{ImmutableOrigin, MutableOrigin, ServoUrl}; use std::borrow::Cow; use std::cell::Cell; use std::collections::hash_map::Entry; @@ -2331,6 +2332,43 @@ impl GlobalScope { unreachable!(); } + /// Determine the Referrer for a request whose Referrer is "client" + pub fn get_referrer(&self) -> Referrer { + // Step 3 of https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer + if let Some(window) = self.downcast::<Window>() { + // Substep 3.1 + + // Substep 3.1.1 + let mut document = window.Document(); + + // Substep 3.1.2 + if let ImmutableOrigin::Opaque(_) = document.origin().immutable() { + return Referrer::NoReferrer; + } + + let mut url = document.url(); + + // Substep 3.1.3 + while url.as_str() == "about:srcdoc" { + document = document + .browsing_context() + .expect("iframe should have browsing context") + .parent() + .expect("iframes browsing_context should have parent") + .document() + .expect("iframes parent should have document"); + + url = document.url(); + } + + // Substep 3.1.4 + return Referrer::Client(url); + } else { + // Substep 3.2 + return Referrer::ReferrerUrl(self.get_url()); + } + } + /// Extract a `Window`, panic if the global object is not a `Window`. pub fn as_window(&self) -> &Window { self.downcast::<Window>().expect("expected a Window scope") diff --git a/components/script/dom/htmlanchorelement.rs b/components/script/dom/htmlanchorelement.rs index f61d466afd5..42589dfce36 100644 --- a/components/script/dom/htmlanchorelement.rs +++ b/components/script/dom/htmlanchorelement.rs @@ -650,7 +650,7 @@ pub fn follow_hyperlink(subject: &Element, hyperlink_suffix: Option<String>) { Some(ref link_types) if link_types.Value().contains("noreferrer") => { Referrer::NoReferrer }, - _ => Referrer::Client, + _ => target_window.upcast::<GlobalScope>().get_referrer(), }; // Step 14 @@ -659,7 +659,7 @@ pub fn follow_hyperlink(subject: &Element, hyperlink_suffix: Option<String>) { LoadOrigin::Script(document.origin().immutable().clone()), url, Some(pipeline_id), - Some(referrer), + referrer, referrer_policy, ); let target = Trusted::new(target_window); diff --git a/components/script/dom/htmlformelement.rs b/components/script/dom/htmlformelement.rs index 0c7b09ece74..b9b475e02ff 100644 --- a/components/script/dom/htmlformelement.rs +++ b/components/script/dom/htmlformelement.rs @@ -688,7 +688,7 @@ impl HTMLFormElement { LoadOrigin::Script(doc.origin().immutable().clone()), action_components, None, - Some(Referrer::ReferrerUrl(target_document.url())), + Referrer::ReferrerUrl(target_document.url()), target_document.get_referrer_policy(), ); @@ -840,13 +840,13 @@ impl HTMLFormElement { Some(ref link_types) if link_types.Value().contains("noreferrer") => { Referrer::NoReferrer }, - _ => Referrer::Client, + _ => target.upcast::<GlobalScope>().get_referrer(), }; let referrer_policy = target.Document().get_referrer_policy(); let pipeline_id = target.upcast::<GlobalScope>().pipeline_id(); load_data.creator_pipeline_id = Some(pipeline_id); - load_data.referrer = Some(referrer); + load_data.referrer = referrer; load_data.referrer_policy = referrer_policy; // Step 4. diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index b36d3641764..2e8a37a88d8 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -30,7 +30,6 @@ use dom_struct::dom_struct; use html5ever::{LocalName, Prefix}; use ipc_channel::ipc; use msg::constellation_msg::{BrowsingContextId, PipelineId, TopLevelBrowsingContextId}; -use net_traits::request::Referrer; use profile_traits::ipc as ProfiledIpc; use script_layout_interface::message::ReflowGoal; use script_traits::IFrameSandboxState::{IFrameSandboxed, IFrameUnsandboxed}; @@ -242,7 +241,7 @@ impl HTMLIFrameElement { LoadOrigin::Script(document.origin().immutable().clone()), url, pipeline_id, - Some(Referrer::ReferrerUrl(document.url())), + window.upcast::<GlobalScope>().get_referrer(), document.get_referrer_policy(), ); let element = self.upcast::<Element>(); @@ -325,7 +324,7 @@ impl HTMLIFrameElement { LoadOrigin::Script(document.origin().immutable().clone()), url, creator_pipeline_id, - Some(Referrer::ReferrerUrl(document.url())), + window.upcast::<GlobalScope>().get_referrer(), document.get_referrer_policy(), ); @@ -352,7 +351,7 @@ impl HTMLIFrameElement { LoadOrigin::Script(document.origin().immutable().clone()), url, pipeline_id, - Some(Referrer::ReferrerUrl(document.url().clone())), + window.upcast::<GlobalScope>().get_referrer(), document.get_referrer_policy(), ); let browsing_context_id = BrowsingContextId::new(); diff --git a/components/script/dom/htmlimageelement.rs b/components/script/dom/htmlimageelement.rs index 2e99e491653..893080edd07 100644 --- a/components/script/dom/htmlimageelement.rs +++ b/components/script/dom/htmlimageelement.rs @@ -63,7 +63,7 @@ use net_traits::image_cache::{ CorsStatus, ImageCache, ImageCacheResult, ImageOrMetadataAvailable, ImageResponse, PendingImageId, PendingImageResponse, UsePlaceholder, }; -use net_traits::request::{CorsSettings, Destination, Initiator, RequestBuilder}; +use net_traits::request::{CorsSettings, Destination, Initiator, Referrer, RequestBuilder}; use net_traits::{FetchMetadata, FetchResponseListener, FetchResponseMsg, NetworkError}; use net_traits::{ReferrerPolicy, ResourceFetchTiming, ResourceTimingType}; use num_traits::ToPrimitive; @@ -297,13 +297,14 @@ pub(crate) enum FromPictureOrSrcSet { pub(crate) fn image_fetch_request( img_url: ServoUrl, origin: ImmutableOrigin, + referrer: Referrer, pipeline_id: PipelineId, cors_setting: Option<CorsSettings>, referrer_policy: Option<ReferrerPolicy>, from_picture_or_srcset: FromPictureOrSrcSet, ) -> RequestBuilder { let mut request = - create_a_potential_cors_request(img_url, Destination::Image, cors_setting, None) + create_a_potential_cors_request(img_url, Destination::Image, cors_setting, None, referrer) .origin(origin) .pipeline_id(Some(pipeline_id)) .referrer_policy(referrer_policy); @@ -383,6 +384,7 @@ impl HTMLImageElement { let request = image_fetch_request( img_url.clone(), document.origin().immutable().clone(), + document.global().get_referrer(), document.global().pipeline_id(), cors_setting_for_element(self.upcast()), referrer_policy_for_element(self.upcast()), diff --git a/components/script/dom/htmlmediaelement.rs b/components/script/dom/htmlmediaelement.rs index 3a5e9880375..27af41c2b0e 100644 --- a/components/script/dom/htmlmediaelement.rs +++ b/components/script/dom/htmlmediaelement.rs @@ -77,7 +77,7 @@ use ipc_channel::router::ROUTER; use media::{glplayer_channel, GLPlayerMsg, GLPlayerMsgForward, WindowGLContext}; use net_traits::image::base::Image; use net_traits::image_cache::ImageResponse; -use net_traits::request::{Destination, Referrer}; +use net_traits::request::Destination; use net_traits::{CoreResourceMsg, FetchChannels, FetchMetadata, FetchResponseListener, Metadata}; use net_traits::{NetworkError, ResourceFetchTiming, ResourceTimingType}; use script_layout_interface::HTMLMediaData; @@ -846,12 +846,17 @@ impl HTMLMediaElement { }; let cors_setting = cors_setting_for_element(self.upcast()); - let request = create_a_potential_cors_request(url.clone(), destination, cors_setting, None) - .headers(headers) - .origin(document.origin().immutable().clone()) - .pipeline_id(Some(self.global().pipeline_id())) - .referrer(Some(Referrer::ReferrerUrl(document.url()))) - .referrer_policy(document.get_referrer_policy()); + let request = create_a_potential_cors_request( + url.clone(), + destination, + cors_setting, + None, + self.global().get_referrer(), + ) + .headers(headers) + .origin(document.origin().immutable().clone()) + .pipeline_id(Some(self.global().pipeline_id())) + .referrer_policy(document.get_referrer_policy()); let mut current_fetch_context = self.current_fetch_context.borrow_mut(); if let Some(ref mut current_fetch_context) = *current_fetch_context { diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index bf3de043ff5..9b9bbb619f7 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -324,10 +324,9 @@ pub(crate) fn script_fetch_request( referrer_policy: Option<ReferrerPolicy>, integrity_metadata: String, ) -> RequestBuilder { - create_a_potential_cors_request(url, Destination::Script, cors_setting, None) + create_a_potential_cors_request(url, Destination::Script, cors_setting, None, referrer) .origin(origin) .pipeline_id(Some(pipeline_id)) - .referrer(Some(referrer)) .referrer_policy(referrer_policy) .integrity_metadata(integrity_metadata) } diff --git a/components/script/dom/htmlvideoelement.rs b/components/script/dom/htmlvideoelement.rs index cea37bc173c..2100b70330d 100644 --- a/components/script/dom/htmlvideoelement.rs +++ b/components/script/dom/htmlvideoelement.rs @@ -189,7 +189,7 @@ impl HTMLVideoElement { ) { // Continuation of step 4. let document = document_from_node(self); - let request = RequestBuilder::new(poster_url.clone()) + let request = RequestBuilder::new(poster_url.clone(), document.global().get_referrer()) .destination(Destination::Image) .credentials_mode(CredentialsMode::Include) .use_url_credentials(true) diff --git a/components/script/dom/location.rs b/components/script/dom/location.rs index 5882a024912..48e8ea0c744 100644 --- a/components/script/dom/location.rs +++ b/components/script/dom/location.rs @@ -50,7 +50,7 @@ impl Location { LoadOrigin::Script(document.origin().immutable().clone()), url, Some(pipeline_id), - Some(referrer), + referrer, referrer_policy, ); // TODO: rethrow exceptions, set exceptions enabled flag. diff --git a/components/script/dom/request.rs b/components/script/dom/request.rs index 89d9d54506a..27d2a1e61bc 100644 --- a/components/script/dom/request.rs +++ b/components/script/dom/request.rs @@ -180,7 +180,7 @@ impl Request { // Step 14.2 TODO: "Unset request's reload-navigation flag." // Step 14.3 TODO: "Unset request's history-navigation flag." // Step 14.4 - request.referrer = NetTraitsRequestReferrer::Client; + request.referrer = global.get_referrer(); // Step 14.5 request.referrer_policy = None; } @@ -206,7 +206,7 @@ impl Request { parsed_referrer.path() == "client") || parsed_referrer.origin() != origin { - request.referrer = NetTraitsRequestReferrer::Client; + request.referrer = global.get_referrer(); } else { // Step 15.3.4 request.referrer = NetTraitsRequestReferrer::ReferrerUrl(parsed_referrer); @@ -486,7 +486,8 @@ fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequ let origin = Origin::Origin(global.get_url().origin()); let https_state = global.get_https_state(); let pipeline_id = global.pipeline_id(); - NetTraitsRequest::new(url, Some(origin), Some(pipeline_id), https_state) + let referrer = NetTraitsRequestReferrer::ReferrerUrl(global.get_url()); + NetTraitsRequest::new(url, Some(origin), referrer, Some(pipeline_id), https_state) } // https://fetch.spec.whatwg.org/#concept-method-normalize @@ -567,7 +568,7 @@ impl RequestMethods for Request { let r = self.request.borrow(); USVString(match r.referrer { NetTraitsRequestReferrer::NoReferrer => String::from(""), - NetTraitsRequestReferrer::Client => String::from("about:client"), + NetTraitsRequestReferrer::Client(_) => String::from("about:client"), NetTraitsRequestReferrer::ReferrerUrl(ref u) => { let u_c = u.clone(); u_c.into_string() diff --git a/components/script/dom/serviceworkerglobalscope.rs b/components/script/dom/serviceworkerglobalscope.rs index 840ee81f764..4bea29cda50 100644 --- a/components/script/dom/serviceworkerglobalscope.rs +++ b/components/script/dom/serviceworkerglobalscope.rs @@ -309,18 +309,6 @@ impl ServiceWorkerGlobalScope { pipeline_id, } = worker_load_origin; - let referrer = referrer_url.map(|referrer_url| Referrer::ReferrerUrl(referrer_url)); - - let request = RequestBuilder::new(script_url.clone()) - .destination(Destination::ServiceWorker) - .credentials_mode(CredentialsMode::Include) - .parser_metadata(ParserMetadata::NotParserInserted) - .use_url_credentials(true) - .pipeline_id(Some(pipeline_id)) - .referrer(referrer) - .referrer_policy(referrer_policy) - .origin(origin); - // Service workers are time limited // https://w3c.github.io/ServiceWorker/#service-worker-lifetime let sw_lifetime_timeout = pref!(dom.serviceworker.timeout_seconds) as u64; @@ -333,7 +321,7 @@ impl ServiceWorkerGlobalScope { let resource_threads_sender = init.resource_threads.sender(); let global = ServiceWorkerGlobalScope::new( init, - script_url, + script_url.clone(), devtools_mpsc_port, runtime, own_sender, @@ -344,6 +332,19 @@ impl ServiceWorkerGlobalScope { control_receiver, ); + let referrer = referrer_url + .map(|url| Referrer::ReferrerUrl(url)) + .unwrap_or_else(|| global.upcast::<GlobalScope>().get_referrer()); + + let request = RequestBuilder::new(script_url, referrer) + .destination(Destination::ServiceWorker) + .credentials_mode(CredentialsMode::Include) + .parser_metadata(ParserMetadata::NotParserInserted) + .use_url_credentials(true) + .pipeline_id(Some(pipeline_id)) + .referrer_policy(referrer_policy) + .origin(origin); + let (_url, source) = match load_whole_resource(request, &resource_threads_sender, &*global.upcast()) { diff --git a/components/script/dom/servoparser/prefetch.rs b/components/script/dom/servoparser/prefetch.rs index c7468be7c19..e5ae112620f 100644 --- a/components/script/dom/servoparser/prefetch.rs +++ b/components/script/dom/servoparser/prefetch.rs @@ -126,6 +126,7 @@ impl TokenSink for PrefetchSink { let request = image_fetch_request( url, self.origin.clone(), + self.referrer.clone(), self.pipeline_id, self.get_cors_settings(tag, local_name!("crossorigin")), self.get_referrer_policy(tag, local_name!("referrerpolicy")), diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs index 89aeda77ebd..83d1cf1069d 100644 --- a/components/script/dom/websocket.rs +++ b/components/script/dom/websocket.rs @@ -198,10 +198,9 @@ impl WebSocket { let address = Trusted::new(&*ws); // Step 8. - let request = RequestBuilder::new(url_record) + let request = RequestBuilder::new(url_record, Referrer::NoReferrer) .origin(global.origin().immutable().clone()) - .mode(RequestMode::WebSocket { protocols }) - .referrer(Some(Referrer::NoReferrer)); + .mode(RequestMode::WebSocket { protocols }); let channels = FetchChannels::WebSocket { event_sender: resource_event_sender, diff --git a/components/script/dom/windowproxy.rs b/components/script/dom/windowproxy.rs index 9aac99dc447..8be356e5ea2 100644 --- a/components/script/dom/windowproxy.rs +++ b/components/script/dom/windowproxy.rs @@ -305,7 +305,7 @@ impl WindowProxy { LoadOrigin::Script(document.origin().immutable().clone()), blank_url, None, - Some(Referrer::ReferrerUrl(document.url().clone())), + document.global().get_referrer(), document.get_referrer_policy(), ); let load_info = AuxiliaryBrowsingContextLoadInfo { @@ -506,7 +506,7 @@ impl WindowProxy { let referrer = if noreferrer { Referrer::NoReferrer } else { - Referrer::Client + target_window.upcast::<GlobalScope>().get_referrer() }; // Step 14.5 let referrer_policy = target_document.get_referrer_policy(); @@ -515,7 +515,7 @@ impl WindowProxy { LoadOrigin::Script(existing_document.origin().immutable().clone()), url, Some(pipeline_id), - Some(referrer), + referrer, referrer_policy, ); let replacement_flag = if new { diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs index 9cb99b7d154..3ff31542b56 100644 --- a/components/script/dom/workerglobalscope.rs +++ b/components/script/dom/workerglobalscope.rs @@ -252,7 +252,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { rooted!(in(self.runtime.borrow().as_ref().unwrap().cx()) let mut rval = UndefinedValue()); for url in urls { let global_scope = self.upcast::<GlobalScope>(); - let request = NetRequestInit::new(url.clone()) + let request = NetRequestInit::new(url.clone(), global_scope.get_referrer()) .destination(Destination::Script) .credentials_mode(CredentialsMode::Include) .parser_metadata(ParserMetadata::NotParserInserted) diff --git a/components/script/dom/worklet.rs b/components/script/dom/worklet.rs index 3e92e09257d..46930bbf651 100644 --- a/components/script/dom/worklet.rs +++ b/components/script/dom/worklet.rs @@ -624,11 +624,14 @@ impl WorkletThread { // TODO: Fetch the script asynchronously? // TODO: Caching. let resource_fetcher = self.global_init.resource_threads.sender(); - let request = RequestBuilder::new(script_url) - .destination(Destination::Script) - .mode(RequestMode::CorsMode) - .credentials_mode(credentials.into()) - .origin(origin); + let request = RequestBuilder::new( + script_url, + global_scope.upcast::<GlobalScope>().get_referrer(), + ) + .destination(Destination::Script) + .mode(RequestMode::CorsMode) + .credentials_mode(credentials.into()) + .origin(origin); let script = load_whole_resource( request, diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs index 03a5f5c7bff..2e8a37ea240 100644 --- a/components/script/dom/xmlhttprequest.rs +++ b/components/script/dom/xmlhttprequest.rs @@ -679,28 +679,29 @@ impl XMLHttpRequestMethods for XMLHttpRequest { None => None, }; - let mut request = RequestBuilder::new(self.request_url.borrow().clone().unwrap()) - .method(self.request_method.borrow().clone()) - .headers((*self.request_headers.borrow()).clone()) - .unsafe_request(true) - // XXXManishearth figure out how to avoid this clone - .body(extracted_or_serialized.map(|e| e.into_net_request_body().0)) - // XXXManishearth actually "subresource", but it doesn't exist - // https://github.com/whatwg/xhr/issues/71 - .destination(Destination::None) - .synchronous(self.sync.get()) - .mode(RequestMode::CorsMode) - .use_cors_preflight(has_handlers) - .credentials_mode(credentials_mode) - .use_url_credentials(use_url_credentials) - .origin(self.global().origin().immutable().clone()) - .referrer( - self.referrer_url - .clone() - .map(|referrer_url| Referrer::ReferrerUrl(referrer_url)), - ) - .referrer_policy(self.referrer_policy.clone()) - .pipeline_id(Some(self.global().pipeline_id())); + let mut request = RequestBuilder::new( + self.request_url.borrow().clone().unwrap(), + self.referrer_url + .clone() + .map(|url| Referrer::ReferrerUrl(url)) + .unwrap_or_else(|| self.global().get_referrer()), + ) + .method(self.request_method.borrow().clone()) + .headers((*self.request_headers.borrow()).clone()) + .unsafe_request(true) + // XXXManishearth figure out how to avoid this clone + .body(extracted_or_serialized.map(|e| e.into_net_request_body().0)) + // XXXManishearth actually "subresource", but it doesn't exist + // https://github.com/whatwg/xhr/issues/71 + .destination(Destination::None) + .synchronous(self.sync.get()) + .mode(RequestMode::CorsMode) + .use_cors_preflight(has_handlers) + .credentials_mode(credentials_mode) + .use_url_credentials(use_url_credentials) + .origin(self.global().origin().immutable().clone()) + .referrer_policy(self.referrer_policy.clone()) + .pipeline_id(Some(self.global().pipeline_id())); // step 4 (second half) match content_type { diff --git a/components/script/fetch.rs b/components/script/fetch.rs index e26370016e6..9aaeb204245 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -29,7 +29,7 @@ use ipc_channel::router::ROUTER; use net_traits::request::{ CorsSettings, CredentialsMode, Destination, RequestBuilder, RequestMode, }; -use net_traits::request::{Request as NetTraitsRequest, ServiceWorkersMode}; +use net_traits::request::{Referrer, Request as NetTraitsRequest, ServiceWorkersMode}; use net_traits::CoreResourceMsg::Fetch as NetTraitsFetch; use net_traits::{CoreResourceMsg, CoreResourceThread, FetchResponseMsg}; use net_traits::{FetchChannels, FetchResponseListener, NetworkError}; @@ -117,7 +117,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder { .origin() .immutable() .clone(), - referrer: Some(request.referrer.clone()), + referrer: request.referrer.clone(), referrer_policy: request.referrer_policy, pipeline_id: request.pipeline_id, redirect_mode: request.redirect_mode, @@ -357,8 +357,9 @@ pub(crate) fn create_a_potential_cors_request( destination: Destination, cors_setting: Option<CorsSettings>, same_origin_fallback: Option<bool>, + referrer: Referrer, ) -> RequestBuilder { - RequestBuilder::new(url) + RequestBuilder::new(url, referrer) // https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request // Step 1 .mode(match cors_setting { diff --git a/components/script/layout_image.rs b/components/script/layout_image.rs index 242fa688c51..68ece467ad7 100644 --- a/components/script/layout_image.rs +++ b/components/script/layout_image.rs @@ -110,7 +110,7 @@ pub fn fetch_image_for_layout( }), ); - let request = FetchRequestInit::new(url) + let request = FetchRequestInit::new(url, document.global().get_referrer()) .origin(document.origin().immutable().clone()) .destination(Destination::Image) .pipeline_id(Some(document.global().pipeline_id())); diff --git a/components/script/script_module.rs b/components/script/script_module.rs index 0ffe66d540e..0a890623e62 100644 --- a/components/script/script_module.rs +++ b/components/script/script_module.rs @@ -720,6 +720,8 @@ impl ModuleTree { } // Step 8. + + let referrer = global.get_referrer(); for url in urls { // https://html.spec.whatwg.org/multipage/#internal-module-script-graph-fetching-procedure // Step 1. @@ -731,7 +733,7 @@ impl ModuleTree { url.clone(), visited_urls.clone(), destination.clone(), - Referrer::Client, + referrer.clone(), ParserMetadata::NotParserInserted, "".to_owned(), // integrity credentials_mode.clone(), @@ -1225,6 +1227,7 @@ pub fn fetch_external_module_script( ) { let mut visited_urls = HashSet::new(); visited_urls.insert(url.clone()); + let referrer = owner.global().get_referrer(); // Step 1. fetch_single_module_script( @@ -1232,7 +1235,7 @@ pub fn fetch_external_module_script( url, visited_urls, destination, - Referrer::Client, + referrer, ParserMetadata::NotParserInserted, integrity_metadata, credentials_mode, @@ -1322,10 +1325,9 @@ pub fn fetch_single_module_script( }; // Step 7-8. - let request = RequestBuilder::new(url.clone()) + let request = RequestBuilder::new(url.clone(), referrer) .destination(destination.clone()) .origin(global.origin().immutable().clone()) - .referrer(Some(referrer)) .parser_metadata(parser_metadata) .integrity_metadata(integrity_metadata.clone()) .credentials_mode(credentials_mode) diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 61f597468f8..16f414656e5 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -3669,13 +3669,12 @@ impl ScriptThread { /// argument until a notification is received that the fetch is complete. fn pre_page_load(&self, mut incomplete: InProgressLoad, load_data: LoadData) { let id = incomplete.pipeline_id.clone(); - let req_init = RequestBuilder::new(load_data.url.clone()) + let req_init = RequestBuilder::new(load_data.url.clone(), load_data.referrer) .method(load_data.method) .destination(Destination::Document) .credentials_mode(CredentialsMode::Include) .use_url_credentials(true) .pipeline_id(Some(id)) - .referrer(load_data.referrer) .referrer_policy(load_data.referrer_policy) .headers(load_data.headers) .body(load_data.data) diff --git a/components/script/stylesheet_loader.rs b/components/script/stylesheet_loader.rs index b0c52d5fc8c..9db09deb2b0 100644 --- a/components/script/stylesheet_loader.rs +++ b/components/script/stylesheet_loader.rs @@ -344,10 +344,9 @@ pub(crate) fn stylesheet_fetch_request( referrer_policy: Option<ReferrerPolicy>, integrity_metadata: String, ) -> RequestBuilder { - create_a_potential_cors_request(url, Destination::Style, cors_setting, None) + create_a_potential_cors_request(url, Destination::Style, cors_setting, None, referrer) .origin(origin) .pipeline_id(Some(pipeline_id)) - .referrer(Some(referrer)) .referrer_policy(referrer_policy) .integrity_metadata(integrity_metadata) } diff --git a/components/script_traits/lib.rs b/components/script_traits/lib.rs index b3e92cbce21..d50f34ed554 100644 --- a/components/script_traits/lib.rs +++ b/components/script_traits/lib.rs @@ -176,7 +176,7 @@ pub struct LoadData { /// The result of evaluating a javascript scheme url. pub js_eval_result: Option<JsEvalResult>, /// The referrer. - pub referrer: Option<Referrer>, + pub referrer: Referrer, /// The referrer policy. pub referrer_policy: Option<ReferrerPolicy>, @@ -200,7 +200,7 @@ impl LoadData { load_origin: LoadOrigin, url: ServoUrl, creator_pipeline_id: Option<PipelineId>, - referrer: Option<Referrer>, + referrer: Referrer, referrer_policy: Option<ReferrerPolicy>, ) -> LoadData { LoadData { diff --git a/components/webdriver_server/Cargo.toml b/components/webdriver_server/Cargo.toml index 2e8ffbb4708..146f825c89d 100644 --- a/components/webdriver_server/Cargo.toml +++ b/components/webdriver_server/Cargo.toml @@ -22,6 +22,7 @@ ipc-channel = "0.14" keyboard-types = "0.4.3" log = "0.4" msg = { path = "../msg" } +net_traits = { path = "../net_traits" } pixels = { path = "../pixels" } script_traits = { path = "../script_traits" } serde = "1" diff --git a/components/webdriver_server/lib.rs b/components/webdriver_server/lib.rs index 50fe8d8c867..3b53127d0d9 100644 --- a/components/webdriver_server/lib.rs +++ b/components/webdriver_server/lib.rs @@ -28,6 +28,7 @@ use ipc_channel::ipc::{self, IpcSender}; use ipc_channel::router::ROUTER; use keyboard_types::webdriver::send_keys; use msg::constellation_msg::{BrowsingContextId, TopLevelBrowsingContextId, TraversalDirection}; +use net_traits::request::Referrer; use pixels::PixelFormat; use script_traits::webdriver_msg::{LoadStatus, WebDriverCookieError, WebDriverFrameId}; use script_traits::webdriver_msg::{ @@ -643,7 +644,7 @@ impl Handler { let top_level_browsing_context_id = self.session()?.top_level_browsing_context_id; - let load_data = LoadData::new(LoadOrigin::WebDriver, url, None, None, None); + let load_data = LoadData::new(LoadOrigin::WebDriver, url, None, Referrer::NoReferrer, None); let cmd_msg = WebDriverCommandMsg::LoadUrl( top_level_browsing_context_id, load_data, |