diff options
| author | Alexandrov Sergey <splavgm@gmail.com> | 2020-05-16 22:46:50 +0300 |
|---|---|---|
| committer | Alexandrov Sergey <splavgm@gmail.com> | 2020-05-19 20:06:59 +0300 |
| commit | a7c5c976161320dc5d3983cbd8d70229c633afd5 (patch) | |
| tree | 21ca371fdec141712b37812bec5638542a43a7cd /components | |
| parent | 79b6758cb91985245a79824fb1983fe3af4b11fb (diff) | |
| download | servo-a7c5c976161320dc5d3983cbd8d70229c633afd5.tar.gz servo-a7c5c976161320dc5d3983cbd8d70229c633afd5.zip | |
check http_state in determine_request_referrer
Diffstat (limited to 'components')
| -rw-r--r-- | components/net/fetch/methods.rs | 1 | ||||
| -rw-r--r-- | components/net/http_loader.rs | 62 | ||||
| -rw-r--r-- | components/net/tests/data_loader.rs | 4 | ||||
| -rw-r--r-- | components/net/tests/fetch.rs | 64 | ||||
| -rw-r--r-- | components/net/tests/http_cache.rs | 3 | ||||
| -rw-r--r-- | components/net/tests/http_loader.rs | 4 | ||||
| -rw-r--r-- | components/net_traits/request.rs | 18 | ||||
| -rw-r--r-- | components/script/dom/dedicatedworkerglobalscope.rs | 4 | ||||
| -rw-r--r-- | components/script/dom/document.rs | 1 | ||||
| -rw-r--r-- | components/script/dom/globalscope.rs | 13 | ||||
| -rw-r--r-- | components/script/dom/request.rs | 3 | ||||
| -rw-r--r-- | components/script/fetch.rs | 2 |
12 files changed, 133 insertions, 46 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 191ea0cb41f..42551f98173 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -250,6 +250,7 @@ pub fn main_fetch( request.referrer_policy.unwrap(), url, current_url, + request.https_state, ) }, }; diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 9dd981d8c25..6cc054c3e23 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -166,28 +166,65 @@ pub fn set_default_accept_language(headers: &mut HeaderMap) { } /// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-state-no-referrer-when-downgrade> -fn no_referrer_when_downgrade_header(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> { - if referrer_url.scheme() == "https" && url.scheme() != "https" { +fn no_referrer_when_downgrade_header( + referrer_url: ServoUrl, + url: ServoUrl, + https_state: HttpsState, +) -> Option<ServoUrl> { + if https_state == HttpsState::Modern && !is_origin_trustworthy(url) { return None; } return strip_url(referrer_url, false); } /// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin> -fn strict_origin(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> { - if referrer_url.scheme() == "https" && url.scheme() != "https" { +fn strict_origin( + referrer_url: ServoUrl, + url: ServoUrl, + https_state: HttpsState, +) -> Option<ServoUrl> { + if https_state == HttpsState::Modern && !is_origin_trustworthy(url) { return None; } strip_url(referrer_url, true) } /// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin> -fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> { - if referrer_url.scheme() == "https" && url.scheme() != "https" { +fn strict_origin_when_cross_origin( + referrer_url: ServoUrl, + url: ServoUrl, + https_state: HttpsState, +) -> Option<ServoUrl> { + let same_origin = referrer_url.origin() == url.origin(); + if same_origin { + return strip_url(referrer_url, false); + } + if https_state == HttpsState::Modern && !is_origin_trustworthy(url) { return None; } - let cross_origin = referrer_url.origin() != url.origin(); - strip_url(referrer_url, cross_origin) + strip_url(referrer_url, true) +} + +/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy> +fn is_origin_trustworthy(url: ServoUrl) -> bool { + match url.origin() { + // Step 1 + ImmutableOrigin::Opaque(_) => false, + ImmutableOrigin::Tuple(_, _, _) => { + // Step 3 + if url.scheme() == "https" || url.scheme() == "wss" { + return true; + } + // Step 4-5 TODO + // Step 6 + if url.scheme() == "file" { + return true; + } + // Step 7-8 TODO + // Step 9 + false + }, + } } /// https://html.spec.whatwg.org/multipage/#schemelessly-same-site @@ -239,13 +276,12 @@ pub fn determine_request_referrer( referrer_policy: ReferrerPolicy, referrer_source: ServoUrl, current_url: ServoUrl, + https_state: HttpsState, ) -> Option<ServoUrl> { assert!(!headers.contains_key(header::REFERER)); // FIXME(#14505): this does not seem to be the correct way of checking for // same-origin requests. let cross_origin = referrer_source.origin() != current_url.origin(); - // FIXME(#14506): some of these cases are expected to consider whether the - // request's client is "TLS-protected", whatever that means. match referrer_policy { ReferrerPolicy::NoReferrer => None, ReferrerPolicy::Origin => strip_url(referrer_source, true), @@ -258,12 +294,12 @@ pub fn determine_request_referrer( }, ReferrerPolicy::UnsafeUrl => strip_url(referrer_source, false), ReferrerPolicy::OriginWhenCrossOrigin => strip_url(referrer_source, cross_origin), - ReferrerPolicy::StrictOrigin => strict_origin(referrer_source, current_url), + ReferrerPolicy::StrictOrigin => strict_origin(referrer_source, current_url, https_state), ReferrerPolicy::StrictOriginWhenCrossOrigin => { - strict_origin_when_cross_origin(referrer_source, current_url) + strict_origin_when_cross_origin(referrer_source, current_url, https_state) }, ReferrerPolicy::NoReferrerWhenDowngrade => { - no_referrer_when_downgrade_header(referrer_source, current_url) + no_referrer_when_downgrade_header(referrer_source, current_url, https_state) }, } } diff --git a/components/net/tests/data_loader.rs b/components/net/tests/data_loader.rs index 9d1943def74..3e7cde682f4 100644 --- a/components/net/tests/data_loader.rs +++ b/components/net/tests/data_loader.rs @@ -7,7 +7,7 @@ use headers::{ContentType, HeaderMapExt}; use hyper_serde::Serde; use mime::{self, Mime}; use net_traits::request::{Origin, Request}; -use net_traits::response::ResponseBody; +use net_traits::response::{HttpsState, ResponseBody}; use net_traits::{FetchMetadata, FilteredMetadata, NetworkError}; use servo_url::ServoUrl; use std::ops::Deref; @@ -21,7 +21,7 @@ fn assert_parse( ) { let url = ServoUrl::parse(url).unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); let response = fetch(&mut request, None); diff --git a/components/net/tests/fetch.rs b/components/net/tests/fetch.rs index 4d338ce6391..38797cf027b 100644 --- a/components/net/tests/fetch.rs +++ b/components/net/tests/fetch.rs @@ -33,7 +33,7 @@ use net_traits::filemanager_thread::FileTokenCheck; use net_traits::request::{ Destination, Origin, RedirectMode, Referrer, Request, RequestBuilder, RequestMode, }; -use net_traits::response::{CacheState, Response, ResponseBody, ResponseType}; +use net_traits::response::{CacheState, HttpsState, Response, ResponseBody, ResponseType}; use net_traits::{ FetchTaskTarget, IncludeSubdomains, NetworkError, ReferrerPolicy, ResourceFetchTiming, ResourceTimingType, @@ -59,7 +59,7 @@ fn test_fetch_response_is_not_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -73,7 +73,7 @@ fn test_fetch_response_is_not_network_error() { fn test_fetch_on_bad_port_is_network_error() { let url = ServoUrl::parse("http://www.example.org:6667").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); @@ -93,7 +93,7 @@ fn test_fetch_response_body_matches_const_message() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -113,7 +113,7 @@ fn test_fetch_response_body_matches_const_message() { fn test_fetch_aboutblank() { let url = ServoUrl::parse("about:blank").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); @@ -174,7 +174,12 @@ fn test_fetch_blob() { .promote_memory(id.clone(), blob_buf, true, "http://www.example.org".into()); let url = ServoUrl::parse(&format!("blob:{}{}", origin.as_str(), id.to_simple())).unwrap(); - let mut request = Request::new(url, Some(Origin::Origin(origin.origin())), None); + let mut request = Request::new( + url, + Some(Origin::Origin(origin.origin())), + None, + HttpsState::None, + ); let (sender, receiver) = unbounded(); @@ -215,7 +220,7 @@ fn test_file() { let url = ServoUrl::from_file_path(path.clone()).unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); let pool = CoreResourceThreadPool::new(1); let pool_handle = Arc::new(pool); @@ -257,7 +262,7 @@ fn test_file() { fn test_fetch_ftp() { let url = ServoUrl::parse("ftp://not-supported").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); @@ -267,7 +272,7 @@ fn test_fetch_ftp() { fn test_fetch_bogus_scheme() { let url = ServoUrl::parse("bogus://whatever").unwrap(); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); assert!(fetch_response.is_network_error()); @@ -314,7 +319,7 @@ fn test_cors_preflight_fetch() { let target_url = url.clone().join("a.html").unwrap(); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url.clone(), Some(origin), None); + let mut request = Request::new(url.clone(), Some(origin), None, HttpsState::None); request.referrer = Referrer::ReferrerUrl(target_url); request.referrer_policy = Some(ReferrerPolicy::Origin); request.use_cors_preflight = true; @@ -366,7 +371,7 @@ fn test_cors_preflight_cache_fetch() { let (server, url) = make_server(handler); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url.clone(), Some(origin.clone()), None); + let mut request = Request::new(url.clone(), Some(origin.clone()), None, HttpsState::None); request.referrer = Referrer::NoReferrer; request.use_cors_preflight = true; request.mode = RequestMode::CorsMode; @@ -428,7 +433,7 @@ fn test_cors_preflight_fetch_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.method = Method::from_bytes(b"CHICKEN").unwrap(); request.referrer = Referrer::NoReferrer; request.use_cors_preflight = true; @@ -457,7 +462,7 @@ fn test_fetch_response_is_basic_filtered() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -520,7 +525,7 @@ fn test_fetch_response_is_cors_filtered() { // an origin mis-match will stop it from defaulting to a basic filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; request.mode = RequestMode::CorsMode; let fetch_response = fetch(&mut request, None); @@ -554,7 +559,7 @@ fn test_fetch_response_is_opaque_filtered() { // an origin mis-match will fall through to an Opaque filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -602,7 +607,7 @@ fn test_fetch_response_is_opaque_redirect_filtered() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; request.redirect_mode = RedirectMode::Manual; let fetch_response = fetch(&mut request, None); @@ -636,7 +641,7 @@ fn test_fetch_with_local_urls_only() { let do_fetch = |url: ServoUrl| { let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; // Set the flag. @@ -698,7 +703,7 @@ fn test_fetch_with_hsts() { ); } let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; // Set the flag. request.local_urls_only = false; @@ -780,7 +785,7 @@ fn test_fetch_with_sri_network_error() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; // To calulate hash use : // echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A @@ -804,7 +809,7 @@ fn test_fetch_with_sri_sucess() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; // To calulate hash use : // echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A @@ -844,7 +849,7 @@ fn test_fetch_blocked_nosniff() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.destination = destination; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -888,7 +893,7 @@ fn setup_server_and_fetch(message: &'static [u8], redirect_cap: u32) -> Response let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); let _ = server.close(); @@ -976,7 +981,7 @@ fn test_fetch_redirect_updates_method_runner( let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; request.method = method; @@ -1059,7 +1064,7 @@ fn test_fetch_async_returns_complete_response() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); @@ -1078,7 +1083,7 @@ fn test_opaque_filtered_fetch_async_returns_complete_response() { // an origin mis-match will fall through to an Opaque filtered response let origin = Origin::Origin(ImmutableOrigin::new_opaque()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; let fetch_response = fetch(&mut request, None); @@ -1114,7 +1119,7 @@ fn test_opaque_redirect_filtered_fetch_async_returns_complete_response() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url, Some(origin), None); + let mut request = Request::new(url, Some(origin), None, HttpsState::None); request.referrer = Referrer::NoReferrer; request.redirect_mode = RedirectMode::Manual; @@ -1136,7 +1141,12 @@ fn test_fetch_with_devtools() { let (server, url) = make_server(handler); let origin = Origin::Origin(url.origin()); - let mut request = Request::new(url.clone(), Some(origin), Some(TEST_PIPELINE_ID)); + let mut request = Request::new( + url.clone(), + Some(origin), + Some(TEST_PIPELINE_ID), + HttpsState::None, + ); request.referrer = Referrer::NoReferrer; let (devtools_chan, devtools_port) = unbounded(); diff --git a/components/net/tests/http_cache.rs b/components/net/tests/http_cache.rs index 743e6f43188..c56f4c59d72 100644 --- a/components/net/tests/http_cache.rs +++ b/components/net/tests/http_cache.rs @@ -8,7 +8,7 @@ use http::StatusCode; use msg::constellation_msg::TEST_PIPELINE_ID; use net::http_cache::HttpCache; use net_traits::request::{Origin, Request}; -use net_traits::response::{Response, ResponseBody}; +use net_traits::response::{HttpsState, Response, ResponseBody}; use net_traits::{ResourceFetchTiming, ResourceTimingType}; use servo_url::ServoUrl; @@ -24,6 +24,7 @@ fn test_refreshing_resource_sets_done_chan_the_appropriate_value() { url.clone(), Some(Origin::Origin(url.clone().origin())), Some(TEST_PIPELINE_ID), + HttpsState::None, ); let timing = ResourceFetchTiming::new(ResourceTimingType::Navigation); let mut response = Response::new(url.clone(), timing); diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index ed1b2939b59..aa4e20cc8a3 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -31,7 +31,7 @@ use net::http_loader::determine_request_referrer; use net::resource_thread::AuthCacheEntry; use net::test::replace_host_table; use net_traits::request::{CredentialsMode, Destination, RequestBuilder, RequestMode}; -use net_traits::response::ResponseBody; +use net_traits::response::{HttpsState, ResponseBody}; use net_traits::{CookieSource, NetworkError, ReferrerPolicy}; use servo_url::{ImmutableOrigin, ServoUrl}; use std::collections::HashMap; @@ -1433,6 +1433,7 @@ fn test_determine_request_referrer_shorter_than_4k() { ReferrerPolicy::UnsafeUrl, referrer_source, current_url, + HttpsState::None, ); assert_eq!( @@ -1457,6 +1458,7 @@ fn test_determine_request_referrer_longer_than_4k() { ReferrerPolicy::UnsafeUrl, referrer_source, current_url, + HttpsState::None, ); assert_eq!(referer.unwrap().as_str(), "http://example.com/"); diff --git a/components/net_traits/request.rs b/components/net_traits/request.rs index 363d0c20458..d61e2496683 100644 --- a/components/net_traits/request.rs +++ b/components/net_traits/request.rs @@ -2,6 +2,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ +use crate::response::HttpsState; use crate::ReferrerPolicy; use crate::ResourceTimingType; use content_security_policy::{self as csp, CspList}; @@ -156,6 +157,7 @@ pub struct RequestBuilder { pub url_list: Vec<ServoUrl>, pub parser_metadata: ParserMetadata, pub initiator: Initiator, + pub https_state: HttpsState, } impl RequestBuilder { @@ -184,6 +186,7 @@ impl RequestBuilder { parser_metadata: ParserMetadata::Default, initiator: Initiator::None, csp_list: None, + https_state: HttpsState::None, } } @@ -277,11 +280,17 @@ impl RequestBuilder { self } + pub fn https_state(mut self, https_state: HttpsState) -> RequestBuilder { + self.https_state = https_state; + self + } + pub fn build(self) -> Request { let mut request = Request::new( self.url.clone(), Some(Origin::Origin(self.origin)), self.pipeline_id, + self.https_state, ); request.initiator = self.initiator; request.method = self.method; @@ -380,10 +389,16 @@ pub struct Request { // boundary every time a redirect occurs. #[ignore_malloc_size_of = "Defined in rust-content-security-policy"] pub csp_list: Option<CspList>, + pub https_state: HttpsState, } impl Request { - pub fn new(url: ServoUrl, origin: Option<Origin>, pipeline_id: Option<PipelineId>) -> Request { + pub fn new( + url: ServoUrl, + origin: Option<Origin>, + pipeline_id: Option<PipelineId>, + https_state: HttpsState, + ) -> Request { Request { method: Method::GET, local_urls_only: false, @@ -413,6 +428,7 @@ impl Request { redirect_count: 0, response_tainting: ResponseTainting::Basic, csp_list: None, + https_state: https_state, } } diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index bc956241dac..42f1d19e4af 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -306,6 +306,7 @@ impl DedicatedWorkerGlobalScope { let current_global = GlobalScope::current().expect("No current global object"); let origin = current_global.origin().immutable().clone(); let parent = current_global.runtime_handle(); + let current_global_https_state = current_global.get_https_state(); thread::Builder::new() .name(name) @@ -375,6 +376,8 @@ impl DedicatedWorkerGlobalScope { let scope = global.upcast::<WorkerGlobalScope>(); let global_scope = global.upcast::<GlobalScope>(); + global_scope.set_https_state(current_global_https_state); + let (metadata, bytes) = match load_whole_resource( request, &global_scope.resource_threads().sender(), @@ -395,6 +398,7 @@ impl DedicatedWorkerGlobalScope { Ok((metadata, bytes)) => (metadata, bytes), }; scope.set_url(metadata.final_url); + global_scope.set_https_state(metadata.https_state); let source = String::from_utf8_lossy(&bytes); unsafe { diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index efb3277f1cf..86942b67521 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -1872,6 +1872,7 @@ impl Document { fetch_target: IpcSender<FetchResponseMsg>, ) { request.csp_list = self.get_csp_list().map(|x| x.clone()); + request.https_state = self.https_state.get(); let mut loader = self.loader.borrow_mut(); loader.fetch_async(load, request, fetch_target); } diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 699f4b58ce4..e578f31c190 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -87,6 +87,7 @@ use net_traits::filemanager_thread::{ FileManagerResult, FileManagerThreadMsg, ReadFileProgress, RelativePos, }; use net_traits::image_cache::ImageCache; +use net_traits::response::HttpsState; use net_traits::{CoreResourceMsg, CoreResourceThread, IpcSend, ResourceThreads}; use parking_lot::Mutex; use profile_traits::{ipc as profile_ipc, mem as profile_mem, time as profile_time}; @@ -238,6 +239,9 @@ pub struct GlobalScope { // https://w3c.github.io/performance-timeline/#supportedentrytypes-attribute #[ignore_malloc_size_of = "mozjs"] frozen_supported_performance_entry_types: DomRefCell<Option<Heap<JSVal>>>, + + /// currect https state (from previous request) + https_state: Cell<HttpsState>, } /// A wrapper for glue-code between the ipc router and the event-loop. @@ -588,6 +592,7 @@ impl GlobalScope { user_agent, gpu_id_hub, frozen_supported_performance_entry_types: DomRefCell::new(Default::default()), + https_state: Cell::new(HttpsState::None), } } @@ -2503,6 +2508,14 @@ impl GlobalScope { self.user_agent.clone() } + pub fn get_https_state(&self) -> HttpsState { + self.https_state.get() + } + + pub fn set_https_state(&self, https_state: HttpsState) { + self.https_state.set(https_state); + } + /// https://www.w3.org/TR/CSP/#get-csp-of-object pub fn get_csp_list(&self) -> Option<CspList> { if let Some(window) = self.downcast::<Window>() { diff --git a/components/script/dom/request.rs b/components/script/dom/request.rs index 6dbe810b81a..7ae8c07663a 100644 --- a/components/script/dom/request.rs +++ b/components/script/dom/request.rs @@ -507,8 +507,9 @@ impl Request { fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequest { let origin = Origin::Origin(global.get_url().origin()); + let https_state = global.get_https_state(); let pipeline_id = global.pipeline_id(); - NetTraitsRequest::new(url, Some(origin), Some(pipeline_id)) + NetTraitsRequest::new(url, Some(origin), Some(pipeline_id), https_state) } // https://fetch.spec.whatwg.org/#concept-method-normalize diff --git a/components/script/fetch.rs b/components/script/fetch.rs index a1ba638a8d5..3f8e27c556c 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -128,6 +128,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder { parser_metadata: request.parser_metadata, initiator: request.initiator, csp_list: None, + https_state: request.https_state, } } @@ -315,6 +316,7 @@ pub fn load_whole_resource( core_resource_thread: &CoreResourceThread, global: &GlobalScope, ) -> Result<(Metadata, Vec<u8>), NetworkError> { + let request = request.https_state(global.get_https_state()); let (action_sender, action_receiver) = ipc::channel().unwrap(); let url = request.url.clone(); core_resource_thread |