aboutsummaryrefslogtreecommitdiffstats
path: root/components/net
diff options
context:
space:
mode:
Diffstat (limited to 'components/net')
-rw-r--r--components/net/fetch/methods.rs1
-rw-r--r--components/net/http_loader.rs62
-rw-r--r--components/net/tests/data_loader.rs4
-rw-r--r--components/net/tests/fetch.rs64
-rw-r--r--components/net/tests/http_cache.rs3
-rw-r--r--components/net/tests/http_loader.rs4
6 files changed, 94 insertions, 44 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
index 191ea0cb41f..42551f98173 100644
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@@ -250,6 +250,7 @@ pub fn main_fetch(
request.referrer_policy.unwrap(),
url,
current_url,
+ request.https_state,
)
},
};
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
index 9dd981d8c25..6cc054c3e23 100644
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@@ -166,28 +166,65 @@ pub fn set_default_accept_language(headers: &mut HeaderMap) {
}
/// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-state-no-referrer-when-downgrade>
-fn no_referrer_when_downgrade_header(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> {
- if referrer_url.scheme() == "https" && url.scheme() != "https" {
+fn no_referrer_when_downgrade_header(
+ referrer_url: ServoUrl,
+ url: ServoUrl,
+ https_state: HttpsState,
+) -> Option<ServoUrl> {
+ if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
return None;
}
return strip_url(referrer_url, false);
}
/// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin>
-fn strict_origin(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> {
- if referrer_url.scheme() == "https" && url.scheme() != "https" {
+fn strict_origin(
+ referrer_url: ServoUrl,
+ url: ServoUrl,
+ https_state: HttpsState,
+) -> Option<ServoUrl> {
+ if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
return None;
}
strip_url(referrer_url, true)
}
/// <https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin>
-fn strict_origin_when_cross_origin(referrer_url: ServoUrl, url: ServoUrl) -> Option<ServoUrl> {
- if referrer_url.scheme() == "https" && url.scheme() != "https" {
+fn strict_origin_when_cross_origin(
+ referrer_url: ServoUrl,
+ url: ServoUrl,
+ https_state: HttpsState,
+) -> Option<ServoUrl> {
+ let same_origin = referrer_url.origin() == url.origin();
+ if same_origin {
+ return strip_url(referrer_url, false);
+ }
+ if https_state == HttpsState::Modern && !is_origin_trustworthy(url) {
return None;
}
- let cross_origin = referrer_url.origin() != url.origin();
- strip_url(referrer_url, cross_origin)
+ strip_url(referrer_url, true)
+}
+
+/// <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>
+fn is_origin_trustworthy(url: ServoUrl) -> bool {
+ match url.origin() {
+ // Step 1
+ ImmutableOrigin::Opaque(_) => false,
+ ImmutableOrigin::Tuple(_, _, _) => {
+ // Step 3
+ if url.scheme() == "https" || url.scheme() == "wss" {
+ return true;
+ }
+ // Step 4-5 TODO
+ // Step 6
+ if url.scheme() == "file" {
+ return true;
+ }
+ // Step 7-8 TODO
+ // Step 9
+ false
+ },
+ }
}
/// https://html.spec.whatwg.org/multipage/#schemelessly-same-site
@@ -239,13 +276,12 @@ pub fn determine_request_referrer(
referrer_policy: ReferrerPolicy,
referrer_source: ServoUrl,
current_url: ServoUrl,
+ https_state: HttpsState,
) -> Option<ServoUrl> {
assert!(!headers.contains_key(header::REFERER));
// FIXME(#14505): this does not seem to be the correct way of checking for
// same-origin requests.
let cross_origin = referrer_source.origin() != current_url.origin();
- // FIXME(#14506): some of these cases are expected to consider whether the
- // request's client is "TLS-protected", whatever that means.
match referrer_policy {
ReferrerPolicy::NoReferrer => None,
ReferrerPolicy::Origin => strip_url(referrer_source, true),
@@ -258,12 +294,12 @@ pub fn determine_request_referrer(
},
ReferrerPolicy::UnsafeUrl => strip_url(referrer_source, false),
ReferrerPolicy::OriginWhenCrossOrigin => strip_url(referrer_source, cross_origin),
- ReferrerPolicy::StrictOrigin => strict_origin(referrer_source, current_url),
+ ReferrerPolicy::StrictOrigin => strict_origin(referrer_source, current_url, https_state),
ReferrerPolicy::StrictOriginWhenCrossOrigin => {
- strict_origin_when_cross_origin(referrer_source, current_url)
+ strict_origin_when_cross_origin(referrer_source, current_url, https_state)
},
ReferrerPolicy::NoReferrerWhenDowngrade => {
- no_referrer_when_downgrade_header(referrer_source, current_url)
+ no_referrer_when_downgrade_header(referrer_source, current_url, https_state)
},
}
}
diff --git a/components/net/tests/data_loader.rs b/components/net/tests/data_loader.rs
index 9d1943def74..3e7cde682f4 100644
--- a/components/net/tests/data_loader.rs
+++ b/components/net/tests/data_loader.rs
@@ -7,7 +7,7 @@ use headers::{ContentType, HeaderMapExt};
use hyper_serde::Serde;
use mime::{self, Mime};
use net_traits::request::{Origin, Request};
-use net_traits::response::ResponseBody;
+use net_traits::response::{HttpsState, ResponseBody};
use net_traits::{FetchMetadata, FilteredMetadata, NetworkError};
use servo_url::ServoUrl;
use std::ops::Deref;
@@ -21,7 +21,7 @@ fn assert_parse(
) {
let url = ServoUrl::parse(url).unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
let response = fetch(&mut request, None);
diff --git a/components/net/tests/fetch.rs b/components/net/tests/fetch.rs
index 4d338ce6391..38797cf027b 100644
--- a/components/net/tests/fetch.rs
+++ b/components/net/tests/fetch.rs
@@ -33,7 +33,7 @@ use net_traits::filemanager_thread::FileTokenCheck;
use net_traits::request::{
Destination, Origin, RedirectMode, Referrer, Request, RequestBuilder, RequestMode,
};
-use net_traits::response::{CacheState, Response, ResponseBody, ResponseType};
+use net_traits::response::{CacheState, HttpsState, Response, ResponseBody, ResponseType};
use net_traits::{
FetchTaskTarget, IncludeSubdomains, NetworkError, ReferrerPolicy, ResourceFetchTiming,
ResourceTimingType,
@@ -59,7 +59,7 @@ fn test_fetch_response_is_not_network_error() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -73,7 +73,7 @@ fn test_fetch_response_is_not_network_error() {
fn test_fetch_on_bad_port_is_network_error() {
let url = ServoUrl::parse("http://www.example.org:6667").unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
assert!(fetch_response.is_network_error());
@@ -93,7 +93,7 @@ fn test_fetch_response_body_matches_const_message() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -113,7 +113,7 @@ fn test_fetch_response_body_matches_const_message() {
fn test_fetch_aboutblank() {
let url = ServoUrl::parse("about:blank").unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
@@ -174,7 +174,12 @@ fn test_fetch_blob() {
.promote_memory(id.clone(), blob_buf, true, "http://www.example.org".into());
let url = ServoUrl::parse(&format!("blob:{}{}", origin.as_str(), id.to_simple())).unwrap();
- let mut request = Request::new(url, Some(Origin::Origin(origin.origin())), None);
+ let mut request = Request::new(
+ url,
+ Some(Origin::Origin(origin.origin())),
+ None,
+ HttpsState::None,
+ );
let (sender, receiver) = unbounded();
@@ -215,7 +220,7 @@ fn test_file() {
let url = ServoUrl::from_file_path(path.clone()).unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
let pool = CoreResourceThreadPool::new(1);
let pool_handle = Arc::new(pool);
@@ -257,7 +262,7 @@ fn test_file() {
fn test_fetch_ftp() {
let url = ServoUrl::parse("ftp://not-supported").unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
assert!(fetch_response.is_network_error());
@@ -267,7 +272,7 @@ fn test_fetch_ftp() {
fn test_fetch_bogus_scheme() {
let url = ServoUrl::parse("bogus://whatever").unwrap();
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
assert!(fetch_response.is_network_error());
@@ -314,7 +319,7 @@ fn test_cors_preflight_fetch() {
let target_url = url.clone().join("a.html").unwrap();
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url.clone(), Some(origin), None);
+ let mut request = Request::new(url.clone(), Some(origin), None, HttpsState::None);
request.referrer = Referrer::ReferrerUrl(target_url);
request.referrer_policy = Some(ReferrerPolicy::Origin);
request.use_cors_preflight = true;
@@ -366,7 +371,7 @@ fn test_cors_preflight_cache_fetch() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url.clone(), Some(origin.clone()), None);
+ let mut request = Request::new(url.clone(), Some(origin.clone()), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
request.use_cors_preflight = true;
request.mode = RequestMode::CorsMode;
@@ -428,7 +433,7 @@ fn test_cors_preflight_fetch_network_error() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.method = Method::from_bytes(b"CHICKEN").unwrap();
request.referrer = Referrer::NoReferrer;
request.use_cors_preflight = true;
@@ -457,7 +462,7 @@ fn test_fetch_response_is_basic_filtered() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -520,7 +525,7 @@ fn test_fetch_response_is_cors_filtered() {
// an origin mis-match will stop it from defaulting to a basic filtered response
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
request.mode = RequestMode::CorsMode;
let fetch_response = fetch(&mut request, None);
@@ -554,7 +559,7 @@ fn test_fetch_response_is_opaque_filtered() {
// an origin mis-match will fall through to an Opaque filtered response
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -602,7 +607,7 @@ fn test_fetch_response_is_opaque_redirect_filtered() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
request.redirect_mode = RedirectMode::Manual;
let fetch_response = fetch(&mut request, None);
@@ -636,7 +641,7 @@ fn test_fetch_with_local_urls_only() {
let do_fetch = |url: ServoUrl| {
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
// Set the flag.
@@ -698,7 +703,7 @@ fn test_fetch_with_hsts() {
);
}
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
// Set the flag.
request.local_urls_only = false;
@@ -780,7 +785,7 @@ fn test_fetch_with_sri_network_error() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
// To calulate hash use :
// echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A
@@ -804,7 +809,7 @@ fn test_fetch_with_sri_sucess() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
// To calulate hash use :
// echo -n "alert('Hello, Network Error');" | openssl dgst -sha384 -binary | openssl base64 -A
@@ -844,7 +849,7 @@ fn test_fetch_blocked_nosniff() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.destination = destination;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -888,7 +893,7 @@ fn setup_server_and_fetch(message: &'static [u8], redirect_cap: u32) -> Response
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
let _ = server.close();
@@ -976,7 +981,7 @@ fn test_fetch_redirect_updates_method_runner(
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
request.method = method;
@@ -1059,7 +1064,7 @@ fn test_fetch_async_returns_complete_response() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
@@ -1078,7 +1083,7 @@ fn test_opaque_filtered_fetch_async_returns_complete_response() {
// an origin mis-match will fall through to an Opaque filtered response
let origin = Origin::Origin(ImmutableOrigin::new_opaque());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
let fetch_response = fetch(&mut request, None);
@@ -1114,7 +1119,7 @@ fn test_opaque_redirect_filtered_fetch_async_returns_complete_response() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url, Some(origin), None);
+ let mut request = Request::new(url, Some(origin), None, HttpsState::None);
request.referrer = Referrer::NoReferrer;
request.redirect_mode = RedirectMode::Manual;
@@ -1136,7 +1141,12 @@ fn test_fetch_with_devtools() {
let (server, url) = make_server(handler);
let origin = Origin::Origin(url.origin());
- let mut request = Request::new(url.clone(), Some(origin), Some(TEST_PIPELINE_ID));
+ let mut request = Request::new(
+ url.clone(),
+ Some(origin),
+ Some(TEST_PIPELINE_ID),
+ HttpsState::None,
+ );
request.referrer = Referrer::NoReferrer;
let (devtools_chan, devtools_port) = unbounded();
diff --git a/components/net/tests/http_cache.rs b/components/net/tests/http_cache.rs
index 743e6f43188..c56f4c59d72 100644
--- a/components/net/tests/http_cache.rs
+++ b/components/net/tests/http_cache.rs
@@ -8,7 +8,7 @@ use http::StatusCode;
use msg::constellation_msg::TEST_PIPELINE_ID;
use net::http_cache::HttpCache;
use net_traits::request::{Origin, Request};
-use net_traits::response::{Response, ResponseBody};
+use net_traits::response::{HttpsState, Response, ResponseBody};
use net_traits::{ResourceFetchTiming, ResourceTimingType};
use servo_url::ServoUrl;
@@ -24,6 +24,7 @@ fn test_refreshing_resource_sets_done_chan_the_appropriate_value() {
url.clone(),
Some(Origin::Origin(url.clone().origin())),
Some(TEST_PIPELINE_ID),
+ HttpsState::None,
);
let timing = ResourceFetchTiming::new(ResourceTimingType::Navigation);
let mut response = Response::new(url.clone(), timing);
diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs
index ed1b2939b59..aa4e20cc8a3 100644
--- a/components/net/tests/http_loader.rs
+++ b/components/net/tests/http_loader.rs
@@ -31,7 +31,7 @@ use net::http_loader::determine_request_referrer;
use net::resource_thread::AuthCacheEntry;
use net::test::replace_host_table;
use net_traits::request::{CredentialsMode, Destination, RequestBuilder, RequestMode};
-use net_traits::response::ResponseBody;
+use net_traits::response::{HttpsState, ResponseBody};
use net_traits::{CookieSource, NetworkError, ReferrerPolicy};
use servo_url::{ImmutableOrigin, ServoUrl};
use std::collections::HashMap;
@@ -1433,6 +1433,7 @@ fn test_determine_request_referrer_shorter_than_4k() {
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
+ HttpsState::None,
);
assert_eq!(
@@ -1457,6 +1458,7 @@ fn test_determine_request_referrer_longer_than_4k() {
ReferrerPolicy::UnsafeUrl,
referrer_source,
current_url,
+ HttpsState::None,
);
assert_eq!(referer.unwrap().as_str(), "http://example.com/");
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 17:23:46 +0000