| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add initial support for marking custom protocol as secure, this makes it
possible to `fetch` a custom protocol inside secure contexts (e.g.
http://localhost)
Some additional contexts:
- [#embedding > Custom protocol secure
context](https://servo.zulipchat.com/#narrow/channel/437943-embedding/topic/Custom.20protocol.20secure.20context)
-
https://github.com/versotile-org/tauri-runtime-verso/issues/6#issuecomment-2820776128
Testing: use `fetch('urlinfo://abc').then(async (response) =>
console.log(await response.text())).catch(console.log)` in servoshell
with in a secure context (e.g. https://servo.org), and see the response
should not be an error
---------
Signed-off-by: Tony <legendmastertony@gmail.com>
Signed-off-by: Tony <68118705+Legend-Master@users.noreply.github.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove `EmbedderMethods::get_user_agent_string`. This is now part of
the `Preferences` data structure, which should allow it to be
per-`WebView` in the future.
- Remove `EmbedderMethods::get_version_string`. This was used to include
some data along with WebRender captures about the Servo version. This
isn't really necessary and it was done to replace code in the past
that output the WebRender version, so also isn't what the original
code did. I think we can just remove this entirely.
The idea with these changes is that `EmbedderMethods` can be removed
in a followup and the rest of the methods can be added to
`ServoDelegate`. These two methods are ones that cannot be added to a
delegate as they are used during `Servo` initialization.
Testing: There is currently no testing for libservo. These changes are
meant
as preparation for adding a suite of `WebView` unit tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
| |
did not make a range request (#36227)
Part of https://github.com/servo/servo/issues/33616
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
| |
Signed-off-by: Arya Nair <aryaajitnair@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add doc comments to RequestBuilder fields/methods
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Request::cryptographic_nonce_metadata
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement HTMLOrSVGElement::nonce
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request cryptographic nonce metadata for link elements
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request's cryptographic nonce when fetching scripts
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Forward request nonce to rust-content-security-policy
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch exposes a servo internal DOM API that is only made available to about:
pages on the navigator object to request memory reports. The about:memory page itself is
loaded like other html resources (eg. bad cert, net error) and makes use of this new API.
On the implementation side, notable changes:
- components/script/routed_promise.rs abstracts the setup used to fulfill a promise when the
work needs to be routed through the constellation. The goal is to migrate other similar
promise APIs in followup (eg. dom/webgpu/gpu.rs, bluetooth.rs).
- a new message is added to request a report from the memory reporter, and the memory reporter
creates a json representation of the set of memory reports.
- the post-processing of memory reports is done in Javascript in the about-memory.html page,
providing the same results as the current Rust code that outputs to stdout. We can decide
later if we want to remove the current output.
Signed-off-by: webbeef <me@webbeef.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#35564)
Rework the `WebViewDelegate::intercept_web_resource_load` into
`WebViewDelegate::load_web_resource` and clean up internal messaging.
The main thing here is adding objects which manage the response to these
delegate methods. Now we have `WebResourceLoad` and
`InterceptedWebResourceLoad` which make it much harder to misuse the
API.
In addition, the internal messaging for this is cleaned up. Canceling
and finishing the load are unrelated to the HTTP body so they are no
longer subtypes of an HttpBodyData message. Processing of messages is
made a bit more efficient by collecting all body chunks in a vector and
only flattening the chunks at the end.
Finally, "interceptor" is a much more common spelling than "intercepter"
so I've gone ahead and made this change everywhere.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
| |
It was accidentally introduced in https://github.com/servo/servo/pull/34794
Signed-off-by: Samson <16504129+sagudev@users.noreply.github.com>
|
| |
|
| |
Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
|
| |
|
| |
Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Blocking a fetch due to a bad port should be grouped together
with CSP blocks as per the spec, but these steps were previously
seperated.
Additionally, remove handling of ftp in
should_request_be_blocked_due_to_a_bad_port, since it did nothing
anyways.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for Upgrade request to a potentially trustworthy URL.
Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
* script: Support inheritable insecure request policy in documents and workers.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`EmbedderMsg` was previously paired with an implicit
`Option<WebViewId>`, even though almost all variants were either always
`Some` or always `None`, depending on whether there was a `WebView
involved.
This patch adds the `WebViewId` to as many `EmbedderMsg` variants as
possible, so we can call their associated `WebView` delegate methods
without needing to check and unwrap the `Option`. In many cases, this
required more changes to plumb through the `WebViewId`.
Notably, all `Request`s now explicitly need a `WebView` or not, in order
to ensure that it is passed when appropriate.
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement WebResourceRequested Event on the Embedder Layer
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* fix and add test
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* resolve comments
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* remove sample code in webview
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* remove typo
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* ./mach format
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* fix test fail caused by interception message
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
* update impl for is_for_main_frame
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
---------
Signed-off-by: zhuhaichao518 <zhuhaichao518@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add minimal implementation of fetchParams and fetch controller for cancellation support
fix something
removing fetch params from http network or cache fetch due to implementation difficult
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* run formatter
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* fix incorrect spec implementation and add comments with related step number and description
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* fix double borrow issue
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* remove unused code from FetchParams
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* add workaround for double mutable borrow error
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* remove unnecessary comments, move import and format
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* fix comments that state spec instructions
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* update comment
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* refactor tests
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
* refactor tests
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
---------
Signed-off-by: Lloyd Massiah <artmis9@protonmail.com>
Co-authored-by: lazypassion <25536767+lazypassion@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#34883)
Instead of creating an IPC channel for every fetch, allow cancelling
fetches based on the `RequestId` of the original request. This requires
that `RequestId`s be UUIDs so that they are unique between processes
that might communicating with the resource process.
In addition, the resource process loop now keeps a `HashMap` or `Weak`
handles to cancellers and cleans them up.
This allows for creating mutiple `FetchCanceller`s in `script` for a
single fetch request, allowing integration of the media and video
elements to integrate with the `Document` canceller list -- meaning
these fetches also get cancelled when the `Document` unloads.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows reusing the asynchrnous fetch mechanism that we use for page
resources and is likely a step toward removing the `FetchThread`.
Benefits:
- Reduces IPC traffic during navigation. Now instead of bouncing
between the constellation and the `ScriptThread` responses are sent
directly to the `ScriptThread`.
- Allows cancelling loads after redirects, which was not possible
before.
There is the question of what to do when a redirect is cross-origin
(#23037). This currently isn't handled properly as the `Constellation`
sends data to the same `Pipeline` that initiated the load. This change
doesn't fix this issue, but does make it more possible for the
`ScriptThread` to shut down the pipeline and ask the `Constellation` to
replace it with a new one.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update all network-related dependencies to the latest versions:
* rustls
* hyper
* http
* headers
* tungstenite
* async-tungstenite
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Fix panics with 1xx responses in WPT tests.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Use reported response length when calculating available ranges.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Remove unreachable match arm.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Clean up commented fragments in blob and file handlers.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Remove unreachable match arm.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Fix clippy warning.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Cleanup.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Fix up unit tests for dependency upgrades.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Update aws-lc-sys to fix Windows builds.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* net: Use ring instead of aws-lc-sys.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* embedding: Require embedder to initialize a rustls CryptoProvider.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Disable aws-lc-rs pending OhOS build fixes.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
|
| |
|
|
|
| |
(#34737)
Signed-off-by: Wulan Seruniati Salim <wulanseruniati@gmail.com>
|
| |
|
| |
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove the referrer policy from document and rely on its policy container
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Make ReferrerPolicy non-optional, instead using a new enum value to represent the empty string case
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Fix clippy issue
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* Fix usage of Option<ReferrerPolicy> in unit test
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
---------
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement PolicyContainer
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* implement small parts of fetch that interact with policy container
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* fix: allow policy container's csp list to be unset
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* fix: use the correct default policy when parsing from a token
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
---------
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`FetchThread` (#33863)
Instead of creating a `ROUTER` for each fetch, create a fetch thread
which handles all incoming and outcoming fetch requests. Now messages
involving fetches carry a "request id" which indicates which fetch is
being addressed by the message. This greatly reduces the number of file
descriptors used by fetch.
In addition, the interface for kicking off fetches is simplified when
using the `Listener` with `Document`s and the `GlobalScope`.
This does not fix all leaked file descriptors / mach ports, but greatly
eliminates the number used. Now tests can be run without limiting
procesess on modern macOS systems.
Followup work:
1. There are more instances where fetch is done using the old method.
Some of these require more changes in order to be converted to the
`FetchThread` approach.
2. Eliminate usage of IPC channels when doing redirects.
3. Also eliminate the IPC channel used for cancel handling.
4. This change opens up the possiblity of controlling the priority of
fetch requests.
Fixes #29834.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement sec-fetch-dest header
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement "is same site" algorithm
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement remaining sec-fetch-* headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix casing of header names
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix handling Destination::None in sec-fetch-dest
This also removes the comment about wanting to upgrade
to a newer content-security-protocol version because
the csp doesn't implement the "empty" case.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove colon from spec comment
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Adjust expected default headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix test expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
| |
Signed-off-by: webbeef <me@webbeef.org>
|
| |
|
|
|
|
|
| |
This adds a 'is_fetchable()' method on the ProtocolHandler trait that is then used in the fetch code.
The 'data:' protocol handler is updated to return true instead of hardcoding the scheme comparison, as well
as the 'urlinfo:' handler since it's just a testing one.
Signed-off-by: webbeef <me@webbeef.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix: improve spec conformance around request header validation
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* account for additional test passes
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
* fix: remove redundant .to_vec call
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
---------
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Properly store link relations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Send fetch request for prefetch links
We don't actually *do* anything with the response yet
(handle errors etc) but its a first step.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fire load/error events for prefetch loads
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set prefetch destination/cors setting correctly
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ./mach test-tidy errors
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set correct "Accept" value for prefetch requests
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add spec text to individual steps
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
|
| |
|
|
|
| |
This is part of switching away from using a very old version of `time`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
| |
Signed-off-by: webbeef <me@webbeef.org>
|
| |
|
|
|
| |
This was revealed by the recent switch to `LazyLock`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#33046)
* replace in net/fetch/methods.rs
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
* replace in net/hosts.rs
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
* replace in net/async_runtime.rs
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
* replace in net/tests/main.rs
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
* remove lazy_static crate from components/net
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
---------
Signed-off-by: Hayashi Mikihiro <34ttrweoewiwe28@gmail.com>
|
| |
|
| |
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
|
| |
|
|
|
| |
Signed-off-by: Bobulous <Bobulous@users.noreply.github.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Bobulous <Bobulous@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* clippy: fix `result_unit_err` warnings
* feat: fix result warnings in script
* doc: document `generate_key` return type
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
* feat: add back result to RangeRequestBounds::get_final
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
| |
* clippy: fix warnings in `components/net`
* fix: review comments
|
| |
|
|
|
|
|
|
|
|
|
| |
* Fix clippy warnings in components/shared
* Fix build error
* Fixes in order to solve some merge issues
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
| |
* clippy: fix some warnings in components/net
* fix: review comments
* fix: tidy
|
| |
|
|
| |
This fixes many rustdoc errors that occur due to raw URLs in rustdoc
comments as well as unescaped Rust code that should be in backticks.
|
| |
|
| |
This reverts commit 580062228bb083ccdc2144a43491bc4f916c57ad.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Replace time with std::time in components/net
Signed-off-by: Bentaimia Haddadi <haddadi.taym@gmail.com>
* Fix cookie::test_sort_order test
Signed-off-by: Bentaimia Haddadi <haddadi.taym@gmail.com>
---------
Signed-off-by: Bentaimia Haddadi <haddadi.taym@gmail.com>
|
| |
|
|
|
| |
* strict imports formatting
* Reformat all imports
|
| |
|
|
|
|
|
|
|
|
|
| |
* remove extern crate
* Update components/script_plugins/lib.rs
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* constellation: crash to a new “sad tab” page
* check in resources/crash.html
* use a separate enum variant instead of keying on reason
* fmt + tidy
* rename Resource::Crash to Resource::CrashHTML
* clean up crash page and add details (reason + backtrace)
* avoid repeating crash errors in script::script_thread warn log
* make new LoadData init more idiomatic
* clarify comments and new fields
* fix doc comment style
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change replaces OpenSSL with rustls and also the manually curated
CA certs file with webpki-roots (effectively the same thing, but as a
crate).
Generally speaking the design of the network stack is the same. Changes:
- Code around certificate overrides needed to be refactored to work with
rustls so the various thread-safe list of certificates is refactored
into `CertificateErrorOverrideManager`
- hyper-rustls takes care of setting ALPN protocols for HTTP requests,
so for WebSockets this is moved to the WebSocket code.
- The safe set of cypher suites is chosen, which seem to correspond to
the "Modern" configuration from [1]. This can be adjusted later.
- Instead of passing a string of PEM CA certificates around, an enum is
used that includes parsed Certificates (or the default which reads
them from webpki-roots).
- Code for starting up an SSL server for testing is cleaned up a little,
due to the fact that the certificates need to be overriden explicitly
now. This is due to the fact that the `webpki` crate is more stringent
with self-signed certificates than SSL (CA certificates cannot used as
end-entity certificates). [2]
1. https://wiki.mozilla.org/Security/Server_Side_TLS
2. https://github.com/briansmith/webpki/issues/114
Fixes #7888.
Fixes #13749.
Fixes #26835.
Fixes #29291.
|
