Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Network Security : Implement StrictOrigin and StrictOriginWhenCrossOr… #14059

Merged
merged 4 commits into from Nov 7, 2016
+244 −256
Merged

Network Security : Implement StrictOrigin and StrictOriginWhenCrossOr… #14059

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c24aa56
Network Security : Implement StrictOrigin and StrictOriginWhenCrossOr…
nmvk Nov 4, 2016
26dac98
Code review comments and upstream merge conflicts
nmvk Nov 4, 2016
e0e734f
Remove return and resolve merge conflicts
nmvk Nov 4, 2016
e0132b9
wpt-test for strict-origin and strict-origin-when-cross-origin referr…
Darshan266 Nov 5, 2016
File filter...
Filter file types
Clear filters
Jump to…
Jump to file
Failed to load files.

Always

Just for now

Prev Next
Loading status checks…

Code review comments and upstream merge conflicts 

Incorporated code review comments in components/net/http_loader.rs
Resolved merge conflicts in cargo.lock file. Updated ReferrerPolicy in
lib.rs
  • Loading branch information
@nmvk
nmvk committed Nov 4, 2016
commit 26dac9854633ea765430021ef99edb431bdf24b7
14 components/msg/constellation_msg.rs
View file
Open in desktop
@@ -305,17 +305,3 @@ pub enum FrameType {
IFrame,
MozBrowserIFrame,
}

/// [Policies](https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-states)
/// for providing a referrer header for a request
#[derive(Clone, Copy, Debug, Deserialize, HeapSizeOf, Serialize)]
pub enum ReferrerPolicy {
NoReferrer,
NoReferrerWhenDowngrade,
Origin,
SameOrigin,
OriginWhenCrossOrigin,
UnsafeUrl,
StrictOrigin,
StrictOriginWhenCrossOrigin
}
8 components/net/http_loader.rs
View file
Open in desktop
@@ -447,15 +447,11 @@ fn strict_origin(referrer_url: Url, url: Url) -> Option<Url> {

/// https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin
fn strict_origin_when_cross_origin(referrer_url: Url, url: Url) -> Option<Url> {
let cross_origin = referrer_url.origin() != url.origin();
if referrer_url.scheme() == "https" && url.scheme() != "https" {
return None;
} else {
if cross_origin {
return strip_url(referrer_url, true);
}
return strip_url(referrer_url, false);
}
let cross_origin = referrer_url.origin() != url.origin();
return strip_url(referrer_url, cross_origin);
}

/// https://w3c.github.io/webappsec-referrer-policy/#strip-url
4 components/net_traits/lib.rs
View file
Open in desktop
@@ -125,6 +125,10 @@ pub enum ReferrerPolicy {
OriginWhenCrossOrigin,
/// "unsafe-url"
UnsafeUrl,
/// "strict-origin"
StrictOrigin,
/// "strict-origin-when-cross-origin"
StrictOriginWhenCrossOrigin,
}

#[derive(Clone, Deserialize, Serialize, HeapSizeOf)]
2 components/servo/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more.

2 ports/cef/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more.

You are viewing a condensed version of this merge commit. You can view the full changes here.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.