Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Sub-resource integrity fetch step #14816

Closed
wants to merge 1 commit into from
Closed

Implement Sub-resource integrity fetch step #14816

wants to merge 1 commit into from

Conversation

@nmvk
Copy link
Contributor

nmvk commented Jan 1, 2017
edited

Implemented step eighteen of the main fetch. If a request has integrity metadata, then following steps are performed

  1. Wait for response body
  2. If the response does not have a termination reason and response does not match request’s integrity metadata, set response and internalResponse to a network error.

SRI document specifies that user-agent should support SHA256,384 and 512. Validation using unsupported hash functions acts like no integrity value was provided for this reason validate_response_integrity method returns true if hashing algorithm specified is not SHA256, 384, 512.Validation is performed on the response this is specified in fetch specification.

SRI document specified there could be multiple Integrity metadata in integrity attribute. I believe the best algorithm would have been selected and set in integrity metadata before the main fetch is called. Is my assumption correct here?

This will not completely fix #14523, It will implement changes related fetch part.

r? @jdm

  • ./mach build -d does not report any errors
  • ./mach test-tidy does not report any errors
    .
  • There are tests for these changes

This change is Reviewable
@nmvk nmvk changed the title Implement Sub-resource integrity fetch step WIP : Implement Sub-resource integrity fetch step Jan 1, 2017
@nmvk
Copy link
Contributor Author

nmvk commented Jan 2, 2017

r? @jdm
@nmvk
Implement Sub-resource integrity fetch step
Loading status checks…
766f69d 
Implemented step eighteen of main fetch. If a request has integrity
metadata, then following steps are performed

1) Wait for response body
2) If response does not have a termination reason and response does not
match request’s integrity metadata, set response and internalResponse to a
network error.

SRI document specifies that user-agent should support SHA256,384 and 512.
Validation using unsupported hash functions acts like no integrity value
was provided for this reason validate_response_integrity method returns
true if hashing algorithm specified is not SHA256, 384, 512.Validation is
performed on response this is specified in fetch specification.
@nmvk nmvk force-pushed the nmvk:sri-fetch branch from 12b65fd to 766f69d Jan 3, 2017
@nmvk nmvk changed the title WIP : Implement Sub-resource integrity fetch step Implement Sub-resource integrity fetch step Jan 3, 2017
@nmvk nmvk closed this Jan 3, 2017
@jdm
Copy link
Member

jdm commented Jan 3, 2017

Why'd you close the PR, @mrnayak?
@nmvk
Copy link
Contributor Author

nmvk commented Jan 3, 2017

@jdm I got confused since SRI functionality would not be complete without changes in htmlscriptelement.rs and stylesheet_loader.rs. But they dont use fetch spec yet I guess. Should I finish that first and open this later?

I am sorry for the confusion.
@jdm
Copy link
Member

jdm commented Jan 3, 2017

They do use fetch, though.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jdm jdm

Labels
S-awaiting-review
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

Implement Subresource Integrity (SRI)
2 participants
@nmvk @jdm
You can’t perform that action at this time.