Properly set origin of fetch requests #16508
Conversation
|
Thanks for the pull request, and welcome! The Servo team is excited to review your changes, and you should hear from @metajack (or someone else) soon. |
highfive
added
the
S-awaiting-review
|
|
|
@bors-servo r+ |
|
📌 Commit af91972 has been approved by |
highfive
added
S-awaiting-merge
Fetch set origin <!-- Please describe your changes on the following line: --> These changes are a WIP, aiming to fix #15247 --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [ ] These changes fix #15247 (github issue number if applicable). <!-- Either: --> - [ ] There are tests for these changes OR - [x] These changes do not require tests because cors is already tested with different origins <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16508) <!-- Reviewable:end -->
|
@metajack Hey! Thanks for the review but I think the PR needs some more work, I updated the description |
|
@bors-servo r- |
|
I'm in Tokyo at the CSS WG meeting, so probably one of @jdm or @asajeffrey or @Manishearth should provide the feedback you are asking for. |
|
@metajack That's fine, thanks! Have a nice one. |
|
💔 Test failed - mac-rel-wpt1 |
highfive
added
S-tests-failed
|
@brainlessdeveloper You'll also want to update the test results since presumably this made something pass now :) |
KiChjang
changed the title
components/script/dom/globalscope.rs
Outdated
| @@ -263,6 +263,11 @@ impl GlobalScope { | |||
| unreachable!(); | |||
| } | |||
|
|
|||
| /// Get the origin URL for the current global object, shorthand for GlobalScope::current().get_url() | |||
| pub fn origin() -> ServoUrl { | |||
There was a problem hiding this comment.
This function is a misnomer then -- it's not really getting the origin of an environment settings object, since it returns a ServoUrl. In view of this, I think you should disregard my earlier suggestion and remove this function altogether.
There was a problem hiding this comment.
You're right. Won't save that much typing anyway either. Can you help me with my feedback requests in the PR description?
|
After carefully reading the spec, I have two concerns to present to you. Maybe I am just extremely confused, but it seems to me that we can't just pass a I drew this little flow chart, I hope it doesn't confuse you: When setting
Changed to an origin during fetching means we need to pass the The In my doodle, there's Q1 (in blue), representing my first concern: I can instantiate a About my second concern (Q2 in blue in the doodle): the spec says a request's I think Please, tell me if I've missed something. To me it seems just passing |
|
You are correct, and that's what the TODO in Then there are some in tests/unit/net/http_loader.rs as well, but those shouldn't require as much care. |
|
So in summary I should change Edit: I was wrong about that, read the following comments. |
|
I'm not sure I understand the connection to the browser console here. If such a request occurred, I would expect it to use the origin of the page associated with the console, not null. |
|
I'm sorry, I was wrong about the browser console, and you're right: if I open my console right now and go What I was trying to explain was the possibility of the request
Currently, all the uses of |
|
The redirection happens as part of the fetch implementation, so the value for RequestInit is not affected by that. file:// URLs are the easiest example of null origins, but it could also happen from blob:// URLs too I believe. If we encapsulate the global origin within the |
|
Seems good, I'll be working on it tonight. Thanks for your help! |
|
Should I use the I suppose in the case of implementing a new method for ...which makes it sort of futile to implement it, because I could just get the document and use its |
|
Good point, it looks like what's happening is that the same-origin check is failing because the request origin is an opaque origin, rather than the origin that originated the request. Tracking this down, it looks like the culprit is https://github.com/brainlessdeveloper/servo/blob/5dc8fc99a89478a4827677fc256664b689a024fa/components/script/script_thread.rs#L2289: fn pre_page_load(&self, incomplete: InProgressLoad, load_data: LoadData) {
let id = incomplete.pipeline_id.clone();
let mut req_init = RequestInit {
url: load_data.url.clone(),
method: load_data.method,
destination: Destination::Document,
credentials_mode: CredentialsMode::Include,
use_url_credentials: true,
pipeline_id: Some(id),
referrer_url: load_data.referrer_url,
referrer_policy: load_data.referrer_policy,
headers: load_data.headers,
body: load_data.data,
redirect_mode: RedirectMode::Manual,
// TODO: Add a proper origin to pre_page_load
// https://github.com/servo/servo/issues/17238
.. RequestInit::default()
};
...Adding: origin: incomplete.origin.immutable().clone(),Seems to do the trick. @brainlessdeveloper: do you want to make this change and we'll see if this fixes everything? |
|
I ran the wpt test suite locally. Results at https://gist.github.com/asajeffrey/fec16fc305de171b758eafe42c111333. Eyeballing it, that looks like quite a few So this is all looking good with that one-line change. (Usual story: days of debugging to find one line to change, sigh.) |
|
@asajeffrey on it right now! :) |
|
Thanks! |
|
So, all the I guess I should change the expectation for this one? |
|
Ok, the |
|
@bors-servo: try |
Properly set origin of fetch requests <!-- Please describe your changes on the following line: --> These changes aim to fix #15247 --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #15247 (github issue number if applicable). <!-- Either: --> - [ ] There are tests for these changes - [x] These changes do not require tests because cors is already tested with different origins These changes require changes in tests, but I need help with that (see comments below). <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16508) <!-- Reviewable:end -->
|
☀️ Test successful - android, arm32, arm64, linux-dev, linux-rel-css, linux-rel-wpt, mac-dev-unit, mac-rel-css1, mac-rel-css2, mac-rel-wpt1, mac-rel-wpt2, mac-rel-wpt3, mac-rel-wpt4, windows-msvc-dev |
|
Finally! :D |
|
I'll have a last look at it when I'm in front of a computer, I'm not expecting any issues, we should be good to merge! Thanks for your patience. |
|
Thanks for your patience too, especially considering the last failures were caused by things I typed, and I didn't manage to debug it 🙈 |
|
OK, we are good to go! @bors-servo r+ |
|
📌 Commit 6032940 has been approved by |
highfive
added
S-awaiting-merge
Properly set origin of fetch requests <!-- Please describe your changes on the following line: --> These changes aim to fix #15247 --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #15247 (github issue number if applicable). <!-- Either: --> - [ ] There are tests for these changes - [x] These changes do not require tests because cors is already tested with different origins These changes require changes in tests, but I need help with that (see comments below). <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/16508) <!-- Reviewable:end -->
|
☀️ Test successful - android, arm32, arm64, linux-dev, linux-rel-css, linux-rel-wpt, mac-dev-unit, mac-rel-css1, mac-rel-css2, mac-rel-wpt1, mac-rel-wpt2, mac-rel-wpt3, mac-rel-wpt4, windows-msvc-dev |
highfive
removed
the
S-awaiting-merge
|
Woo hoo! Just shy of the three month anniversary. Thanks @brainlessdeveloper! |
|
Thank you for your help! :) |
|
I feel a bit guilty about the last one here because I've mentioned it in the linked issue here but I did not speak up about the probability of the root cause being that. Sorry. |
|
@KiChjang np, it was a good exercise in figuring out how our fetch code works! |
These changes aim to fix #15247
./mach build -ddoes not report any errors./mach test-tidydoes not report any errorsThese changes require changes in tests, but I need help with that (see comments below).
This change is