Propagate destination through load_data

This way, we don't always set the destination to Document
(which is as the spec is written today). Instead, we set
it it in the load_data, depending on which context we
load it from.

Doing so allows us to set the `Destination::IFrame` for
navigations in iframes, enabling all frame-related CSP
checks.

While we currently block iframes when `frame-src` or
`child-src` is set, their respective tests don't pass
yet. That's because we don't yet handle the cases
where we fire the correct `load` event.

Part of servo#4577

Signed-off-by: Tim van der Lippe <[email protected]>

Author: TimvdLippe

Cargo.lock

@@ -245,6 +245,6 @@ codegen-units = 1
 # [patch."https://github.com/servo/<repository>"]
 # <crate> = { path = "/path/to/local/checkout" }
 #
-# [patch."https://github.com/servo/rust-content-security-policy"]
-# content-security-policy = { path = "../rust-content-security-policy/" }
+[patch."https://github.com/servo/rust-content-security-policy"]
+content-security-policy = { path = "../rust-content-security-policy/" }
 # content-security-policy = { git = "https://github.com/timvdlippe/rust-content-security-policy/", branch = "fix-report-checks", features = ["serde"] }

Cargo.toml

@@ -145,7 +145,7 @@ use keyboard_types::{Key, KeyState, KeyboardEvent, Modifiers};
 use log::{debug, error, info, trace, warn};
 use media::WindowGLContext;
 use net_traits::pub_domains::reg_host;
-use net_traits::request::Referrer;
+use net_traits::request::{Destination, Referrer};
 use net_traits::storage_thread::{StorageThreadMsg, StorageType};
 use net_traits::{self, IpcSend, ReferrerPolicy, ResourceThreads};
 use profile_traits::{mem, time};
@@ -1369,6 +1369,7 @@ where
                     None,
                     None,
                     false,
+                    Destination::Document,
                 );
                 let ctx_id = BrowsingContextId::from(webview_id);
                 let pipeline_id = match self.browsing_contexts.get(&ctx_id) {
@@ -3120,6 +3121,7 @@ where
             None,
             None,
             false,
+            Destination::Document,
         );
         let sandbox = IFrameSandboxState::IFrameUnsandboxed;
         let is_private = false;
@@ -4730,6 +4732,7 @@ where
                     None,
                     None,
                     false,
+                    Destination::Document,
                 );
                 self.load_url_for_webdriver(
                     webview_id,

components/constellation/constellation.rs

@@ -14,7 +14,7 @@ use http::Method;
 use js::rust::HandleObject;
 use mime::{self, Mime};
 use net_traits::http_percent_encode;
-use net_traits::request::Referrer;
+use net_traits::request::{Destination, Referrer};
 use servo_rand::random;
 use style::attr::AttrValue;
 use style::str::split_html_space_chars;
@@ -868,6 +868,7 @@ impl HTMLFormElement {
             Some(target_window.as_global_scope().is_secure_context()),
             Some(target_document.insecure_requests_policy()),
             target_document.has_trustworthy_ancestor_origin(),
+            Destination::Document,
         );
 
         // Step 22

components/script/dom/htmlformelement.rs

@@ -16,6 +16,7 @@ use embedder_traits::ViewportDetails;
 use html5ever::{LocalName, Prefix, local_name, ns};
 use js::rust::HandleObject;
 use net_traits::ReferrerPolicy;
+use net_traits::request::Destination;
 use profile_traits::ipc as ProfiledIpc;
 use script_traits::{NewLayoutInfo, UpdatePipelineIdReason};
 use servo_url::ServoUrl;
@@ -281,6 +282,7 @@ impl HTMLIFrameElement {
                 Some(window.as_global_scope().is_secure_context()),
                 Some(document.insecure_requests_policy()),
                 document.has_trustworthy_ancestor_or_current_origin(),
+                Destination::IFrame,
             );
             load_data.policy_container = Some(window.as_global_scope().policy_container());
             let element = self.upcast::<Element>();
@@ -374,6 +376,7 @@ impl HTMLIFrameElement {
             Some(window.as_global_scope().is_secure_context()),
             Some(document.insecure_requests_policy()),
             document.has_trustworthy_ancestor_or_current_origin(),
+            Destination::IFrame,
         );
 
         let pipeline_id = self.pipeline_id();
@@ -382,9 +385,7 @@ impl HTMLIFrameElement {
         let is_about_blank =
             pipeline_id.is_some() && pipeline_id == self.about_blank_pipeline_id.get();
 
-        if is_about_blank {
-            load_data.policy_container = Some(window.as_global_scope().policy_container());
-        }
+        load_data.policy_container = Some(window.as_global_scope().policy_container());
 
         let history_handling = if is_about_blank {
             NavigationHistoryBehavior::Replace
@@ -424,6 +425,7 @@ impl HTMLIFrameElement {
             Some(window.as_global_scope().is_secure_context()),
             Some(document.insecure_requests_policy()),
             document.has_trustworthy_ancestor_or_current_origin(),
+            Destination::IFrame,
         );
         load_data.policy_container = Some(window.as_global_scope().policy_container());
         let browsing_context_id = BrowsingContextId::new();

components/script/dom/htmliframeelement.rs

@@ -4,7 +4,7 @@
 
 use constellation_traits::{LoadData, LoadOrigin, NavigationHistoryBehavior};
 use dom_struct::dom_struct;
-use net_traits::request::Referrer;
+use net_traits::request::{Destination, Referrer};
 use servo_url::{MutableOrigin, ServoUrl};
 
 use crate::dom::bindings::codegen::Bindings::LocationBinding::LocationMethods;
@@ -127,6 +127,7 @@ impl Location {
             None, // Top navigation doesn't inherit secure context
             Some(source_document.insecure_requests_policy()),
             source_document.has_trustworthy_ancestor_origin(),
+            Destination::Document,
         );
         self.window
             .load_url(history_handling, reload_triggered, load_data, can_gc);

components/script/dom/location.rs

@@ -32,7 +32,7 @@ use js::jsval::{NullValue, PrivateValue, UndefinedValue};
 use js::rust::wrappers::{JS_TransplantObject, NewWindowProxy, SetWindowProxy};
 use js::rust::{Handle, MutableHandle, MutableHandleValue, get_object_class};
 use malloc_size_of::{MallocSizeOf, MallocSizeOfOps};
-use net_traits::request::Referrer;
+use net_traits::request::{Destination, Referrer};
 use script_traits::NewLayoutInfo;
 use serde::{Deserialize, Serialize};
 use servo_url::{ImmutableOrigin, ServoUrl};
@@ -309,6 +309,7 @@ impl WindowProxy {
             None, // Doesn't inherit secure context
             None,
             false,
+            Destination::Document,
         );
         let load_info = AuxiliaryWebViewCreationRequest {
             load_data: load_data.clone(),
@@ -525,6 +526,7 @@ impl WindowProxy {
                 Some(secure),
                 Some(target_document.insecure_requests_policy()),
                 has_trustworthy_ancestor_origin,
+                Destination::Document,
             );
             let history_handling = if new {
                 NavigationHistoryBehavior::Replace

components/script/dom/windowproxy.rs

@@ -7,7 +7,7 @@
 use constellation_traits::{LoadData, LoadOrigin, NavigationHistoryBehavior};
 use html5ever::{local_name, ns};
 use malloc_size_of::malloc_size_of_is_0;
-use net_traits::request::Referrer;
+use net_traits::request::{Destination, Referrer};
 use style::str::HTML_SPACE_CHARACTERS;
 
 use crate::dom::bindings::codegen::Bindings::AttrBinding::Attr_Binding::AttrMethods;
@@ -441,6 +441,7 @@ pub(crate) fn follow_hyperlink(
             Some(secure),
             Some(document.insecure_requests_policy()),
             document.has_trustworthy_ancestor_origin(),
+            Destination::Document,
         );
         let target = Trusted::new(target_window);
         let task = task!(navigate_follow_hyperlink: move || {

components/script/links.rs

@@ -11,10 +11,10 @@ use std::cell::Cell;
 use base::cross_process_instant::CrossProcessInstant;
 use base::id::{BrowsingContextId, PipelineId, WebViewId};
 use constellation_traits::LoadData;
-use content_security_policy::Destination;
 use crossbeam_channel::Sender;
 use embedder_traits::ViewportDetails;
 use http::header;
+use net_traits::policy_container::PolicyContainer;
 use net_traits::request::{
     CredentialsMode, InsecureRequestsPolicy, RedirectMode, RequestBuilder, RequestMode,
 };
@@ -202,12 +202,18 @@ impl InProgressLoad {
             self.load_data.referrer.clone(),
         )
         .method(self.load_data.method.clone())
-        .destination(Destination::Document)
+        .destination(self.load_data.destination.clone())
         .mode(RequestMode::Navigate)
         .credentials_mode(CredentialsMode::Include)
         .use_url_credentials(true)
         .pipeline_id(Some(id))
         .referrer_policy(self.load_data.referrer_policy)
+        .policy_container(
+            self.load_data
+                .policy_container
+                .clone()
+                .unwrap_or(PolicyContainer::default()),
+        )
         .insecure_requests_policy(
             self.load_data
                 .inherited_insecure_requests_policy

components/script/navigation.rs

@@ -23,7 +23,7 @@ use http::{HeaderMap, Method};
 use ipc_channel::Error as IpcError;
 use ipc_channel::ipc::{IpcReceiver, IpcSender};
 use net_traits::policy_container::PolicyContainer;
-use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBody};
+use net_traits::request::{Destination, InsecureRequestsPolicy, Referrer, RequestBody};
 use net_traits::storage_thread::StorageType;
 use net_traits::{CoreResourceMsg, ReferrerPolicy, ResourceThreads};
 use profile_traits::mem::MemoryReportResult;
@@ -111,6 +111,8 @@ pub struct LoadData {
     pub has_trustworthy_ancestor_origin: bool,
     /// Servo internal: if crash details are present, trigger a crash error page with these details.
     pub crash: Option<String>,
+    /// Destination, used for CSP checks
+    pub destination: Destination,
 }
 
 /// The result of evaluating a javascript scheme url.
@@ -135,6 +137,7 @@ impl LoadData {
         inherited_secure_context: Option<bool>,
         inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
         has_trustworthy_ancestor_origin: bool,
+        destination: Destination,
     ) -> LoadData {
         LoadData {
             load_origin,
@@ -152,6 +155,7 @@ impl LoadData {
             crash: None,
             inherited_insecure_requests_policy,
             has_trustworthy_ancestor_origin,
+            destination,
         }
     }
 }

components/shared/constellation/from_script_message.rs

@@ -18,17 +18,17 @@
         }, false);
 
         function alert_assert(msg) {
-            t_alert.step(function() {
+            t_log.step(function() {
                 if (msg.match(/^FAIL/i)) {
                     assert_unreached(msg);
-                    t_alert.done();
+                    t_log.done();
                 }
                 for (var i = 0; i < expected_alerts.length; i++) {
                     if (expected_alerts[i] == msg) {
                         assert_equals(expected_alerts[i], msg);
                         expected_alerts.splice(i, 1);
                         if (expected_alerts.length == 0) {
-                            t_alert.done();
+                            t_log.done();
                         }
                         return;
                     }