Implement Content Security Policy (CSP). #4577
Labels
A-network
I-enhancement
No impact; the issue is a missing or proposed feature.
I-safety
Some piece of code violates memory safety guarantees.
Comments
Ms2ger
added
I-enhancement
Ms2ger
removed
the
E-more-complex
kmcallister
added
the
I-safety
Ms2ger
changed the title
This was referenced Jan 8, 2017
13 tasks
|
https://github.com/notriddle/rust-content-security-policy I started working on it for Ammonia's purposes, but after looking around for an existing implementation, decided that if Servo needs it then here it is. |
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Sep 28, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Sep 28, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Sep 28, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
3 tasks
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 3, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
bors-servo
pushed a commit
that referenced
this issue
Oct 3, 2019
[WIP] Add simple implementation of content-security-policy on scripts / styles This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
bors-servo
pushed a commit
that referenced
this issue
Oct 4, 2019
[WIP] Add simple implementation of content-security-policy on scripts / styles This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 4, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 4, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 4, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
bors-servo
pushed a commit
that referenced
this issue
Oct 5, 2019
[WIP] Add simple implementation of content-security-policy on scripts / styles This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
bors-servo
pushed a commit
that referenced
this issue
Oct 5, 2019
[WIP] Add simple implementation of content-security-policy on scripts / styles This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 10, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 10, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
notriddle
added a commit
to notriddle/servo
that referenced
this issue
Oct 16, 2019
This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of servo#4577
bors-servo
pushed a commit
that referenced
this issue
Oct 17, 2019
Add simple implementation of content-security-policy on network requests This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
bors-servo
pushed a commit
that referenced
this issue
Oct 17, 2019
Add simple implementation of content-security-policy on network requests This needs a lot more hooks before it'll actually be a good implementation, but for a start it can help get some feedback on if this is the right way to go about it. Part of #4577 but we should probably track the rest of the implementation somewhere. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] There are tests for these changes (before merging, this PR should fix at least some of the WPT tests for CSP) <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/24315) <!-- Reviewable:end -->
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 14, 2025
Also update the `html/dom/reflection-metadata.html` test to handle the case where `nonce` does not reflect back to the attribute after an IDL change. Part of servo#4577 Fixes web-platform-tests/wpt#43286 Signed-off-by: Tim van der Lippe <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
May 14, 2025
Also update the `html/dom/reflection-metadata.html` test to handle the case where `nonce` does not reflect back to the attribute after an IDL change. Part of #4577 Fixes web-platform-tests/wpt#43286 Signed-off-by: Tim van der Lippe <[email protected]>
I remember looking for a frame destination in the specification, and I think.it might be missing. Our iframe navigation code creates a LoadData in htmliframeelement.rs and passes it to the constellation, where a pipeline is spawned in an appropriate script thread: servo/components/script/script_thread.rs Line 3531 in a24fce3 servo/components/script/script_thread.rs Line 3664 in a24fce3 |
|
Looks like it's currently always the document destination: https://github.com/servo/servo/blob/main/components/script/navigation.rs#L205 |
|
I filed whatwg/html#11306. |
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 15, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 16, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 16, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of servo#4577 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 16, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 16, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 16, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 17, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
May 17, 2025
This way, we don't always set the destination to Document (which is as the spec is written today). Instead, we set it it in the load_data, depending on which context we load it from. Doing so allows us to set the `Destination::IFrame` for navigations in iframes, enabling all frame-related CSP checks. While we currently block iframes when `frame-src` or `child-src` is set, their respective tests don't pass yet. That's because we don't yet handle the cases where we fire the correct `load` event. Also update one WPT test to correctly fail, rather than erroring. That's because it was using the wrong JS test variable. Part of #4577 Signed-off-by: Tim van der Lippe <[email protected]> Co-authored-by: Josh Matthews <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 17, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 18, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 18, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 18, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 18, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 18, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 20, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 20, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
TimvdLippe
added a commit
to TimvdLippe/servo
that referenced
this issue
May 20, 2025
These changes allow a minimal set of checks for font-src CSP checks to pass. Part of servo#4577 Part of servo#35035 Signed-off-by: Tim van der Lippe <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Depends on #4576.
Estimated 2 months work assuming the right hooks.
The text was updated successfully, but these errors were encountered: