mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-08-01 05:39:11 +00:00
LibWeb: Create policy containers from responses and then run CSP init
This allows us to parse the Content-Security-Policy header and Referrer-Policy header from navigation responses and actually allow them to start having an effect.
This commit is contained in:
parent
435f839ced
commit
819bff9ec0
Notes:
github-actions[bot]
2025-03-13 15:20:26 +00:00
Author: https://github.com/Lubrsi
Commit: 819bff9ec0
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3805
8 changed files with 113 additions and 6 deletions
|
@ -7,6 +7,7 @@
|
|||
*/
|
||||
|
||||
#include <LibWeb/CSS/SystemColor.h>
|
||||
#include <LibWeb/ContentSecurityPolicy/PolicyList.h>
|
||||
#include <LibWeb/Crypto/Crypto.h>
|
||||
#include <LibWeb/DOM/Document.h>
|
||||
#include <LibWeb/DOM/DocumentLoading.h>
|
||||
|
@ -992,8 +993,11 @@ static WebIDL::ExceptionOr<Navigable::NavigationParamsVariant> create_navigation
|
|||
entry->document_state()->set_resource(Empty {});
|
||||
}
|
||||
|
||||
// FIXME 9. Set responsePolicyContainer to the result of creating a policy container from a fetch response given response and request's reserved client.
|
||||
// FIXME 10. Set finalSandboxFlags to the union of targetSnapshotParams's sandboxing flags and responsePolicyContainer's CSP list's CSP-derived sandboxing flags.
|
||||
// 9. Set responsePolicyContainer to the result of creating a policy container from a fetch response given response and request's reserved client.
|
||||
response_policy_container = create_a_policy_container_from_a_fetch_response(realm, *response_holder->response(), request->reserved_client());
|
||||
|
||||
// 10. Set finalSandboxFlags to the union of targetSnapshotParams's sandboxing flags and responsePolicyContainer's CSP list's CSP-derived sandboxing flags.
|
||||
final_sandbox_flags = target_snapshot_params.sandboxing_flags | response_policy_container->csp_list->csp_derived_sandboxing_flags();
|
||||
|
||||
// 11. Set responseOrigin to the result of determining the origin given response's URL, finalSandboxFlags, and entry's document state's initiator origin.
|
||||
response_origin = determine_the_origin(response_holder->response()->url(), final_sandbox_flags, entry->document_state()->initiator_origin());
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue