From 86f128d4125bbc3c98e6e7fb4ecf513d664058f8 Mon Sep 17 00:00:00 2001 From: Moonchild Date: Thu, 13 Aug 2020 17:13:23 +0000 Subject: Issue #618: Pass down referrer and referrer policy when fetching modules. Because the spec says so. --- dom/script/ModuleLoadRequest.cpp | 11 ++++++++--- dom/script/ModuleLoadRequest.h | 2 ++ dom/script/ScriptLoader.cpp | 30 ++++++++++++++++++------------ dom/script/ScriptLoader.h | 24 ++++++++++++++---------- 4 files changed, 42 insertions(+), 25 deletions(-) (limited to 'dom/script') diff --git a/dom/script/ModuleLoadRequest.cpp b/dom/script/ModuleLoadRequest.cpp index a75a922e2..5b0e0bdba 100644 --- a/dom/script/ModuleLoadRequest.cpp +++ b/dom/script/ModuleLoadRequest.cpp @@ -28,13 +28,17 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI, uint32_t aVersion, CORSMode aCORSMode, const SRIMetadata &aIntegrity, + nsIURI* aReferrer, + mozilla::net::ReferrerPolicy aReferrerPolicy, ScriptLoader* aLoader) : ScriptLoadRequest(ScriptKind::Module, aURI, aElement, aVersion, aCORSMode, - aIntegrity), + aIntegrity, + aReferrer, + aReferrerPolicy), mIsTopLevel(true), mLoader(aLoader), mVisitedSet(new VisitedURLSet()) @@ -49,7 +53,9 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI, aParent->mElement, aParent->mJSVersion, aParent->mCORSMode, - aParent->mIntegrity), + aParent->mIntegrity, + aParent->mURI, + aParent->mReferrerPolicy), mIsTopLevel(false), mLoader(aParent->mLoader), mVisitedSet(aParent->mVisitedSet) @@ -57,7 +63,6 @@ ModuleLoadRequest::ModuleLoadRequest(nsIURI* aURI, MOZ_ASSERT(mVisitedSet->Contains(aURI)); mIsInline = false; - mReferrerPolicy = aParent->mReferrerPolicy; } void ModuleLoadRequest::Cancel() diff --git a/dom/script/ModuleLoadRequest.h b/dom/script/ModuleLoadRequest.h index 2e9652881..eefb7dad5 100644 --- a/dom/script/ModuleLoadRequest.h +++ b/dom/script/ModuleLoadRequest.h @@ -48,6 +48,8 @@ public: uint32_t aVersion, CORSMode aCORSMode, const SRIMetadata& aIntegrity, + nsIURI* aReferrer, + mozilla::net::ReferrerPolicy, ScriptLoader* aLoader); // Create a module load request for an imported module. diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp index 903822ef5..38649e1dd 100644 --- a/dom/script/ScriptLoader.cpp +++ b/dom/script/ScriptLoader.cpp @@ -1043,7 +1043,7 @@ ScriptLoader::StartLoad(ScriptLoadRequest *aRequest, const nsAString &aType, httpChannel->SetRequestHeader(NS_LITERAL_CSTRING("Accept"), NS_LITERAL_CSTRING("*/*"), false); - httpChannel->SetReferrerWithPolicy(mDocument->GetDocumentURI(), + httpChannel->SetReferrerWithPolicy(aRequest->mReferrer, aRequest->mReferrerPolicy); nsCOMPtr internalChannel(do_QueryInterface(httpChannel)); @@ -1175,16 +1175,21 @@ ScriptLoader::CreateLoadRequest(ScriptKind aKind, nsIURI* aURI, nsIScriptElement* aElement, uint32_t aVersion, CORSMode aCORSMode, - const SRIMetadata &aIntegrity) + const SRIMetadata& aIntegrity, + mozilla::net::ReferrerPolicy aReferrerPolicy) { + nsIURI* referrer = mDocument->GetDocumentURI(); + if (aKind == ScriptKind::Classic) { return new ScriptLoadRequest(aKind, aURI, aElement, - aVersion,aCORSMode, - aIntegrity); + aVersion, aCORSMode, + aIntegrity, + referrer, aReferrerPolicy); } MOZ_ASSERT(aKind == ScriptKind::Module); - return new ModuleLoadRequest(aURI, aElement, aVersion, aCORSMode, aIntegrity, this); + return new ModuleLoadRequest(aURI, aElement, aVersion, aCORSMode, + aIntegrity, referrer, aReferrerPolicy, this); } bool @@ -1253,6 +1258,7 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) // Step 15. and later in the HTML5 spec nsresult rv = NS_OK; RefPtr request; + mozilla::net::ReferrerPolicy ourRefPolicy = mDocument->GetReferrerPolicy(); if (aElement->GetScriptExternal()) { // external script nsCOMPtr scriptURI = aElement->GetScriptURI(); @@ -1265,7 +1271,6 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) } // Double-check that the preload matches what we're asked to load now. - mozilla::net::ReferrerPolicy ourRefPolicy = mDocument->GetReferrerPolicy(); CORSMode ourCORSMode = aElement->GetCORSMode(); nsTArray::index_type i = mPreloads.IndexOf(scriptURI.get(), 0, PreloadURIComparator()); @@ -1320,9 +1325,9 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) } request = CreateLoadRequest(scriptKind, scriptURI, aElement, - version, ourCORSMode, sriMetadata); + version, ourCORSMode, sriMetadata, + ourRefPolicy); request->mIsInline = false; - request->mReferrerPolicy = ourRefPolicy; // set aScriptFromHead to false so we don't treat non preloaded scripts as // blockers for full page load. See bug 792438. @@ -1440,10 +1445,11 @@ ScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) return false; } - // Inline scripts ignore ther CORS mode and are always CORS_NONE + // Inline scripts ignore ther CORS mode and are always CORS_NONE. request = CreateLoadRequest(scriptKind, mDocument->GetDocumentURI(), aElement, version, CORS_NONE, - SRIMetadata()); // SRI doesn't apply + SRIMetadata(), // SRI doesn't apply + ourRefPolicy); request->mJSVersion = version; request->mIsInline = true; request->mLineNo = aElement->GetScriptLineNumber(); @@ -2578,9 +2584,9 @@ ScriptLoader::PreloadURI(nsIURI *aURI, const nsAString &aCharset, RefPtr request = CreateLoadRequest(ScriptKind::Classic, aURI, nullptr, 0, - Element::StringToCORSMode(aCrossOrigin), sriMetadata); + Element::StringToCORSMode(aCrossOrigin), sriMetadata, + aReferrerPolicy); request->mIsInline = false; - request->mReferrerPolicy = aReferrerPolicy; nsresult rv = StartLoad(request, aType, aScriptFromHead); if (NS_FAILED(rv)) { diff --git a/dom/script/ScriptLoader.h b/dom/script/ScriptLoader.h index 4155f08f8..2a14b53ae 100644 --- a/dom/script/ScriptLoader.h +++ b/dom/script/ScriptLoader.h @@ -66,7 +66,9 @@ public: nsIScriptElement* aElement, uint32_t aVersion, mozilla::CORSMode aCORSMode, - const mozilla::dom::SRIMetadata &aIntegrity) + const mozilla::dom::SRIMetadata& aIntegrity, + nsIURI* aReferrer, + mozilla::net::ReferrerPolicy aReferrerPolicy) : mKind(aKind), mElement(aElement), mProgress(Progress::Loading), @@ -86,7 +88,8 @@ public: mLineNo(1), mCORSMode(aCORSMode), mIntegrity(aIntegrity), - mReferrerPolicy(mozilla::net::RP_Default) + mReferrer(aReferrer), + mReferrerPolicy(aReferrerPolicy) { } @@ -173,7 +176,8 @@ public: int32_t mLineNo; const mozilla::CORSMode mCORSMode; const mozilla::dom::SRIMetadata mIntegrity; - mozilla::net::ReferrerPolicy mReferrerPolicy; + const nsCOMPtr mReferrer; + const mozilla::net::ReferrerPolicy mReferrerPolicy; }; class ScriptLoadRequestList : private mozilla::LinkedList @@ -470,13 +474,13 @@ public: private: virtual ~ScriptLoader(); - ScriptLoadRequest* CreateLoadRequest( - ScriptKind aKind, - nsIURI* aURI, - nsIScriptElement* aElement, - uint32_t aVersion, - mozilla::CORSMode aCORSMode, - const mozilla::dom::SRIMetadata &aIntegrity); + ScriptLoadRequest* CreateLoadRequest(ScriptKind aKind, + nsIURI* aURI, + nsIScriptElement* aElement, + uint32_t aVersion, + mozilla::CORSMode aCORSMode, + const mozilla::dom::SRIMetadata& aIntegrity, + mozilla::net::ReferrerPolicy aReferrerPolicy); /** * Unblocks the creator parser of the parser-blocking scripts. -- cgit v1.2.3