fe409aefa3
<!-- Please describe your changes on the following line: --> This PR implements cross-thread `WindowProxy` objects. At the moment, if a `Window` performs a non-similar-origin navigation, the old script thread does not update its `WindowProxy`, since the new `Window` is in the new script thread. With this PR, the `WindowProxy` is updated to a dummy `XOriginWindow` object, that only implements the whitelisted methods that are allowed to be called cross-origin. This PR does not include working implementations of some of the cross-origin `Window` or `Location` methods. This PR causes some cross-origin wpt tests to now pass, in particular `/html/browsers/origin/cross-origin-objects/cross-origin-objects.html ` now passes `Only whitelisted properties are accessible cross-origin`. There are some CORS failures in `fetch`, I suspect caused by the incorrect setting of `origin` in fetch requests. Although there are some functions that now throw `SecurityException`, it is not meant to be a complete implementation, which will have to wait for XOWs to land. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #15180. - [X] There are tests for these changes <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> Source-Repo: https://github.com/servo/servo Source-Revision: 6adbcb4ccdc1f74638b0c6e990c122e34bc967e4
26 lines
979 B
Plaintext
26 lines
979 B
Plaintext
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
// This is a Servo-specific interface, used to represent locations
|
|
// that are not similar-origin, so live in another script thread.
|
|
// It is based on the interface for Window, but only contains the
|
|
// accessors that do not throw security exceptions when called
|
|
// cross-origin.
|
|
//
|
|
// Note that similar-origin locations are kept in the same script
|
|
// thread, so this mechanism cannot be relied upon as the only
|
|
// way to enforce security policy.
|
|
|
|
// https://html.spec.whatwg.org/multipage/#location
|
|
[Unforgeable, NoInterfaceObject] interface DissimilarOriginLocation {
|
|
[Throws] attribute USVString href;
|
|
[Throws] void assign(USVString url);
|
|
[Throws] void replace(USVString url);
|
|
[Throws] void reload();
|
|
[Throws] stringifier;
|
|
|
|
// TODO: finish this interface
|
|
};
|