Closed Bug 1685592 Opened 4 years ago Closed 4 years ago

[wpt-sync] Sync PR 27083 - css: Make fetches from inline CSS use the document's URL as referrer

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox86 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 27083 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/27083
Details from upstream follow.

b'David Van Cleve <davidvc@chromium.org>' wrote:

css: Make fetches from inline CSS use the document's URL as referrer

Right now, fetches from inline CSS use the inline CSS's base URL
instead of the URL from the context that embeds the inline CSS: for
instance, loading a source-site.com page with the following code
\<base href="https://other-site.com">
\<style type=text/css> @import('best-sheet.com') \</style>
should lead to the best-sheet.com sheet getting fetched with a
source-site.com referrer, but it will currently provide an
other-site.com referrer. However, if the imported sheet from
best-sheet.com makes more nested fetches, those nested requests should
use best-sheet.com as the basis for their referrers (as they do
currently).

This CL updates CSSParserContext's referrer setting logic to roughly do
the following:

  • inline CSS: use the embedding document's URL as the referrer, or, for
    srcdoc iframes, walk up the frame tree until hitting a non-srcdoc frame
  • requests from fetched stylesheets: just as currently, use the fetched
    sheet's URL as the basis for constructing the referrer

This seemed like it required refactoring CSSParserContext slightly
because there are constructors that take both a Document and a base URL,
and it's not obvious from the constructor signature whether the
Document or the base URL should be the one that provides the referrer.
To resolve this ambiguity, the refactor updates these CSSParserContext
constructors to take caller-provided Referrer objects.

Change-Id: If5a99d8057dff5e771e821d0e1f605566e28ff1d
Fixed: 1158645, 1158010
Reviewed-on: https://chromium-review.googlesource.com/2592447
WPT-Export-Revision: 4f8b72231bb7b54d14c694764642ca3b85a720d6

Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 2 tests and 9 subtests

Status Summary

Firefox

OK : 2
PASS: 10

Chrome

OK : 2
PASS: 1
FAIL: 9

Safari

OK : 2
PASS: 1
FAIL: 9

Links

GitHub PR Head
GitHub PR Base

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ec98b2f56439 [wpt PR 27083] - css: Make fetches from inline CSS use the document's URL as referrer, a=testonly

https://hg.mozilla.org/mozilla-central/rev/ec98b2f56439

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
You need to log in before you can comment on or make changes to this bug.