script: Add support for modulepreload link elements (#42964)

Add support to modulepreload link elements. Currently we only fetch the root module, as I think it is needs to be discussed whether we should always fetch module dependencies, or if it should be limited due to network constraints. Inside `bind_to_tree` I ended up calling `fetch_and_process_modulepreload` inside a delayed task, since it would cause a crash due to DOM not being in a stable state when firing an event (queueing the event seems to also do the trick). Remaining tests failures are due to not supporting CSS modules and performance entries's `transfer_size` being 0. Testing: Covered by existing tests --------- Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
2026-04-26 01:25:32 +02:00 · 2026-03-17 10:28:05 +01:00
parent b491d6ddbb
commit 9a8571efcc
17 changed files with 227 additions and 376 deletions
--- a/components/script/dom/html/htmlscriptelement.rs
+++ b/components/script/dom/html/htmlscriptelement.rs
@@ -16,9 +16,7 @@ use html5ever::{LocalName, Prefix, local_name};
 use js::context::JSContext;
 use js::rust::{HandleObject, Stencil};
 use net_traits::http_status::HttpStatus;
-use net_traits::request::{
-    CorsSettings, CredentialsMode, Destination, ParserMetadata, RequestBuilder, RequestId,
-};
+use net_traits::request::{CorsSettings, Destination, ParserMetadata, RequestBuilder, RequestId};
 use net_traits::{FetchMetadata, Metadata, NetworkError, ResourceFetchTiming};
 use servo_url::ServoUrl;
 use style::attr::AttrValue;
@@ -47,8 +45,8 @@ use crate::dom::document::Document;
 use crate::dom::domtokenlist::DOMTokenList;
 use crate::dom::element::{
    AttributeMutation, Element, ElementCreator, cors_setting_for_element,
-    referrer_policy_for_element, reflect_cross_origin_attribute, reflect_referrer_policy_attribute,
-    set_cross_origin_attribute,
+    cors_settings_attribute_credential_mode, referrer_policy_for_element,
+    reflect_cross_origin_attribute, reflect_referrer_policy_attribute, set_cross_origin_attribute,
 };
 use crate::dom::event::{Event, EventBubbles, EventCancelable};
 use crate::dom::global_scope_script_execution::{ClassicScript, ErrorReporting, RethrowErrors};
@@ -743,19 +741,8 @@ impl HTMLScriptElement {
        // Step 22. CORS setting.
        let cors_setting = cors_setting_for_element(element);

-        // Step 23. Module script credentials mode.
-        let module_credentials_mode = match script_type {
-            ScriptType::Classic => CredentialsMode::CredentialsSameOrigin,
-            ScriptType::Module | ScriptType::ImportMap => reflect_cross_origin_attribute(element)
-                .map_or(
-                    CredentialsMode::CredentialsSameOrigin,
-                    |attr| match &*attr.str() {
-                        "use-credentials" => CredentialsMode::Include,
-                        "anonymous" => CredentialsMode::CredentialsSameOrigin,
-                        _ => CredentialsMode::CredentialsSameOrigin,
-                    },
-                ),
-        };
+        // Step 23. Let module script credentials mode be the CORS settings attribute credentials mode for el's crossorigin content attribute.
+        let module_credentials_mode = cors_settings_attribute_credential_mode(element);

        // Step 24. Let cryptographic nonce be el's [[CryptographicNonce]] internal slot's value.
        // If the element has a nonce content attribute but is not nonceable strip the nonce to prevent injection attacks.