mirror of
https://github.com/servo/servo
synced 2026-05-09 00:22:16 +02:00
01a29209b2
We now check for this header and corresponding logic. The WPT tests mostly pass, but rely on the `contentDocument` of the iframe to be `null`. This is not something we did before, which means that iframes were able to access the contents of error pages. Instead, we now mark the document as internal with an opaque origin according to the spec [1]. We shouldn't do this post-fact, but is required since we first need to construct the document and enter its realm, before we determine that it is an invalid document. Fixes #16103 [1]: https://html.spec.whatwg.org/multipage/document-lifecycle.html#navigate-ua-inline Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
10 lines
382 B
Rust
10 lines
382 B
Rust
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
pub(crate) mod csp;
|
|
pub(crate) mod csppolicyviolationreport;
|
|
pub(crate) mod cspviolationreporttask;
|
|
pub(crate) mod securitypolicyviolationevent;
|
|
pub(crate) mod xframeoptions;
|