LibWeb: Implement EmbedderPolicy struct

Author: https://github.com/jamierocks
Commit: https://github.com/LadybirdBrowser/ladybird/commit/190a419715
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/515
Reviewed-by: https://github.com/awesomekling

Meta/gn/secondary/Userland/Libraries/LibWeb/HTML/BUILD.gn

@@ -31,6 +31,7 @@ source_set("HTML") {
     "DecodedImageData.cpp",
     "DocumentState.cpp",
     "ElementInternals.cpp",
+    "EmbedderPolicy.cpp",
     "ErrorEvent.cpp",
     "EventHandler.cpp",
     "EventNames.cpp",

Userland/Libraries/LibWeb/CMakeLists.txt

@@ -275,6 +275,7 @@ set(SOURCES
     HTML/DOMStringMap.cpp
     HTML/DragEvent.cpp
     HTML/ElementInternals.cpp
+    HTML/EmbedderPolicy.cpp
     HTML/ErrorEvent.cpp
     HTML/EventHandler.cpp
     HTML/EventSource.cpp

Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp

@@ -358,7 +358,9 @@ bool Request::cross_origin_embedder_policy_allows_credentials() const
     if (m_client == nullptr)
         return true;
 
-    // FIXME: 3. If request’s client’s policy container’s embedder policy’s value is not "credentialless", then return true.
+    // 3. If request’s client’s policy container’s embedder policy’s value is not "credentialless", then return true.
+    if (m_policy_container.has<HTML::PolicyContainer>() && m_policy_container.get<HTML::PolicyContainer>().embedder_policy.value != HTML::EmbedderPolicyValue::Credentialless)
+        return true;
 
     // 4. If request’s origin is same origin with request’s current URL’s origin and request does not have a redirect-tainted origin, then return true.
     // 5. Return false.

Userland/Libraries/LibWeb/Forward.h

@@ -357,6 +357,7 @@ class DOMParser;
 class DOMStringMap;
 class DragEvent;
 class ElementInternals;
+struct EmbedderPolicy;
 class ErrorEvent;
 class EventHandler;
 class EventLoop;

Userland/Libraries/LibWeb/HTML/EmbedderPolicy.cpp

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024, Jamie Mansfield <jmansfield@cadixdev.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibWeb/HTML/EmbedderPolicy.h>
+
+namespace Web::HTML {
+
+StringView embedder_policy_value_to_string(EmbedderPolicyValue embedder_policy_value)
+{
+    switch (embedder_policy_value) {
+    case EmbedderPolicyValue::UnsafeNone:
+        return "unsafe-none"sv;
+    case EmbedderPolicyValue::RequireCorp:
+        return "require-corp"sv;
+    case EmbedderPolicyValue::Credentialless:
+        return "credentialless"sv;
+    }
+    VERIFY_NOT_REACHED();
+}
+
+Optional<EmbedderPolicyValue> embedder_policy_value_from_string(StringView string)
+{
+    if (string.equals_ignoring_ascii_case("unsafe-none"sv))
+        return EmbedderPolicyValue::UnsafeNone;
+    if (string.equals_ignoring_ascii_case("require-corp"sv))
+        return EmbedderPolicyValue::RequireCorp;
+    if (string.equals_ignoring_ascii_case("credentialless"sv))
+        return EmbedderPolicyValue::Credentialless;
+    return {};
+}
+
+}

Userland/Libraries/LibWeb/HTML/EmbedderPolicy.h

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2024, Jamie Mansfield <jmansfield@cadixdev.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/Optional.h>
+#include <AK/String.h>
+#include <AK/StringView.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy-value
+enum class EmbedderPolicyValue {
+    UnsafeNone,
+    RequireCorp,
+    Credentialless,
+};
+
+StringView embedder_policy_value_to_string(EmbedderPolicyValue);
+Optional<EmbedderPolicyValue> embedder_policy_value_from_string(StringView);
+
+// https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy
+struct EmbedderPolicy {
+    // https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy-value-2
+    // A value, which is an embedder policy value, initially "unsafe-none".
+    EmbedderPolicyValue value { EmbedderPolicyValue::UnsafeNone };
+
+    // https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy-reporting-endpoint
+    // A reporting endpoint string, initially the empty string.
+    String reporting_endpoint;
+
+    // https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy-report-only-value
+    // A report only value, which is an embedder policy value, initially "unsafe-none".
+    EmbedderPolicyValue report_only_value { EmbedderPolicyValue::UnsafeNone };
+
+    // https://html.spec.whatwg.org/multipage/browsers.html#embedder-policy-report-only-reporting-endpoint
+    // A report only reporting endpoint string, initially the empty string.
+    String report_only_reporting_endpoint;
+};
+
+}

Userland/Libraries/LibWeb/HTML/PolicyContainers.h

@@ -7,6 +7,7 @@
 #pragma once
 
 #include <LibIPC/Forward.h>
+#include <LibWeb/HTML/EmbedderPolicy.h>
 #include <LibWeb/ReferrerPolicy/ReferrerPolicy.h>
 
 namespace Web::HTML {
@@ -18,7 +19,8 @@ struct PolicyContainer {
     // FIXME: A CSP list, which is a CSP list. It is initially empty.
 
     // https://html.spec.whatwg.org/multipage/origin.html#policy-container-embedder-policy
-    // FIXME: An embedder policy, which is an embedder policy. It is initially a new embedder policy.
+    // An embedder policy, which is an embedder policy. It is initially a new embedder policy.
+    EmbedderPolicy embedder_policy {};
 
     // https://html.spec.whatwg.org/multipage/origin.html#policy-container-referrer-policy
     // A referrer policy, which is a referrer policy. It is initially the default referrer policy.

Userland/Libraries/LibWeb/HTML/WorkerGlobalScope.h

@@ -136,6 +136,7 @@ private:
 
     // https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-embedder-policy
     // A WorkerGlobalScope object has an associated embedder policy (an embedder policy).
+    EmbedderPolicy m_embedder_policy;
 
     // https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-module-map
     // A WorkerGlobalScope object has an associated module map. It is a module map, initially empty.