1 jaar geleden · f4af1833c1
--- a/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
+++ b/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
@@ -2,6 +2,7 @@
 
				  * Copyright (c) 2022-2023, Linus Groh <linusg@serenityos.org>
			
 
				  * Copyright (c) 2023, Luke Wilde <lukew@serenityos.org>
			
 
				  * Copyright (c) 2023, Sam Atkins <atkinssj@serenityos.org>
			
 
				+ * Copyright (c) 2024, Jamie Mansfield <jmansfield@cadixdev.org>
			
 
				  *
			
 
				  * SPDX-License-Identifier: BSD-2-Clause
			
 
				  */
			
@@ -44,6 +45,7 @@
 
				 #include <LibWeb/Platform/EventLoopPlugin.h>
			
 
				 #include <LibWeb/ReferrerPolicy/AbstractOperations.h>
			
 
				 #include <LibWeb/SRI/SRI.h>
			
 
				+#include <LibWeb/SecureContexts/AbstractOperations.h>
			
 
				 #include <LibWeb/WebIDL/DOMException.h>
			
 
				 
			
 
				 namespace Web::Fetch::Fetching {
			
@@ -1992,4 +1994,29 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> cors_preflight_fetch(JS::
 
				     return returned_pending_response;
			
 
				 }
			
 
				 
			
 
				+// https://w3c.github.io/webappsec-fetch-metadata/#abstract-opdef-set-dest
			
 
				+void set_sec_fetch_dest_header(Infrastructure::Request& request)
			
 
				+{
			
 
				+    // 1. Assert: r’s url is a potentially trustworthy URL.
			
 
				+    VERIFY(SecureContexts::is_url_potentially_trustworthy(request.url()) == SecureContexts::Trustworthiness::PotentiallyTrustworthy);
			
 
				+
			
 
				+    // 2. Let header be a Structured Header whose value is a token.
			
 
				+    // FIXME: This is handled below, as Serenity doesn't have APIs for RFC 8941.
			
 
				+
			
 
				+    // 3. If r’s destination is the empty string, set header’s value to the string "empty". Otherwise, set header’s value to r’s destination.
			
 
				+    ByteBuffer header_value;
			
 
				+    if (!request.destination().has_value()) {
			
 
				+        header_value = MUST(ByteBuffer::copy("empty"sv.bytes()));
			
 
				+    } else {
			
 
				+        header_value = MUST(ByteBuffer::copy(Infrastructure::request_destination_to_string(request.destination().value()).bytes()));
			
 
				+    }
			
 
				+
			
 
				+    // 4. Set a structured field value `Sec-Fetch-Dest`/header in r’s header list.
			
 
				+    auto header = Infrastructure::Header {
			
 
				+        .name = MUST(ByteBuffer::copy("Sec-Fetch-Dest"sv.bytes())),
			
 
				+        .value = move(header_value),
			
 
				+    };
			
 
				+    request.header_list()->append(move(header));
			
 
				+}
			
 
				+
			
 
				 }
			
--- a/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.h
+++ b/Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.h
@@ -1,5 +1,6 @@
 
				 /*
			
 
				  * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
			
 
				+ * Copyright (c) 2024, Jamie Mansfield <jmansfield@cadixdev.org>
			
 
				  *
			
 
				  * SPDX-License-Identifier: BSD-2-Clause
			
 
				  */
			
@@ -38,4 +39,5 @@ WebIDL::ExceptionOr<JS::GCPtr<PendingResponse>> http_redirect_fetch(JS::Realm&,
 
				 WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> http_network_or_cache_fetch(JS::Realm&, Infrastructure::FetchParams const&, IsAuthenticationFetch is_authentication_fetch = IsAuthenticationFetch::No, IsNewConnectionFetch is_new_connection_fetch = IsNewConnectionFetch::No);
			
 
				 WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> nonstandard_resource_loader_file_or_http_network_fetch(JS::Realm&, Infrastructure::FetchParams const&, IncludeCredentials include_credentials = IncludeCredentials::No, IsNewConnectionFetch is_new_connection_fetch = IsNewConnectionFetch::No);
			
 
				 WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> cors_preflight_fetch(JS::Realm&, Infrastructure::Request&);
			
 
				+void set_sec_fetch_dest_header(Infrastructure::Request&);
			
 
				 }