Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(364)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1274713004: Modify SRI and CSP console messages to base64 hashes, not base64url. (Closed)

Created:
5 years, 4 months ago by jww
Modified:
5 years, 4 months ago
Reviewers:
Mike West
CC:
blink-reviews, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Modify SRI and CSP console messages to base64 hashes, not base64url. The console messages for Subresource Integrity and for script and style violations in Content Security Policy output the actual hash values of the content in question. Previously, this was base64url encoded, but in both cases, the specs call for base64url. Thus while we accept base64url to be flexible, Chrome should only suggest spec compliant hashes. R=mkwst@chromium.org BUG=517270 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200240

Patch Set 1 #

Patch Set 2 : More test updates #

Unified diffs Side-by-side diffs Delta from patch set Stats (+62 lines, -65 lines) Patch
M LayoutTests/fast/dom/shadow/gc-collected-shadowroot-crash-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/fast/dom/shadow/remove-shadowroot-from-document-and-destroy-crash-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-domain-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-domain-nested-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-nonce-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-nonce-nested-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-self-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/htmlimports/csp-import-block-but-self-nested-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked-error-event-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-basic-blocked-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash-expected.txt View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-basic-blocked-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked-error-event-expected.txt View 1 chunk +4 lines, -4 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylehash-basic-blocked-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylehash-svg-style-basic-blocked-error-event-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylenonce-allowed-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylenonce-basic-blocked-error-event-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylenonce-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/stylenonce-svg-style-basic-blocked-error-event-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/cached-frame-csp-expected.txt View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/combine-multiple-policies-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/image-document-default-src-none-expected.txt View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-script-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/injected-inline-style-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/inline-script-blocked-goofy-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-allowed-while-cloning-objects-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/inline-style-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt View 1 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt View 1 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-hash-function-priority-console-messages-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-blocked-expected.txt View 1 chunk +3 lines, -3 lines 0 comments Download
M LayoutTests/inspector/sources/debugger-pause/debugger-pause-on-blocked-script-injection-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M Source/core/frame/SubresourceIntegrity.cpp View 1 chunk +1 line, -2 lines 0 comments Download
M Source/core/frame/csp/CSPDirectiveList.cpp View 1 chunk +1 line, -3 lines 0 comments Download

Messages

Total messages: 5 (1 generated)
jww
5 years, 4 months ago (2015-08-06 18:52:09 UTC) #1
Mike West
lgtm
5 years, 4 months ago (2015-08-10 09:50:14 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1274713004/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1274713004/20001
5 years, 4 months ago (2015-08-10 09:50:24 UTC) #4
commit-bot: I haz the power
5 years, 4 months ago (2015-08-10 11:00:02 UTC) #5
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=200240

Powered by Google App Engine
This is Rietveld 408576698