Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(102)

Issue 1367933003: CSP source *.x.y should not match host x.y (Closed)

Created:
3 years, 10 months ago by jww
Modified:
3 years, 10 months ago
CC:
chromium-reviews, asvitkine+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

CSP source *.x.y should not match host x.y This fixes a minor CSP bug where a source in a source list with a wildcard was matching more liberally than it should have. It was matching a source of the form *.x.y to host x.y when, in fact, it should only be matching subdomains. BUG=534542 TBR=mkwst@chromium.org Committed: https://crrev.com/6282934a62f7b1416b677acad89a2880f2de201c Cr-Commit-Position: refs/heads/master@{#350629}

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+57 lines, -29 lines) Patch
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html View 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
A + third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-fails.html View 1 chunk +1 line, -1 line 0 comments Download
A + third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-fails-expected.txt View 1 chunk +3 lines, -2 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-11.html View 1 chunk +17 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/UseCounter.h View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPSource.cpp View 2 chunks +19 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp View 2 chunks +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp View 1 chunk +5 lines, -3 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h View 1 chunk +2 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 chunk +1 line, -1 line 0 comments Download
M tools/metrics/histograms/histograms.xml View 2 chunks +6 lines, -1 line 2 comments Download

Messages

Total messages: 9 (2 generated)
jww
asvitkine@, can you look at histograms.xml? Thanks! CL previously approved by mkwst in the pre-Blink ...
3 years, 10 months ago (2015-09-24 16:28:58 UTC) #1
jww
Adding asvitkine@ as a reviewer for real this time.
3 years, 10 months ago (2015-09-24 16:29:23 UTC) #3
Alexei Svitkine (slow)
lgtm https://codereview.chromium.org/1367933003/diff/1/tools/metrics/histograms/histograms.xml File tools/metrics/histograms/histograms.xml (right): https://codereview.chromium.org/1367933003/diff/1/tools/metrics/histograms/histograms.xml#newcode59312 tools/metrics/histograms/histograms.xml:59312: + <int value="930" label="PresentationRequestReconnect"/> Any idea what happened ...
3 years, 10 months ago (2015-09-24 16:51:01 UTC) #4
jww
https://codereview.chromium.org/1367933003/diff/1/tools/metrics/histograms/histograms.xml File tools/metrics/histograms/histograms.xml (right): https://codereview.chromium.org/1367933003/diff/1/tools/metrics/histograms/histograms.xml#newcode59312 tools/metrics/histograms/histograms.xml:59312: + <int value="930" label="PresentationRequestReconnect"/> On 2015/09/24 16:51:01, Alexei Svitkine ...
3 years, 10 months ago (2015-09-24 17:06:45 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1367933003/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1367933003/1
3 years, 10 months ago (2015-09-24 17:07:54 UTC) #7
commit-bot: I haz the power
Committed patchset #1 (id:1)
3 years, 10 months ago (2015-09-24 19:52:38 UTC) #8
commit-bot: I haz the power
3 years, 10 months ago (2015-09-24 19:54:38 UTC) #9
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/6282934a62f7b1416b677acad89a2880f2de201c
Cr-Commit-Position: refs/heads/master@{#350629}

Powered by Google App Engine
This is Rietveld 408576698