DescriptionFix SRI bypass by loading same resource twice in same origin.
This fixes a bug where the memory cache was bypassing subresource
integrity checks when a resource is loaded for a second time in the same
origin. The resource in the memory cache was correctly storing that an
integrity check had already been done so whene it was retrieved later,
it wouldn't need to be checked again, but it didn't store the fact that
this was a *failure*, so when the load happened a second time, it
assumed it was a good integrity.
This modifies the resources to store a disposition for the integrity
check, rather than just that the integrity check occurred. On a reload
of the resource, if the integrity had failed the first time, the
resource will fail to load.
BUG=584155
Review URL: https://codereview.chromium.org/1675183003
Cr-Commit-Position: refs/heads/master@{#374336}
(cherry picked from commit bf24693238d407f90bec71453b18aae8dd1c0f43)
Committed: https://chromium.googlesource.com/chromium/src/+/0979e9712439b056355af462d68fe5c6d9ee5466
Patch Set 1 #
Messages
Total messages: 2 (1 generated)
|