Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2160983002:
Change wildcard source expression matching to conform latest spec (Closed)
|
Created:
4 years, 5 months ago by Sergey Shekyan Modified:
4 years, 4 months ago CC:
achuith+watch_chromium.org, blink-reviews, chromium-reviews, dzhioev+watch_chromium.org, media-router+watch_chromium.org, oshima+watch_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionChange wildcard source expression matching to conform latest spec
This changes wildcard source expression matching to require
any schemes other than http/https/ws/wss be explicitly present
in the source list to match, per
https://w3c.github.io/webappsec-csp/#match-url-to-source-expression
This also updates CSP injected in chrome/browser/ui/webui/ to explicitly allow
`chrome:` as in `connect-src chrome:` to fix failing tests.
Previous CL at https://codereview.chromium.org/1973933002/ is stale,
so creating a new one to nail it this time.
BUG=611314
R=mkwst@chromium.org
Committed: https://crrev.com/6104167b0bf16a3520a898dbe67227637d1c214e
Cr-Commit-Position: refs/heads/master@{#408654}
Patch Set 1 #Patch Set 2 : Whitelist injected resources to pass browser_tests #Patch Set 3 : Attempting to whitelist `chrome-extenstion` #Patch Set 4 : Update right test, undo change in other #Patch Set 5 : Make CSPs in chrome/browser/ui/webui/ stricter #
Messages
Total messages: 40 (26 generated)
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
On 2016/07/20 08:15:21, commit-bot: I haz the power wrote: > Dry run: Try jobs failed on following builders: > linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, > http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) Mike, can you please try this commit? If this doesn't work, I will be stuck: test fails on chromium OS, which doesn't seem be possible to easily install in VM, and even so, it's not really clear how to build Chromium there to debug. I need to see what URL is passed to ContentSecurityPolicy, which is not something printable by KURL::elidedString :( How would you suggest to proceed? Two things come to my mind: - commit code that prints debug info, undo it once resolved - contact failing test owner
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
I updated the wrong test yesterday. Fixed it. Can you please try? Also, if you are OK with the fix, maybe approve as in previous CL so I can debug with printf() on trybot?
On 2016/07/22 04:49:54, Sergey Shekyan wrote: > I updated the wrong test yesterday. Fixed it. Can you please try? > Also, if you are OK with the fix, maybe approve as in previous CL so I can debug > with printf() on trybot? ping?
The CQ bit was checked by mkwst@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Sorry, was unexpectedly OOO through yesterday. The third_party/ bits LGTM. You'll need reviews of the chrome/ bits separately. Throwing this to the trybots for you.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
mkwst@chromium.org changed reviewers: + jochen@chromium.org
Trybots look happy. Perhaps Jochen can stamp //chrome?
On 2016/07/27 at 10:27:43, mkwst wrote: > Trybots look happy. Perhaps Jochen can stamp //chrome? LGTM for chrome/browser/ui/web_ui/media_router mkwst@, any thoughts about how to fix crbug.com/514866?
The CQ bit was checked by shekyan@gmail.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Folks, I updated changed policies in chrome/browser/ui/webui/ to remove `*` as unnecessary. Tests pass so good to go.
mkwst@chromium.org changed reviewers: + mfoltz@chromium.org
still LGTM.
On 2016/07/28 13:42:16, Mike West wrote: > still LGTM. Can I commit or we are waiting for jochen@ ?
lgtm
The CQ bit was checked by shekyan@gmail.com
The patchset sent to the CQ was uploaded after l-g-t-m from mfoltz@chromium.org Link to the patchset: https://codereview.chromium.org/2160983002/#ps80001 (title: "Make CSPs in chrome/browser/ui/webui/ stricter")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Committed patchset #5 (id:80001)
Message was sent while issue was closed.
Description was changed from ========== Change wildcard source expression matching to conform latest spec This changes wildcard source expression matching to require any schemes other than http/https/ws/wss be explicitly present in the source list to match, per https://w3c.github.io/webappsec-csp/#match-url-to-source-expression This also updates CSP injected in inline_login_ui.cc to explicitly allow `chrome:` as in `connect-src * chrome:` to fix failing tests. Previous CL at https://codereview.chromium.org/1973933002/ is stale, so creating a new one to nail it this time. BUG=611314 R=mkwst@chromium.org ========== to ========== Change wildcard source expression matching to conform latest spec This changes wildcard source expression matching to require any schemes other than http/https/ws/wss be explicitly present in the source list to match, per https://w3c.github.io/webappsec-csp/#match-url-to-source-expression This also updates CSP injected in inline_login_ui.cc to explicitly allow `chrome:` as in `connect-src * chrome:` to fix failing tests. Previous CL at https://codereview.chromium.org/1973933002/ is stale, so creating a new one to nail it this time. BUG=611314 R=mkwst@chromium.org Committed: https://crrev.com/6104167b0bf16a3520a898dbe67227637d1c214e Cr-Commit-Position: refs/heads/master@{#408654} ==========
Message was sent while issue was closed.
Patchset 5 (id:??) landed as https://crrev.com/6104167b0bf16a3520a898dbe67227637d1c214e Cr-Commit-Position: refs/heads/master@{#408654}
Message was sent while issue was closed.
Description was changed from ========== Change wildcard source expression matching to conform latest spec This changes wildcard source expression matching to require any schemes other than http/https/ws/wss be explicitly present in the source list to match, per https://w3c.github.io/webappsec-csp/#match-url-to-source-expression This also updates CSP injected in inline_login_ui.cc to explicitly allow `chrome:` as in `connect-src * chrome:` to fix failing tests. Previous CL at https://codereview.chromium.org/1973933002/ is stale, so creating a new one to nail it this time. BUG=611314 R=mkwst@chromium.org Committed: https://crrev.com/6104167b0bf16a3520a898dbe67227637d1c214e Cr-Commit-Position: refs/heads/master@{#408654} ========== to ========== Change wildcard source expression matching to conform latest spec This changes wildcard source expression matching to require any schemes other than http/https/ws/wss be explicitly present in the source list to match, per https://w3c.github.io/webappsec-csp/#match-url-to-source-expression This also updates CSP injected in chrome/browser/ui/webui/ to explicitly allow `chrome:` as in `connect-src chrome:` to fix failing tests. Previous CL at https://codereview.chromium.org/1973933002/ is stale, so creating a new one to nail it this time. BUG=611314 R=mkwst@chromium.org Committed: https://crrev.com/6104167b0bf16a3520a898dbe67227637d1c214e Cr-Commit-Position: refs/heads/master@{#408654} ==========
Message was sent while issue was closed.
A revert of this CL (patchset #5 id:80001) has been created in https://codereview.chromium.org/2207643003/ by mkwst@chromium.org. The reason for reverting is: This breaks PDFium's handling of PDFs hosted on `file:`. Unfortunately, we didn't have tests covering this functionality, but we still need to fix it. :). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
