Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issue 2225383003: Origin header should be preserved in http requests made via OpenURL code path. (Closed)

Created:
4 years, 4 months ago by Łukasz Anforowicz
Modified:
4 years, 4 months ago
Reviewers:
jww
CC:
chromium-reviews, blink-reviews, site-isolation-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Layout tests for presence of Origin header in cross-site form target requests. This CL primarily adds dumping of HTTP response headers to navigation/resources/form-target.pl and adds appropriate expectations to layout tests that depend on this URI. This CL also makes a few extra minor tweaks: - Using http instead of https scheme in navigation/form-targets-cross-site-frame-get.html and navigation/form-targets-cross-site-frame-post.html (this makes it easier to use these URIs in manual repro attempts made with a regular browser) - Adding a test expectation to FlagExpectations/site-per-process to account for bug 635400 - Changing the initial URI of the cross-site frame that is the target of the form in navigation/form-targets-cross-site-frame-get.html and navigation/form-targets-cross-site-frame-post.html I think the test is easier to understand when the initial URI and form's target URI are different. BUG=635400 Committed: https://crrev.com/82fbd88a31485e5bca1c0938724ed71026ad3f8d Cr-Commit-Position: refs/heads/master@{#411044}

Patch Set 1 #

Total comments: 15

Patch Set 2 : Test doesn't depent on initial URI of the frame (as long as it is cross-site). #

Total comments: 5

Patch Set 3 : Using port 8080 instead of 8000 (to make urls more obviously cross-origin). #

Patch Set 4 : Update expectations for http/tests/security/contentSecurityPolicy/1.1 tests. #

Patch Set 5 : Update a comment in FlagExpectations/site-per-process to match bug title. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+91 lines, -4 lines) Patch
M third_party/WebKit/LayoutTests/FlagExpectations/site-per-process View 1 2 3 4 1 chunk +3 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get.html View 1 2 2 chunks +2 lines, -2 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt View 1 2 1 chunk +6 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post.html View 1 2 2 chunks +2 lines, -2 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt View 1 2 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/post-basic-expected.txt View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-expected.txt View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-goback1-expected.txt View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/post-goback1-expected.txt View 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/navigation/resources/form-target.pl View 1 chunk +16 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt View 1 2 3 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt View 1 2 3 1 chunk +8 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt View 1 2 3 1 chunk +6 lines, -0 lines 0 comments Download

Messages

Total messages: 18 (10 generated)
Łukasz Anforowicz
jww@, could you please take a look? The bug + CL description hopefully gives enough ...
4 years, 4 months ago (2016-08-09 17:55:51 UTC) #5
jww
Generally lgtm, with a few nits and comments. https://codereview.chromium.org/2225383003/diff/1/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt File third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt (right): https://codereview.chromium.org/2225383003/diff/1/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt#newcode17 third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt:17: HTTP_UPGRADE_INSECURE_REQUESTS ...
4 years, 4 months ago (2016-08-09 22:38:23 UTC) #6
jww
On 2016/08/09 22:38:23, jww wrote: > Generally lgtm, with a few nits and comments. > ...
4 years, 4 months ago (2016-08-09 22:44:46 UTC) #7
Łukasz Anforowicz
jww@, can you take another look please? (disclaimer: the trybots are still running, but hopefully ...
4 years, 4 months ago (2016-08-10 00:03:20 UTC) #8
jww
Still lgtm. Thanks! https://codereview.chromium.org/2225383003/diff/1/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt File third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt (right): https://codereview.chromium.org/2225383003/diff/1/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt#newcode17 third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt:17: HTTP_UPGRADE_INSECURE_REQUESTS = 1 On 2016/08/10 00:03:19, ...
4 years, 4 months ago (2016-08-10 00:44:53 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2225383003/80001
4 years, 4 months ago (2016-08-10 15:21:15 UTC) #15
commit-bot: I haz the power
Committed patchset #5 (id:80001)
4 years, 4 months ago (2016-08-10 15:25:09 UTC) #16
commit-bot: I haz the power
4 years, 4 months ago (2016-08-10 15:27:09 UTC) #18
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/82fbd88a31485e5bca1c0938724ed71026ad3f8d
Cr-Commit-Position: refs/heads/master@{#411044}

Powered by Google App Engine
This is Rietveld 408576698