Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2255713003: Effectively disable foreign fetch when third party cookies are disabled. (Closed)

Created:
4 years, 4 months ago by Marijn Kruisselbrink
Modified:
4 years, 4 months ago
Reviewers:
michaeln
CC:
blink-worker-reviews_chromium.org, chromium-reviews, darin-cc_chromium.org, horo+watch_chromium.org, jam, jsbell+serviceworker_chromium.org, kinuko+serviceworker, kinuko+watch, michaeln, nhiroki, serviceworker-reviews, tzik
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Effectively disable foreign fetch when third party cookies are disabled. This adds a check to make sure that the origin of the service worker is allowed to run in the context of the "first party for cookies" (i.e. top-level document) before starting it to handle a foreign fetch event. This makes sure service workers with foreign fetch can't be used to bypass third-party cookie blocking. BUG=540509 Committed: https://crrev.com/95e6429a2a60521f4d14b1d007d2ebfa02a9d370 Cr-Commit-Position: refs/heads/master@{#412748}

Patch Set 1 #

Total comments: 2

Patch Set 2 : null out resource_context_ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+19 lines, -0 lines) Patch
M content/browser/service_worker/foreign_fetch_request_handler.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/service_worker/foreign_fetch_request_handler.cc View 1 4 chunks +18 lines, -0 lines 0 comments Download

Messages

Total messages: 16 (8 generated)
Marijn Kruisselbrink
4 years, 4 months ago (2016-08-17 22:39:57 UTC) #4
michaeln
lgtm! https://codereview.chromium.org/2255713003/diff/1/content/browser/service_worker/foreign_fetch_request_handler.cc File content/browser/service_worker/foreign_fetch_request_handler.cc (right): https://codereview.chromium.org/2255713003/diff/1/content/browser/service_worker/foreign_fetch_request_handler.cc#newcode269 content/browser/service_worker/foreign_fetch_request_handler.cc:269: target_worker_ = nullptr; maybe null out resource_context_ here ...
4 years, 4 months ago (2016-08-17 23:20:43 UTC) #5
Marijn Kruisselbrink
https://codereview.chromium.org/2255713003/diff/1/content/browser/service_worker/foreign_fetch_request_handler.cc File content/browser/service_worker/foreign_fetch_request_handler.cc (right): https://codereview.chromium.org/2255713003/diff/1/content/browser/service_worker/foreign_fetch_request_handler.cc#newcode269 content/browser/service_worker/foreign_fetch_request_handler.cc:269: target_worker_ = nullptr; On 2016/08/17 at 23:20:43, michaeln wrote: ...
4 years, 4 months ago (2016-08-17 23:29:47 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2255713003/20001
4 years, 4 months ago (2016-08-17 23:30:21 UTC) #9
commit-bot: I haz the power
Exceeded global retry quota
4 years, 4 months ago (2016-08-18 02:46:39 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2255713003/20001
4 years, 4 months ago (2016-08-18 03:50:41 UTC) #13
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 4 months ago (2016-08-18 05:16:03 UTC) #14
commit-bot: I haz the power
4 years, 4 months ago (2016-08-18 05:18:59 UTC) #16
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/95e6429a2a60521f4d14b1d007d2ebfa02a9d370
Cr-Commit-Position: refs/heads/master@{#412748}

Powered by Google App Engine
This is Rietveld 408576698