Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(295)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2366533002: Budget API calls should only succeed on secure origins (Closed)

Created:
4 years, 3 months ago by harkness
Modified:
4 years, 3 months ago
Reviewers:
Peter Beverloo
CC:
chromium-reviews, blink-reviews, haraken
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Budget API calls should only succeed on secure origins BUG=617971 Committed: https://crrev.com/a838aec4845f3f6d4c702e0336d7ef41eccbd681 Cr-Commit-Position: refs/heads/master@{#420630}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Modified security check and added test for unique origins. #

Total comments: 1

Patch Set 3 : Expanded unique origin test. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+56 lines, -4 lines) Patch
M chrome/browser/budget_service/budget_manager.cc View 1 3 chunks +16 lines, -0 lines 0 comments Download
M chrome/browser/budget_service/budget_manager_unittest.cc View 1 2 3 chunks +28 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/modules/budget/BudgetService.cpp View 3 chunks +12 lines, -2 lines 0 comments Download

Messages

Total messages: 15 (5 generated)
harkness
4 years, 3 months ago (2016-09-22 10:12:29 UTC) #2
Peter Beverloo
Have you considered adding checks to BudgetServiceImpl? It'd be great if we could call ReceivedBadMessage() ...
4 years, 3 months ago (2016-09-22 14:27:29 UTC) #3
harkness
I did consider putting the checks in budget_service_impl.cc. I decided on budget_manager.cc because I definitely ...
4 years, 3 months ago (2016-09-22 15:35:47 UTC) #4
harkness
https://codereview.chromium.org/2366533002/diff/20001/chrome/browser/budget_service/budget_manager.cc File chrome/browser/budget_service/budget_manager.cc (right): https://codereview.chromium.org/2366533002/diff/20001/chrome/browser/budget_service/budget_manager.cc#newcode72 chrome/browser/budget_service/budget_manager.cc:72: if (origin.unique() || !content::IsOriginSecure(GURL(origin.Serialize()))) { As discussed, the HTTP/HTTPS ...
4 years, 3 months ago (2016-09-23 10:32:19 UTC) #5
Peter Beverloo
lgtm
4 years, 3 months ago (2016-09-23 12:33:05 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2366533002/40001
4 years, 3 months ago (2016-09-23 12:36:43 UTC) #8
commit-bot: I haz the power
Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/298537)
4 years, 3 months ago (2016-09-23 12:47:47 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2366533002/40001
4 years, 3 months ago (2016-09-23 15:29:01 UTC) #12
commit-bot: I haz the power
Committed patchset #3 (id:40001)
4 years, 3 months ago (2016-09-23 16:38:53 UTC) #13
commit-bot: I haz the power
4 years, 3 months ago (2016-09-23 16:40:16 UTC) #15
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/a838aec4845f3f6d4c702e0336d7ef41eccbd681
Cr-Commit-Position: refs/heads/master@{#420630}

Powered by Google App Engine
This is Rietveld 408576698