Chromium Code Reviews
DescriptionCheck the format of an applicationServerKey when used to register a push subscription.
The Web Push specificatoion requires applicationServerKeys to be valid VAPID keys,
but we have not previous enforced that, which has led to issues where web developers
attempt to subscribe with invalid keys. The error eventually returned is not
informative.
This CL adds code in Blink to do some basic sanity checking that the provided value is
syntactically valid. Although the spec only allows p256 keys to be valid, this code
also allows the web developer to subscribe with a numeric sender ID as an argument to
subscribe() instead of specifying it in the manifest file, but checks that the ID provided
is a number.
This CL also adds testing for the new syntax checking.
BUG=636022
Committed: https://crrev.com/3f9e6105d28fbb930d90e38c23d07a9af9b53dbc
Cr-Commit-Position: refs/heads/master@{#425649}
Patch Set 1 #Patch Set 2 : Removed unneeded file #
Total comments: 4
Patch Set 3 : Convert tests to LayoutTests #
Total comments: 8
Patch Set 4 : Formatting and code review comments #Patch Set 5 : More formatting #Patch Set 6 : More formatting #Patch Set 7 : More formatting #Messages
Total messages: 19 (11 generated)
|