Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2467833002:
Implement redirect handling on MojoAsyncResourceHandler (Closed)
|
Created:
4 years, 1 month ago by yhirano Modified:
4 years, 1 month ago CC:
chromium-reviews, qsr+mojo_chromium.org, viettrungluu+watch_chromium.org, yzshen+watch_chromium.org, kinuko+watch, jsbell+serviceworker_chromium.org, tzik, jam, abarth-chromium, darin-cc_chromium.org, loading-reviews_chromium.org, blink-worker-reviews_chromium.org, mlamouri+watch-content_chromium.org, Randy Smith (Not in Mondays), nhiroki, blink-reviews, michaeln, shimazu+serviceworker_chromium.org, serviceworker-reviews, Aaron Boodman, kinuko+serviceworker, horo+watch_chromium.org, darin (slow to review), mmenke, Ken Rockot(use gerrit already) Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionImplement redirect handling on MojoAsyncResourceHandler
This CL introduces redirect handling for loading with mojo.
BUG=603396
Committed: https://crrev.com/7153dc4799a3cea581c8d125990dc84d12fef576
Cr-Commit-Position: refs/heads/master@{#432447}
Patch Set 1 : fix #Patch Set 2 : fix #
Total comments: 15
Patch Set 3 : fix #Patch Set 4 : imported #Patch Set 5 : rebase #
Total comments: 2
Patch Set 6 : rebase #Patch Set 7 : fix #
Total comments: 2
Patch Set 8 : fix #Patch Set 9 : rebase #Depends on Patchset: Dependent Patchsets: Messages
Total messages: 121 (102 generated)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== Add redirect handling on MojoAsyncResourceHandler This CL introduces the redirect handling for Loading with mojo. BUG=603396 ========== to ========== Add redirect handling on MojoAsyncResourceHandler This CL introduces the redirect handling for Loading with mojo. BUG=603396 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_android on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #2 (id:20001) has been deleted
Patchset #1 (id:1) has been deleted
Patchset #1 (id:40001) has been deleted
Patchset #1 (id:60001) has been deleted
Patchset #1 (id:80001) has been deleted
Patchset #1 (id:100001) has been deleted
Description was changed from ========== Add redirect handling on MojoAsyncResourceHandler This CL introduces the redirect handling for Loading with mojo. BUG=603396 ========== to ========== Add redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for Loading with mojo. BUG=603396 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #5 (id:200001) has been deleted
Patchset #5 (id:180002) has been deleted
Patchset #4 (id:180001) has been deleted
Patchset #3 (id:160001) has been deleted
Patchset #2 (id:140001) has been deleted
Patchset #1 (id:120001) has been deleted
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #1 (id:230001) has been deleted
Description was changed from ========== Add redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for Loading with mojo. BUG=603396 ========== to ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for Loading with mojo. BUG=603396 ==========
yhirano@chromium.org changed reviewers: + tzik@chromium.org
Description was changed from ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for Loading with mojo. BUG=603396 ========== to ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for loading with mojo. BUG=603396 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm
yhirano@chromium.org changed reviewers: + dcheng@chromium.org, horo@chromium.org, mmenke@chromium.org, nasko@chromium.org
+mmenke@ for content/browser/loader.
+horo@ for content/{browser, renderer}/service_worker.
+nasko@ for content not covered above.
+dcheng@ for mojom.
Thanks,
https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:268: DCHECK(did_defer_); Is it safe to allow this to be called multiple times? This is called from the renderer, and an exploited renderer could just invoke FollowRedirect() multiple times. (Basically, I'm wondering if this should be a DCHECK or if it's something we need to check for and handle)
https://codereview.chromium.org/2467833002/diff/270001/content/renderer/servi... File content/renderer/service_worker/service_worker_context_client.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/renderer/servi... content/renderer/service_worker/service_worker_context_client.cc:289: url_loader_ = nullptr; We should provide more specific error message to client. Please merge https://codereview.chromium.org/2485423004 to this cl.
https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:268: DCHECK(did_defer_); On 2016/11/10 07:09:27, dcheng wrote: > Is it safe to allow this to be called multiple times? This is called from the > renderer, and an exploited renderer could just invoke FollowRedirect() multiple > times. > > (Basically, I'm wondering if this should be a DCHECK or if it's something we > need to check for and handle) Good question...It looks like it's actually safe (We tear down the redirect and try again), but that's just luck. We should probably just kill the renderer if this happens. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:394: void MojoAsyncResourceHandler::OnWritable(MojoResult unused) { nit: I think the style is to not name unused variables? Also should echo the name in the header. "MojoResult /*result*/" or "/*=result*/", or whatnot. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.h (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.h:90: void Resume(); This method no longer exists. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler_unittest.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler_unittest.cc:1112: ASSERT_TRUE(url_loader_client_.has_received_redirect()); Check that there was only one received redirect call? https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler_unittest.cc:1117: EXPECT_EQ(1, resource_controller_.num_resume_calls()); Let's continue this request to completion. Otherwise, we don't know if the async resource handler's state machine continues to work after following the redirect. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/test_url_loader_client.h (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/test_url_loader_client.h:40: bool has_received_redirect() const { return has_received_redirect_; } Can we count the number of redirects or something, make sure we only receive the expected single redirect?
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:268: DCHECK(did_defer_); On 2016/11/10 21:42:40, mmenke wrote: > On 2016/11/10 07:09:27, dcheng wrote: > > Is it safe to allow this to be called multiple times? This is called from the > > renderer, and an exploited renderer could just invoke FollowRedirect() > multiple > > times. > > > > (Basically, I'm wondering if this should be a DCHECK or if it's something we > > need to check for and handle) > > Good question...It looks like it's actually safe (We tear down the redirect and > try again), but that's just luck. We should probably just kill the renderer if > this happens. Done. It's now cancelling the request, I don't know what is the preferred manner for the malformed request with mojo. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:394: void MojoAsyncResourceHandler::OnWritable(MojoResult unused) { On 2016/11/10 21:42:40, mmenke wrote: > nit: I think the style is to not name unused variables? Also should echo the > name in the header. "MojoResult /*result*/" or "/*=result*/", or whatnot. Done. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.h (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.h:90: void Resume(); On 2016/11/10 21:42:40, mmenke wrote: > This method no longer exists. Done. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler_unittest.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler_unittest.cc:1112: ASSERT_TRUE(url_loader_client_.has_received_redirect()); On 2016/11/10 21:42:41, mmenke wrote: > Check that there was only one received redirect call? Done in TestResourceClient. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/mojo_async_resource_handler_unittest.cc:1117: EXPECT_EQ(1, resource_controller_.num_resume_calls()); On 2016/11/10 21:42:41, mmenke wrote: > Let's continue this request to completion. Otherwise, we don't know if the > async resource handler's state machine continues to work after following the > redirect. Done. https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... File content/browser/loader/test_url_loader_client.h (right): https://codereview.chromium.org/2467833002/diff/270001/content/browser/loader... content/browser/loader/test_url_loader_client.h:40: bool has_received_redirect() const { return has_received_redirect_; } On 2016/11/10 21:42:41, mmenke wrote: > Can we count the number of redirects or something, make sure we only receive the > expected single redirect? I added EXPECT_FALSE(has_received_redirect_) in the .cc file. https://codereview.chromium.org/2467833002/diff/270001/content/renderer/servi... File content/renderer/service_worker/service_worker_context_client.cc (right): https://codereview.chromium.org/2467833002/diff/270001/content/renderer/servi... content/renderer/service_worker/service_worker_context_client.cc:289: url_loader_ = nullptr; On 2016/11/10 11:57:26, horo wrote: > We should provide more specific error message to client. > Please merge https://codereview.chromium.org/2485423004 to this cl. Done.
service_worker: lgtm
https://codereview.chromium.org/2467833002/diff/330001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/330001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:274: controller()->Cancel(); Seems like we should have a test for this. Should we also have a test that we correctly allow two redirects? Nothing currently depends on the "did_defer_on_redirect_ = false" line, either.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
Patchset #6 (id:350001) has been deleted
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #6 (id:370001) has been deleted
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_clang_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_clan...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2467833002/diff/330001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/330001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:274: controller()->Cancel(); On 2016/11/11 15:47:17, mmenke wrote: > Seems like we should have a test for this. > > Should we also have a test that we correctly allow two redirects? Nothing > currently depends on the "did_defer_on_redirect_ = false" line, either. Done.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
content/browser/loader LGTM
yhirano@chromium.org changed reviewers: + avi@chromium.org
+avi@ as a content OWNER.
lgtm stampity stamp
https://codereview.chromium.org/2467833002/diff/410001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/410001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:278: DCHECK(!did_defer_on_writing_); So in general, loading is a large state machine. If the renderer gets out of sync, I think we should probably be calling mojo::ReportBadMessage(...) to kill it, right? Are there reasons where we'd want to continue? (Also, I'm not sure if we're consistently doing this now; do you know what happens for legacy IPC?)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2467833002/diff/410001/content/browser/loader... File content/browser/loader/mojo_async_resource_handler.cc (right): https://codereview.chromium.org/2467833002/diff/410001/content/browser/loader... content/browser/loader/mojo_async_resource_handler.cc:278: DCHECK(!did_defer_on_writing_); On 2016/11/15 07:41:41, dcheng wrote: > So in general, loading is a large state machine. If the renderer gets out of > sync, I think we should probably be calling mojo::ReportBadMessage(...) to kill > it, right? Are there reasons where we'd want to continue? > > (Also, I'm not sure if we're consistently doing this now; do you know what > happens for legacy IPC?) This dcheck is not affected by a malformed renderer. L272-L275 is the section for the issue, and PS8 calls mojo::ReportBadMessage.
mojo lgtm cc +rockot, because I'm curious if there's a better way to detect a bad message for unit testing
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-...)
The CQ bit was checked by yhirano@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from tzik@chromium.org, horo@chromium.org, avi@chromium.org, mmenke@chromium.org, dcheng@chromium.org Link to the patchset: https://codereview.chromium.org/2467833002/#ps450001 (title: "rebase")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for loading with mojo. BUG=603396 ========== to ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for loading with mojo. BUG=603396 ==========
Message was sent while issue was closed.
Committed patchset #9 (id:450001)
Message was sent while issue was closed.
Description was changed from ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for loading with mojo. BUG=603396 ========== to ========== Implement redirect handling on MojoAsyncResourceHandler This CL introduces redirect handling for loading with mojo. BUG=603396 Committed: https://crrev.com/7153dc4799a3cea581c8d125990dc84d12fef576 Cr-Commit-Position: refs/heads/master@{#432447} ==========
Message was sent while issue was closed.
Patchset 9 (id:??) landed as https://crrev.com/7153dc4799a3cea581c8d125990dc84d12fef576 Cr-Commit-Position: refs/heads/master@{#432447} |
