Chromium Code Reviews
Help | Chromium Project | Sign in
(3)

Issue 566083003: Implementation of subresource integrity attribute for secure origins. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
2 years, 6 months ago by jww
Modified:
2 years, 6 months ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, sof, eae+blinkwatch, rwlbuis
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Implementation of subresource integrity attribute for secure origins. This is an implementation of subresource integrity only for script tags and secure origins. This uses the previously added integrity attribute to calculate a digest for subresources and allow access to the resource only if the digest matches the specified integrity value. See http://www.w3.org/TR/SRI/ for the W3C standard proposal. Intent to implement discussion: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/hTDUpMk_TV8 BUG=355467 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=182523

Patch Set 1 #

Patch Set 2 : Block resources at insecure origins #

Total comments: 5

Patch Set 3 : Many improvements, closer to standard #

Total comments: 18

Patch Set 4 : Fixes from mkwst #

Total comments: 1

Patch Set 5 : Rebase on ToT #

Patch Set 6 : Rebase on ToT (again) #

Patch Set 7 : Fixed broken build #

Unified diffs Side-by-side diffs Delta from patch set Stats (+373 lines, -0 lines) Patch
A + LayoutTests/http/tests/security/subresourceIntegrity/fail.js View 0 chunks +-1 lines, --1 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass1of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass2of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass3of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-allowed.html View 1 2 1 chunk +12 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-allowed-expected.txt View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html View 1 2 1 chunk +15 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked-expected.txt View 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity.html View 1 2 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity-expected.txt View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/core.gypi View 1 2 3 4 2 chunks +3 lines, -0 lines 0 comments Download
M Source/core/dom/ScriptLoader.cpp View 1 2 3 4 2 chunks +5 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrity.h View 1 2 3 1 chunk +33 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrity.cpp View 1 2 3 1 chunk +163 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrityTest.cpp View 1 2 3 1 chunk +113 lines, -0 lines 0 comments Download
M Source/core/frame/UseCounter.h View 1 2 3 4 5 6 1 chunk +5 lines, -1 line 0 comments Download
Commit queue not available (can’t edit this change).

Messages

Total messages: 22 (10 generated)
jww
mkwst@, here's a start on subresource integrity. Lots left to do, but it does work ...
2 years, 6 months ago (2014-09-13 01:17:31 UTC) #2
Mike West
The approach looks totally reasonable, thanks for kicking this off! Comments inline. https://codereview.chromium.org/566083003/diff/20001/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html File LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html ...
2 years, 6 months ago (2014-09-13 03:44:31 UTC) #3
jww
mkwst@, I've addressed most of your issues, and I've also added in proper ni:// support ...
2 years, 6 months ago (2014-09-15 21:20:16 UTC) #4
Mike West
Thanks, this is looking great! A few comments below, mostly related to testing. https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi File ...
2 years, 6 months ago (2014-09-16 06:45:04 UTC) #5
jww
https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi File Source/core/core.gypi (right): https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi#newcode1214 Source/core/core.gypi:1214: 'frame/SubresourceIntegrity.cpp', On 2014/09/16 06:45:03, Mike West wrote: > Please ...
2 years, 6 months ago (2014-09-16 22:34:49 UTC) #6
Mike West
LGTM, thanks for adding a test and taking another pass. https://codereview.chromium.org/566083003/diff/60001/Source/core/frame/UseCounter.h File Source/core/frame/UseCounter.h (right): https://codereview.chromium.org/566083003/diff/60001/Source/core/frame/UseCounter.h#newcode502 ...
2 years, 6 months ago (2014-09-17 07:19:06 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/80001
2 years, 6 months ago (2014-09-23 21:02:30 UTC) #13
commit-bot: I haz the power
Failed to apply patch for Source/core/frame/UseCounter.h: While running patch -p1 --forward --force --no-backup-if-mismatch; patching file ...
2 years, 6 months ago (2014-09-23 21:02:52 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/100001
2 years, 6 months ago (2014-09-23 21:30:59 UTC) #17
commit-bot: I haz the power
Try jobs failed on following builders: android_chromium_gn_compile_rel on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/android_chromium_gn_compile_rel/builds/11435) linux_blink_dbg on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/linux_blink_dbg/builds/26293) mac_blink_compile_dbg ...
2 years, 6 months ago (2014-09-23 21:41:08 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/120001
2 years, 6 months ago (2014-09-23 21:51:07 UTC) #21
commit-bot: I haz the power
2 years, 6 months ago (2014-09-23 23:11:09 UTC) #22
Message was sent while issue was closed.
Committed patchset #7 (id:120001) as 182523
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld cc6ac46