Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(2)

Issue 566083003: Implementation of subresource integrity attribute for secure origins. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
3 years ago by jww
Modified:
3 years ago
Reviewers:
Mike West
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, sof, eae+blinkwatch, rwlbuis
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Implementation of subresource integrity attribute for secure origins. This is an implementation of subresource integrity only for script tags and secure origins. This uses the previously added integrity attribute to calculate a digest for subresources and allow access to the resource only if the digest matches the specified integrity value. See http://www.w3.org/TR/SRI/ for the W3C standard proposal. Intent to implement discussion: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/hTDUpMk_TV8 BUG=355467 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=182523

Patch Set 1 #

Patch Set 2 : Block resources at insecure origins #

Total comments: 5

Patch Set 3 : Many improvements, closer to standard #

Total comments: 18

Patch Set 4 : Fixes from mkwst #

Total comments: 1

Patch Set 5 : Rebase on ToT #

Patch Set 6 : Rebase on ToT (again) #

Patch Set 7 : Fixed broken build #

Unified diffs Side-by-side diffs Delta from patch set Stats (+373 lines, -0 lines) Patch
A + LayoutTests/http/tests/security/subresourceIntegrity/fail.js View 0 chunks +-1 lines, --1 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass1of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass2of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/pass3of3.js View 1 2 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-allowed.html View 1 2 1 chunk +12 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-allowed-expected.txt View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html View 1 2 1 chunk +15 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked-expected.txt View 1 chunk +1 line, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity.html View 1 2 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity-expected.txt View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/core.gypi View 1 2 3 4 2 chunks +3 lines, -0 lines 0 comments Download
M Source/core/dom/ScriptLoader.cpp View 1 2 3 4 2 chunks +5 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrity.h View 1 2 3 1 chunk +33 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrity.cpp View 1 2 3 1 chunk +163 lines, -0 lines 0 comments Download
A Source/core/frame/SubresourceIntegrityTest.cpp View 1 2 3 1 chunk +113 lines, -0 lines 0 comments Download
M Source/core/frame/UseCounter.h View 1 2 3 4 5 6 1 chunk +5 lines, -1 line 0 comments Download
Commit queue not available (can’t edit this change).

Messages

Total messages: 22 (10 generated)
jww
mkwst@, here's a start on subresource integrity. Lots left to do, but it does work ...
3 years ago (2014-09-13 01:17:31 UTC) #2
Mike West
The approach looks totally reasonable, thanks for kicking this off! Comments inline. https://codereview.chromium.org/566083003/diff/20001/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html File LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-blocked.html ...
3 years ago (2014-09-13 03:44:31 UTC) #3
jww
mkwst@, I've addressed most of your issues, and I've also added in proper ni:// support ...
3 years ago (2014-09-15 21:20:16 UTC) #4
Mike West
Thanks, this is looking great! A few comments below, mostly related to testing. https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi File ...
3 years ago (2014-09-16 06:45:04 UTC) #5
jww
https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi File Source/core/core.gypi (right): https://codereview.chromium.org/566083003/diff/40001/Source/core/core.gypi#newcode1214 Source/core/core.gypi:1214: 'frame/SubresourceIntegrity.cpp', On 2014/09/16 06:45:03, Mike West wrote: > Please ...
3 years ago (2014-09-16 22:34:49 UTC) #6
Mike West
LGTM, thanks for adding a test and taking another pass. https://codereview.chromium.org/566083003/diff/60001/Source/core/frame/UseCounter.h File Source/core/frame/UseCounter.h (right): https://codereview.chromium.org/566083003/diff/60001/Source/core/frame/UseCounter.h#newcode502 ...
3 years ago (2014-09-17 07:19:06 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/80001
3 years ago (2014-09-23 21:02:30 UTC) #13
commit-bot: I haz the power
Failed to apply patch for Source/core/frame/UseCounter.h: While running patch -p1 --forward --force --no-backup-if-mismatch; patching file ...
3 years ago (2014-09-23 21:02:52 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/100001
3 years ago (2014-09-23 21:30:59 UTC) #17
commit-bot: I haz the power
Try jobs failed on following builders: android_chromium_gn_compile_rel on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/android_chromium_gn_compile_rel/builds/11435) linux_blink_dbg on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/linux_blink_dbg/builds/26293) mac_blink_compile_dbg ...
3 years ago (2014-09-23 21:41:08 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/566083003/120001
3 years ago (2014-09-23 21:51:07 UTC) #21
commit-bot: I haz the power
3 years ago (2014-09-23 23:11:09 UTC) #22
Message was sent while issue was closed.
Committed patchset #7 (id:120001) as 182523
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld b40b6558b