Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2495)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 732323004: Add use counter for credentialed CORS access from null origins. (Closed)

Created:
6 years ago by sof
Modified:
6 years ago
CC:
blink-reviews, tyoshino+watch_chromium.org, blink-reviews-html_chromium.org, zoltan1, eae+blinkwatch, leviw+renderwatch, Dominik Röttsches, blink-reviews-dom_chromium.org, dglazkov+blink, blink-reviews-rendering, gavinp+loader_chromium.org, jchaffraix+rendering, pdr+renderingwatchlist_chromium.org, Nate Chapin, rwlbuis
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Add use counter for credentialed CORS access from null origins. To gain some data on how widespread the use of Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true is (and it being currently allowed), add a use counter. To enable the use counter reporting from within the CORS access check, some extra plumbing required (but unavoidable.) R=tyoshino BUG=440676 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=186875

Patch Set 1 #

Total comments: 2

Patch Set 2 : tweak spelling #

Unified diffs Side-by-side diffs Delta from patch set Stats (+30 lines, -23 lines) Patch
M Source/core/dom/ScriptLoader.cpp View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/fetch/CrossOriginAccessControl.h View 3 chunks +3 lines, -2 lines 0 comments Download
M Source/core/fetch/CrossOriginAccessControl.cpp View 1 5 chunks +6 lines, -3 lines 0 comments Download
M Source/core/fetch/ImageResource.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/fetch/ImageResource.cpp View 1 chunk +2 lines, -2 lines 0 comments Download
M Source/core/fetch/Resource.h View 2 chunks +3 lines, -2 lines 0 comments Download
M Source/core/fetch/Resource.cpp View 1 chunk +4 lines, -4 lines 0 comments Download
M Source/core/fetch/ResourceFetcher.cpp View 2 chunks +2 lines, -2 lines 0 comments Download
M Source/core/frame/UseCounter.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/html/HTMLImageElement.cpp View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/imagebitmap/ImageBitmapFactories.cpp View 1 chunk +2 lines, -1 line 0 comments Download
M Source/core/loader/DocumentThreadableLoader.cpp View 3 chunks +3 lines, -3 lines 0 comments Download
M Source/core/rendering/shapes/ShapeOutsideInfo.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 11 (3 generated)
sof
Please take a look. Some extra plumbing needed here unfortunately, but seems unavoidable. If the ...
6 years ago (2014-12-10 10:58:36 UTC) #2
tyoshino (SeeGerritForStatus)
https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h File Source/core/frame/UseCounter.h (right): https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h#newcode563 Source/core/frame/UseCounter.h:563: CORSCredentialledNullOriginAccessAllowed = 619, nit: how about using the same ...
6 years ago (2014-12-10 11:27:45 UTC) #4
sof
https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h File Source/core/frame/UseCounter.h (right): https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h#newcode563 Source/core/frame/UseCounter.h:563: CORSCredentialledNullOriginAccessAllowed = 619, On 2014/12/10 11:27:44, tyoshino wrote: > ...
6 years ago (2014-12-10 11:40:41 UTC) #5
tyoshino (SeeGerritForStatus)
On 2014/12/10 11:40:41, sof wrote: > https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h > File Source/core/frame/UseCounter.h (right): > > https://codereview.chromium.org/732323004/diff/1/Source/core/frame/UseCounter.h#newcode563 > ...
6 years ago (2014-12-10 15:43:40 UTC) #6
Mike West
Please don't wait for me to review this patch; I'm sick and OOO.
6 years ago (2014-12-10 15:53:44 UTC) #7
sof
On 2014/12/10 15:53:44, Mike West (sick) wrote: > Please don't wait for me to review ...
6 years ago (2014-12-10 18:46:31 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/732323004/20001
6 years ago (2014-12-10 19:06:31 UTC) #10
commit-bot: I haz the power
6 years ago (2014-12-10 21:08:09 UTC) #11
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=186875

Powered by Google App Engine
This is Rietveld 408576698