Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 780943003: Revert of Block port 443 for all protocols other than HTTPS or WSS. (Closed)

Created:
6 years ago by lgarron
Modified:
6 years ago
Reviewers:
davidben, PhistucK, mmenke
CC:
cbentzel+watch_chromium.org, palmer
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Revert of Block port 443 for all protocols other than HTTPS or WSS. (patchset #7 id:120001 of https://codereview.chromium.org/770343003/) Reason for revert: Unfortunately, this fix didn't do enough to mitigate the original problem (it's easy to tell if a site has been visited). It's also incomplete on its own (i.e. it needs further changes to prevent the HSTS redirect). See https://crbug.com/436451#c30 Original issue's description: > Block port 443 for all protocols other than HTTPS or WSS. > > This addresses the history leak (on non-preloaded HSTS sites) from https://crbug.com/436451: > > "If we ask Chrome to load http://example.com:443, it will definitely fail, because Chrome will make plain-text HTTP request to port 443 of the server. However, if example.com is a Known HSTS Host of Chrome (meaning either the user has visited https://example.com before, or it is on the HSTS preload list), it will send request to https://example.com:443, and the request will succeed. We can use JavaScript to differentiate the two cases, since in the first case, onerror event is triggered, while in the second case, onload event is triggered. > > Therefore, a malicious website can include well-chosen cross-domain images and use this trick to brute-force a list of domains that users have visited. Note that the list could only contain HSTS-enabled but not preloaded websites." > > BUG=436451 > > Committed: https://crrev.com/b6cf19c7b9dd536405c3c4f80876411733c9d5a5 > Cr-Commit-Position: refs/heads/master@{#306959} TBR=davidben@chromium.org,phistuck@gmail.com,mmenke@chromium.org NOTREECHECKS=true NOTRY=true BUG=436451 Committed: https://crrev.com/3e9300a62343005f995db4a6a72728381993081f Cr-Commit-Position: refs/heads/master@{#307340}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+6 lines, -63 lines) Patch
M net/base/net_util.h View 1 chunk +0 lines, -9 lines 0 comments Download
M net/base/net_util.cc View 3 chunks +0 lines, -29 lines 0 comments Download
M net/http/http_stream_factory_impl_job.cc View 1 chunk +6 lines, -6 lines 0 comments Download
M net/url_request/url_request_unittest.cc View 1 chunk +0 lines, -19 lines 0 comments Download

Messages

Total messages: 9 (2 generated)
lgarron
Created Revert of Block port 443 for all protocols other than HTTPS or WSS.
6 years ago (2014-12-08 21:17:27 UTC) #1
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/780943003/1
6 years ago (2014-12-08 21:18:50 UTC) #2
commit-bot: I haz the power
No LGTM from a valid reviewer yet. Only full committers are accepted. Even if an ...
6 years ago (2014-12-08 21:18:54 UTC) #4
davidben
lgtm
6 years ago (2014-12-08 21:25:23 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/780943003/1
6 years ago (2014-12-08 21:27:38 UTC) #7
commit-bot: I haz the power
Committed patchset #1 (id:1)
6 years ago (2014-12-08 21:28:56 UTC) #8
commit-bot: I haz the power
6 years ago (2014-12-08 21:30:35 UTC) #9
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/3e9300a62343005f995db4a6a72728381993081f
Cr-Commit-Position: refs/heads/master@{#307340}

Powered by Google App Engine
This is Rietveld 408576698