commit | 2d3f85193a309457c923e1edc053c5d7a9d214e6 | [log] [tgz] |
---|---|---|
author | Lukasz Anforowicz <lukasza@chromium.org> | Thu Jan 03 06:39:30 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Jan 03 06:39:30 2019 |
tree | 92a98c8841118423c2127274438bc18245f77e4f | |
parent | 29ac4289d27a7510d2ff15f94aa2f716be673bfc [diff] |
Enforce |request_initiator_site_lock| for Cross-Origin Read Blocking. In the long-term we want |request_initiator_site_lock| to take precedence over |request_initiator| everywhere in the NetworkService. This is risky however, because there are known cases where |request_initiator| may differ from |request_initiator_site_lock| even without a malicious/compromised renderer in the picture (e.g. HTML Imports). Therefore, in the short-term, we start with enforcing |request_initiator_site_lock| only for Cross-Origin Read Blocking (CORB) - this is safer because: - CORB only applies to a subset of requests and so this approach seems safer and okay to enable by default (while measuring the impact via UMA and having a kill switch ready). - CORB is only web-observable when blocking subresource requests trigerred by XHR/fetch API (and these requests seem to always use a |request_initiator| compatible with |request_initiator_site_lock|; this is covered by new tests added by this CL). Bug: 871827 Change-Id: If9459bfbd09411d70c3547de0e50a58832e75503 Reviewed-on: https://chromium-review.googlesource.com/c/1377385 Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Ilya Sherman <isherman@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Cr-Commit-Position: refs/heads/master@{#619597}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .