New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 591672 link

Starred by 3 users
Status: Started
Owner:
mkwst@chromium.org
Buried. Ping if important.
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 590714



Sign in to add a comment

Introduce the 'addressSpace' IDL attributes.

Project Member Reported by mkwst@chromium.org, Mar 3 2016
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 4 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855

commit ba0ae85476038f7fdb7394e9f18e8a0c73fc0855
Author: mkwst <mkwst@chromium.org>
Date: Fri Mar 04 14:26:47 2016

CORS-RFC1918: Introduce the 'addressSpace' IDL attributes.

As defined at https://mikewest.github.io/cors-rfc1918/#feature-detect,
this patch adds attributes to 'Document' and 'WorkerGlobalScope' in order
to detect both support for the CORS-RFC1918 preflight mechanism, as well
as the current state of the context.

This patch also fixes a pretty bad bug with our counting of IPv6
addresses by ensuring that they're properly bracketed before being
processed as "reserved" or not. Alas, this means that we've been
miscategorizing some unknown subset of documents and resources as
"public" that should have been "private". I'm not sure if this is
going to make the numbers at
https://www.chromestatus.com/metrics/feature/timeline/popularity/530
better or worse. :/

BUG=591672

Review URL: https://codereview.chromium.org/1754713006

Cr-Commit-Position: refs/heads/master@{#379282}

[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/content/child/web_url_loader_impl.cc
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/content/child/web_url_loader_impl_unittest.cc
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-document-basic.html
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-document-csp.html
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-worker-basic-expected.txt
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-worker-basic.html
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/addressspace-test.js
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-from-worker.html
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-to-owner.js
[add] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-to-parent.html
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/http/tests/serviceworker/webexposed/global-interface-listing-service-worker-expected.txt
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-dedicated-worker-expected.txt
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-shared-worker-expected.txt
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/dom/Document.idl
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/dom/SecurityContext.cpp
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/dom/SecurityContext.h
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/loader/FrameFetchContextTest.cpp
[modify] https://crrev.com/ba0ae85476038f7fdb7394e9f18e8a0c73fc0855/third_party/WebKit/Source/core/workers/WorkerGlobalScope.idl
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b035ad2b4894c007b5580c8da151dca8ad550975

commit b035ad2b4894c007b5580c8da151dca8ad550975
Author: mkwst <mkwst@chromium.org>
Date: Tue Mar 08 10:59:01 2016

CORS-RFC1918: Teach appcache responses to passthrough their socket address.

In order to do the right thing for external requests and preflights, we
need to teach AppCacheURLRequestJob to passthrough the IP address of the
cached request. This is especially important for main resources, as those
control whether or not preflights are necessary.

This patch overrides the default 'GetSocketAddress' method to pass through
the socket address stored along with the AppCacheEntry object, and ensures
that the socket address is propegated for synchronous requests. Layout
tests verify that this results in a main resource whose
'document.addressSpace' is accurate.

BUG=591672

Review URL: https://codereview.chromium.org/1772303002

Cr-Commit-Position: refs/heads/master@{#379805}

[modify] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/content/browser/appcache/appcache_url_request_job.cc
[modify] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/content/browser/appcache/appcache_url_request_job.h
[modify] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/content/child/resource_dispatcher.cc
[add] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-document-appcache.html
[add] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-document-csp-appcache.html
[modify] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/addressspace-test.js
[add] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/appcache.php
[add] https://crrev.com/b035ad2b4894c007b5580c8da151dca8ad550975/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-to-parent-with-appcache.html
Project Member

Comment 3 by bugdroid1@chromium.org, May 3 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/64ecde25bae52de55a682386ad05701498ecd5bd

commit 64ecde25bae52de55a682386ad05701498ecd5bd
Author: mkwst <mkwst@chromium.org>
Date: Tue May 03 04:52:58 2016

CORS-RFC1918: Teach Service Workers about address spaces.

Service Workers don't currently understand address spaces, this patch does the
minimum amount of work necessary to ensure two things:

1. The initial request for a service worker has the correct address space
   associated with the loader (the changes the `WebEmbeddedWorker*`).

2. The address space of the response is piped down through the content
   layer (the change to `resource_loader.cc`: this worked for everything
   up through now, but Service Workers have a caching mechanism inbetween
   URLRequest and here which made `GetSocketAddress` unreliable. The cached
   response info, however, is accurate).

BUG=591672
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/1929353002
Cr-Commit-Position: refs/heads/master@{#391170}

[modify] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/content/browser/loader/resource_loader.cc
[add] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/addressspace-serviceworker-basic.html
[modify] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/addressspace-test.js
[add] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-from-serviceworker.html
[add] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/LayoutTests/http/tests/security/cors-rfc1918/resources/post-addressspace-to-owner-serviceworker.js
[modify] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp
[modify] https://crrev.com/64ecde25bae52de55a682386ad05701498ecd5bd/third_party/WebKit/public/web/WebEmbeddedWorkerStartData.h

Comment 4 by rbyers@chromium.org, Nov 18 2016

Components: Blink>SecurityFeature

Comment 5 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 6 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment