Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 603002 Remove support for X-Frame-Options inside <meta>
Starred by 4 users Project Member Reported by mkwst@chromium.org, Apr 13 2016 Back to list
Status: Fixed
Owner:
mkwst@chromium.org
Closed: May 2016
Cc:
jochen@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 555418



Sign in to add a comment
 
We currently try to support `X-Frame-Options` inside `<meta>` tags  by cancelling the page load when we parse the tag, and navigating to a blank page instead. This is somewhat functional, but not exactly a reliable protection.

In fact, all of our XFO implementation is somewhat unreliable, as it's all implemented in Blink. We're working on migrating it up to the browser process, but that's going to be difficult to do cleanly if we need to support the `<meta>` implementation. We'll either need implementations in both Blink and //content, or we'll need another IPC.

I'd prefer to simply remove the functionality.
Project Member Comment 1 by bugdroid1@chromium.org, Apr 14 2016 
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a2d5fc7049d414031a0acc39939ffff67081db17

commit a2d5fc7049d414031a0acc39939ffff67081db17
Author: mkwst <mkwst@chromium.org>
Date: Thu Apr 14 19:06:19 2016

Ignore 'X-Frame-Options' inside '<meta>' tags.

We currently try to support 'X-Frame-Options' inside '<meta>' tags by
cancelling the page load when we parse the tag, and navigating to a
blank page instead. This is somewhat functional, but not exactly a
reliable protection.

In fact, all of our XFO implementation is somewhat unreliable, as it's
all implemented in Blink. We're working on migrating it up to the
browser process, but that's going to be difficult to do cleanly if we
need to support the '<meta>' implementation. We'll either need
implementations in both Blink and //content, or we'll need another IPC.

I'd prefer to simply remove the functionality.

If this lands, I'll remove the rest of the XFO plumbing in
https://codereview.chromium.org/1617043002 as part of moving everything
up out of Blink and into //content.

Intent to Remove: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/R1gkjKZI0J8

BUG= 603002 

Review URL: https://codereview.chromium.org/1889433003

Cr-Commit-Position: refs/heads/master@{#387381}

[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/fast/parser/x-frame-options-detached-document-crash-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/fast/parser/x-frame-options-detached-document-crash.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/misc/onload-write-during-xframe-deny-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/misc/onload-write-during-xframe-deny.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html
[delete] https://crrev.com/030834b4ab7ec2f0ff398e123745d224baf39d29/third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options.html
[modify] https://crrev.com/a2d5fc7049d414031a0acc39939ffff67081db17/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
Comment 2 by as19790...@gmail.com, Apr 17 2016 
=1
Comment 3 by mkwst@chromium.org, May 6 2016
Status: Fixed
Sign in to add a comment