New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 606788 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Buried. Ping if important.
Closed: Apr 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 400674



Sign in to add a comment

Credentials should be submittable within the same registrable domain.

Project Member Reported by mkwst@chromium.org, Apr 26 2016

Issue description

Comment 1 by mkwst@chromium.org, Apr 26 2016

https://codereview.chromium.org/1918253002 up for review.

Comment 3 by mkwst@chromium.org, Apr 27 2016

Labels: Merge-Request-51
Hello, friendly release managers! I'd like to merge this back to the beta branch once it's baked on Canary for a day or two. The Credential Management API was unfortunately preventing folks from submitting credentials to sign-in servers, which obviates most of its purpose. :(

Comment 4 by tin...@google.com, Apr 27 2016

Labels: -Merge-Request-51 Merge-Approved-51 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M51 (branch: 2704)
Project Member

Comment 5 by bugdroid1@chromium.org, Apr 29 2016

Labels: -merge-approved-51 merge-merged-2704
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c1bd9c0416516f3e73a659dcbce7bb17741f4ff5

commit c1bd9c0416516f3e73a659dcbce7bb17741f4ff5
Author: Mike West <mkwst@google.com>
Date: Fri Apr 29 07:58:05 2016

CREDENTIAL: Credentials should be submitted within a registrable domain.

The current code checks for an exact origin match when creating a
Request. That doesn't match the specification; see step 3.1 of
https://w3c.github.io/webappsec-credential-management/#body-extraction.

BUG= 606788 

Review URL: https://codereview.chromium.org/1918253002

Cr-Commit-Position: refs/heads/master@{#389858}
(cherry picked from commit 6036e62ac8638c3cdfd76db5dfe44ca05c62f682)

Review URL: https://codereview.chromium.org/1928283002 .

Cr-Commit-Position: refs/branch-heads/2704@{#306}
Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251}

[add] https://crrev.com/c1bd9c0416516f3e73a659dcbce7bb17741f4ff5/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch-registrabledomain.html
[modify] https://crrev.com/c1bd9c0416516f3e73a659dcbce7bb17741f4ff5/third_party/WebKit/LayoutTests/http/tests/credentialmanager/resources/echo-post.php
[modify] https://crrev.com/c1bd9c0416516f3e73a659dcbce7bb17741f4ff5/third_party/WebKit/Source/modules/fetch/Request.cpp

Comment 6 by mkwst@chromium.org, Apr 29 2016

Status: Fixed (was: Started)

Sign in to add a comment