Issue 656097 link

Starred by 2 users

Issue metadata

Status:	Available
Owner:	----
Cc:	█ mkwst@chromium.org rsleevi@chromium.org mmenke@chromium.org
Components:	Blink>Loader Blink>SecurityFeature
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Not setting LOAD_DO_NOT_SEND_AUTH_DATA with LOAD_DO_NOT_[SEND|SAVE]_COOKIES can poison privacy mode socket pools

Project Member Reported by mmenke@chromium.org, Oct 14 2016

Issue description

If LOAD_DO_NOT_SEND_COOKIES or LOAD_DO_NOT_SAVE_COOKIES is set on a URLRequestHttpJob, the request will go to the privacy mode socket pool.  If LOAD_DO_NOT_SEND_AUTH_DATA is *not* set on the socket, some forms of ambient identity may be used on the privacy mode connection.  I believe this can poison the privacy mode socket pool with sockets that have used client authentication.

It's my understanding that this does in fact happen on some web-initiated requests in practice, though I'm not quite sure which ones.

Comment 1 by mkwst@chromium.org, Feb 23 2017

Status: Available (was: Untriaged)

I don't think there's any case where we intentionally prevent cookies but don't prevent basic auth. If you have any specific cases in mind, I'm happy to help you track them down.

Comment 2 by mkwst@chromium.org, Feb 23 2017

Components: Blink>Loader

Comment 3 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 4 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

►

Issue 656097 link

Issue metadata

Not setting LOAD_DO_NOT_SEND_AUTH_DATA with LOAD_DO_NOT_[SEND|SAVE]_COOKIES can poison privacy mode socket pools

Issue description

Comment 1 by mkwst@chromium.org, Feb 23 2017

Comment 1 Deleted

Comment 2 by mkwst@chromium.org, Feb 23 2017

Comment 2 Deleted

Comment 3 by est...@chromium.org, Nov 10 2017

Comment 3 Deleted

Comment 4 by est...@chromium.org, Feb 18 2018

Comment 4 Deleted

Sign in to add a comment