Update token generation to check origins for subdomain tokens |
|||||
Issue descriptionIssue 653349 added support for tokens that will match subdomains of the specified origin. As subdomain tokens can enable a trial for multiple origins, they are to be restricted in the origins for which they will be issues. Specifically, origins found in the Public Suffix List (https://publicsuffix.org/) will not be allowed for use in such tokens. The generation process needs to be updated with manual and/or automated steps to validate origins for subdomain token requests.
,
Dec 23 2016
,
Dec 23 2016
,
Dec 24 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/14e7a72edd0b2d0b313d047e33069cebc76cc0ab commit 14e7a72edd0b2d0b313d047e33069cebc76cc0ab Author: amineer <amineer@chromium.org> Date: Sat Dec 24 18:42:05 2016 Revert of Validate origins when generating subdomain tokens (patchset #12 id:240001 of https://codereview.chromium.org/2456053004/ ) Reason for revert: Breaks official Android builds, see https://bugs.chromium.org/p/chromium/issues/detail?id=676894 Original issue's description: > Validate origins when generating subdomain tokens > > Subdomain tokens will match against any subdomains of the given origin. > This relaxed matching should not be applied when subdomains represent > separate logical sites (e.g. <user>.github.io). Thus, subdomain tokens > are not to be issued for such domains. For more detail, see the last > question in the Origin Trials developer guide: > https://github.com/jpchase/OriginTrials/blob/gh-pages/developer-guide.md > > This CL adds a utility to validate that a origin is not found in the > Public Suffix List. The token generation script will now call the > utility to check the origin, only for subdomain tokens. The utility > is used when the generation script is manually run by the origin > trials team to issue tokens. The intent is to automate the origin > checks, to reduce the number of manual steps in issuing tokens. > > BUG=658856 > > Committed: https://crrev.com/6205808cb4e9c61264e4aa48676e2f5833a61326 > Cr-Commit-Position: refs/heads/master@{#440554} TBR=iclelland@chromium.org,agrieve@chromium.org,rdsmith@chromium.org,rsleevi@chromium.org,brettw@chromium.org,chasej@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=658856 Review-Url: https://codereview.chromium.org/2605563003 Cr-Commit-Position: refs/heads/master@{#440670} [modify] https://crrev.com/14e7a72edd0b2d0b313d047e33069cebc76cc0ab/BUILD.gn [modify] https://crrev.com/14e7a72edd0b2d0b313d047e33069cebc76cc0ab/build/config/linux/gconf/BUILD.gn [modify] https://crrev.com/14e7a72edd0b2d0b313d047e33069cebc76cc0ab/tools/origin_trials/generate_token.py [delete] https://crrev.com/739b0fcd91bcf0fde5b4f4ea7be369e7705e5683/tools/origin_trials/validate_subdomain_origin/BUILD.gn [delete] https://crrev.com/739b0fcd91bcf0fde5b4f4ea7be369e7705e5683/tools/origin_trials/validate_subdomain_origin/DEPS [delete] https://crrev.com/739b0fcd91bcf0fde5b4f4ea7be369e7705e5683/tools/origin_trials/validate_subdomain_origin/test_validate.py [delete] https://crrev.com/739b0fcd91bcf0fde5b4f4ea7be369e7705e5683/tools/origin_trials/validate_subdomain_origin/validate_subdomain_origin.cc [modify] https://crrev.com/14e7a72edd0b2d0b313d047e33069cebc76cc0ab/url/features.gni
,
Mar 7 2017
The CL was reverted a while back. The overall token generation process is now automated elsewhere, so arguably this isn't needed anymore. However, it may be useful for those generating test tokens. Either this should be closed as WontFix, or the CL should be re-landed.
,
Mar 7 2017
,
Aug 18 2017
Test update for auto-CC on the "Internals>OriginTrials" component
,
Aug 18 2017
Another test for auto-CC on the component |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by bugdroid1@chromium.org
, Dec 23 2016