Issue metadata
Sign in to add a comment
|
CSP bypass with * host in source expressions |
||||||||||||||||||||||
Issue descriptionChrome Version: 55.0.2883.87 (Official Build) (64-bit) OS: All There is some problems when the CSPSource host-part is "*". For instance when the source-expression is: * "http://*:111" then "http://a.com:222" is allowed. * "http://*/path" then "http://a.com/other-path" is allowed.
,
Jan 22 2017
,
Jan 23 2017
,
Jan 23 2017
,
Jan 23 2017
,
Jan 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8a8b6c2b28a210ca37a500d7e95572ce6126994d commit 8a8b6c2b28a210ca37a500d7e95572ce6126994d Author: arthursonzogni <arthursonzogni@chromium.org> Date: Mon Jan 23 18:37:47 2017 ContentSecurityPolicy: Fix bug when CSPSource host-part = "*" There were two problems. The first one was that when the host-part was "*" then CSPSource::IsSchemeOnly() returned true, even if there was a path or a port to enforce. For instance when source-expression = 'http://*:111' then 'http://a.com:222' was allowed. The second problem was that in CSPSource::hostmatches(), the host-part == '*' case was not handled. This patch adds tests for these special cases. BUG= 682673 Review-Url: https://codereview.chromium.org/2646773002 Cr-Commit-Position: refs/heads/master@{#445417} [modify] https://crrev.com/8a8b6c2b28a210ca37a500d7e95572ce6126994d/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp [modify] https://crrev.com/8a8b6c2b28a210ca37a500d7e95572ce6126994d/third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp
,
Jan 24 2017
,
Jan 24 2017
,
May 2 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 7 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by arthurso...@chromium.org
, Jan 19 2017