New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 692449 link

Starred by 2 users
Status: Verified
Owner:
andypaicu@chromium.org
Last visit > 30 days ago
Closed: Jun 2017
Cc:
mkwst@chromium.org
alex...@chromium.org
arthurso...@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

CSP - Possible problems when CSP's origin is unique.

Project Member Reported by arthurso...@chromium.org, Feb 15 2017 
A test is documenting this behavior:
https://codereview.chromium.org/2694233002/

If:
1) The origin is unique
2) The CSP source-expression doesn't specify a scheme, for instance "a.com"

Then the CSP doesn't allow any the request.

Why?
When the origin is unique, origin.protocol() == "".
When the source-expression doesn't specify a scheme, the url scheme must be checked against the origin scheme.

Comment 1 by mkwst@chromium.org, Feb 21 2017

Owner: andypaicu@chromium.org
Status: Assigned (was: Untriaged)
Hi, Andy.

Comment 2 by andypaicu@chromium.org, Feb 22 2017

Status: Started (was: Assigned)

Comment 3 by elcachor...@gmail.com, Feb 23 2017 

El

El 22 feb. 2017 2:15 AM, "andypa… via monorail" <
monorail+v2.246090068@chromium.org> escribió:
Project Member

Comment 4 by bugdroid1@chromium.org, Feb 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9ad590d1e5dd205d13f39a6bff4795732d3be55a

commit 9ad590d1e5dd205d13f39a6bff4795732d3be55a
Author: andypaicu <andypaicu@chromium.org>
Date: Fri Feb 24 10:25:40 2017

Investigated cause of failing tests for non-standard-scheme matching

Turns out it's caused by incorrect url parsing. The host is returned as ""
in this particular scenario. Raised bug for this.

BUG= 692449 , 694959 

Review-Url: https://codereview.chromium.org/2705193003
Cr-Commit-Position: refs/heads/master@{#452787}

[modify] https://crrev.com/9ad590d1e5dd205d13f39a6bff4795732d3be55a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Comment 5 by andypaicu@chromium.org, Feb 24 2017

Status: Verified (was: Started)

Comment 6 by battre@chromium.org, Jun 20 2017

Status: Assigned (was: Verified)
Note that navigating to https://www.facebook.com now crashes the renderer in a DCHECK.

[1:1:0620/162057.099950:FATAL:csp_source_list.cc(32)] Check failed: !allow_star || (!allow_self && sources.empty()). 
#0 0x7f6af5e7528b base::debug::StackTrace::StackTrace()
#1 0x7f6af5e73f8c base::debug::StackTrace::StackTrace()
#2 0x7f6af5ee8473 logging::LogMessage::~LogMessage()
#3 0x7f6aee503a61 content::CSPSourceList::CSPSourceList()
#4 0x7f6af0254a78 content::BuildCSPSourceList()
#5 0x7f6af0254ae9 content::BuildCSPDirective()
#6 0x7f6af0254be0 content::BuildContentSecurityPolicy()
#7 0x7f6af03f7c7a content::RenderFrameImpl::DidAddContentSecurityPolicies()
#8 0x7f6ae0542e89 blink::LocalFrameClientImpl::DidAddContentSecurityPolicies()
#9 0x7f6ae442ee7b blink::ContentSecurityPolicy::ReportAccumulatedHeaders()
#10 0x7f6ae4b9d1d2 blink::DocumentLoader::DidCommitNavigation()
#11 0x7f6ae4b9b923 blink::DocumentLoader::InstallNewDocument()
#12 0x7f6ae4b9b37f blink::DocumentLoader::EnsureWriter()
#13 0x7f6ae4b9999a blink::DocumentLoader::CommitData()
#14 0x7f6ae4b9bf12 blink::DocumentLoader::ProcessData()
#15 0x7f6ae4b9bdb4 blink::DocumentLoader::DataReceived()
#16 0x7f6ae285fa05 blink::RawResource::AppendData()
#17 0x7f6ae289ae1f blink::ResourceLoader::DidReceiveData()
#18 0x7f6aee384e5a content::WebURLLoaderImpl::Context::OnReceivedData()
#19 0x7f6aee385993 content::WebURLLoaderImpl::RequestPeerImpl::OnReceivedData()
#20 0x7f6aee370e77 content::URLResponseBodyConsumer::OnReadable()
#21 0x7f6aee36ca09 content::URLLoaderClientImpl::OnStartLoadingResponseBody()
#22 0x7f6aee585287 content::ThrottlingURLLoader::OnStartLoadingResponseBody()
#23 0x7f6aee67b25b content::mojom::URLLoaderClientStubDispatch::Accept()
#24 0x7f6aee588243 content::mojom::URLLoaderClientStub<>::Accept()
#25 0x7f6af2bbfd62 mojo::InterfaceEndpointClient::HandleValidatedMessage()
#26 0x7f6af2bbf6b1 mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept()
#27 0x7f6af2bbd515 mojo::FilterChain::Accept()
#28 0x7f6af2bc17f1 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#29 0x7f6af2bd6b34 mojo::internal::MultiplexRouter::ProcessIncomingMessage()
#30 0x7f6af2bd633c mojo::internal::MultiplexRouter::Accept()
#31 0x7f6af2bbd515 mojo::FilterChain::Accept()
#32 0x7f6af2bb1ac2 mojo::Connector::ReadSingleMessage()
#33 0x7f6af2bb2827 mojo::Connector::ReadAllAvailableMessages()
#34 0x7f6af2bb25ee mojo::Connector::OnHandleReadyInternal()
#35 0x7f6af2bb24cb mojo::Connector::OnWatcherHandleReady()

Comment 7 by arthurso...@chromium.org, Jun 20 2017 

@battre. Thanks for the report. I introduced this DCHECK in:
https://codereview.chromium.org/2937503002/
I will take a look.

Comment 8 by arthurso...@chromium.org, Jun 20 2017

Status: Verified (was: Assigned)
I made a mistake. This CL https://codereview.chromium.org/2944373002/ will revert the DCHECK.
It is not related to this issue. So I created a new bug entry in  https://crbug.com/735049 .

Sign in to add a comment