Referrer-Policy header parsing should fail if a token is invalid |
||
Issue descriptionAs of https://github.com/w3c/webappsec-referrer-policy/commit/380d752a0194aaa95be1784c3cf27e4a54233822, the Referrer-Policy header grammar ignores unknown alphabetic policy tokens, but parsing should fail if the header does not match the grammar. In particular, Referrer-Policy: origin, not-a-valid-token should result in a policy of 'origin', but Referrer-Policy: origin, not a valid token will fail because "not a valid token" does not match `extension-token` in the ABNF grammar.
,
Nov 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/87e8c1785c682ed6fd83e0c9cf97cc4f359385db commit 87e8c1785c682ed6fd83e0c9cf97cc4f359385db Author: Jochen Eisinger <jochen@chromium.org> Date: Wed Nov 15 06:20:53 2017 Treat invalid tokens in referrer policy headers as errors This brings us in sync with https://github.com/w3c/webappsec-referrer-policy/commit/380d752a0194aaa95be1784c3cf27e4a54233822 R=estark@chromium.org BUG= 705950 Change-Id: I607c1a8c1d3c68c6016d115bd8a0a225e7602840 Reviewed-on: https://chromium-review.googlesource.com/769807 Reviewed-by: Emily Stark <estark@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#516604} [modify] https://crrev.com/87e8c1785c682ed6fd83e0c9cf97cc4f359385db/third_party/WebKit/Source/platform/weborigin/SecurityPolicy.cpp [modify] https://crrev.com/87e8c1785c682ed6fd83e0c9cf97cc4f359385db/third_party/WebKit/Source/platform/weborigin/SecurityPolicyTest.cpp
,
Nov 15 2017
|
||
►
Sign in to add a comment |
||
Comment 1 by est...@chromium.org
, Nov 10 2017