Issue 719096 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	yus...@chromium.org
Closed:	May 2017
Cc:	palmer@chromium.org
Components:	UI>Browser>Mobile>CustomTabs
EstimatedDays:	----
NextAction:	----
OS:	Android
Pri:	2
Type:	Bug
Security

Restrict DAL statements to HTTPS only

Project Member Reported by sbirch@chromium.org, May 5 2017

Issue description

We should only accept statements which were served over HTTPS.

Project Member

Comment 1 by bugdroid1@chromium.org, May 22 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fd352340a07c78ff117285aadcac01ac5af2aab1

commit fd352340a07c78ff117285aadcac01ac5af2aab1
Author: yusufo <yusufo@chromium.org>
Date: Mon May 22 23:15:54 2017

Early reject non-https origins for postMessage

For security reasons, we only accept https postMessage origins verified
through Digital Asset Links for postMessage. Add a way to early reject
all other origins.

BUG= 719096 

Review-Url: https://codereview.chromium.org/2893483007
Cr-Commit-Position: refs/heads/master@{#473739}

[modify] https://crrev.com/fd352340a07c78ff117285aadcac01ac5af2aab1/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java
[modify] https://crrev.com/fd352340a07c78ff117285aadcac01ac5af2aab1/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java

Comment 2 by yus...@chromium.org, May 23 2017

Status: Fixed (was: Assigned)

►

Issue 719096 link

Issue metadata

Restrict DAL statements to HTTPS only

Issue description

Comment 1 by bugdroid1@chromium.org, May 22 2017

Comment 1 Deleted

Comment 2 by yus...@chromium.org, May 23 2017

Comment 2 Deleted

Sign in to add a comment