Expect-CT headers only parsing first directive |
||||||
Issue descriptionBecause Expect-CT syntax is comma-separated directives, EnumerateHeader is only returning the first value in the header, not the whole header value. We should be enumerating all the values and/or mark Expect-CT as a non-coalescing header.
,
Aug 9 2017
,
Aug 9 2017
Requesting a merge to M61. This is a one-line bug fix. I've verified the fix on canary and it's covered by two kinds of automated tests. I think it's a low-risk merge because the code change is very small and because the whole feature is gated by a Finch kill-switch.
,
Aug 9 2017
This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 9 2017
Approving merge to M61 branch 3163 based on comment #3. Please merge ASAP. Thank you.
,
Aug 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/87c7bb72b2637c59596f0848cbaa62b6a13fe330 commit 87c7bb72b2637c59596f0848cbaa62b6a13fe330 Author: Emily Stark <estark@google.com> Date: Wed Aug 09 23:05:48 2017 Use GetNormalizedValue() to retrieve Expect-CT header value Due to a shameful test coverage oversight on my part :( Expect-CT headers weren't being enumerated properly. Because the syntax is comma-separated directives, EnumerateHeader() was returning only the first directive. This change uses GetNormalizedValue() to retrieve the header value instead. This returns the full list of comma-separated directives, and it also combines multiple header values into one as the spec intends, such that Expect-CT: max-age=100 Expect-CT: enforce is treated identically to Expect-CT: max-age=100,enforce. TBR=estark@google.com (cherry picked from commit 4cfecf07805e123971a82353bd619785107682b2) Bug: 752358 Change-Id: I6b8dd78c706925a1367e9978e3986e3c29ccbd46 Reviewed-on: https://chromium-review.googlesource.com/601441 Reviewed-by: Matt Mueller <mattm@chromium.org> Commit-Queue: Emily Stark <estark@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#492484} Reviewed-on: https://chromium-review.googlesource.com/608871 Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/branch-heads/3163@{#412} Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528} [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/chrome/browser/ssl/chrome_expect_ct_reporter_browser_tests.cc [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/BUILD.gn [add] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/data/url_request_unittest/expect-ct-header-multiple.html [add] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/data/url_request_unittest/expect-ct-header-multiple.html.mock-http-headers [add] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/data/url_request_unittest/expect-ct-header-preload.html [add] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/data/url_request_unittest/expect-ct-header-preload.html.mock-http-headers [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/data/url_request_unittest/expect-ct-header.html.mock-http-headers [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/http/transport_security_state.h [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/url_request/url_request_http_job.cc [modify] https://crrev.com/87c7bb72b2637c59596f0848cbaa62b6a13fe330/net/url_request/url_request_unittest.cc |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by bugdroid1@chromium.org
, Aug 8 2017