New issue
Advanced search Search tips

Issue 786563 link

Starred by 1 user
Status: Fixed
Owner:
est...@chromium.org
Closed: Nov 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

BUILD_NOT_TIMELY causes Expect-CT reports if it's the first time the header was seen

Project Member Reported by est...@chromium.org, Nov 17 2017 
When an Expect-CT header is seen on a non-compliant connection and we don't already have Expect-CT state for that host, we send an Expect-CT report to notify the site owner that their site is misconfigured. However, we consider nontimely builds to be "non-compliant" in this check, which is a bug: we should only send a report if the connection truly violates CT policy.
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dee5d8065af59da1ede0d2585eb1244a9f4b8d0d

commit dee5d8065af59da1ede0d2585eb1244a9f4b8d0d
Author: Emily Stark <estark@google.com>
Date: Sat Nov 18 06:38:25 2017

Do not send Expect-CT reports on old builds

When processing an Expect-CT header, we send a report if it's received over a
non-compliant connection. An old build shouldn't be considered non-compliant in
this check: we're only interested in notifying site owners about server-side
misconfigurations that cause non-compliance.

Bug:  786563 
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: Id9cf7941325fee1b58f15dc6b1a033ae1bf5471d
Reviewed-on: https://chromium-review.googlesource.com/777883
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517707}
[modify] https://crrev.com/dee5d8065af59da1ede0d2585eb1244a9f4b8d0d/net/http/transport_security_state.cc
[modify] https://crrev.com/dee5d8065af59da1ede0d2585eb1244a9f4b8d0d/net/http/transport_security_state_unittest.cc

Comment 2 by est...@chromium.org, Nov 18 2017

Status: Fixed (was: Started)

Sign in to add a comment