New issue
Advanced search Search tips

Issue 788491 link

Starred by 1 user
Status: Duplicate
Merged: issue 892337
Owner:
mmenke@chromium.org
Closed: Oct 4
Cc:
yhirano@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

In case of duplicate MIME type parameters, consider using the first

Project Member Reported by annevank...@gmail.com, Nov 25 2017 
See https://github.com/whatwg/mimesniff/issues/41 for context. https://github.com/whatwg/mimesniff/issues/42 has an overview of the testing situation.

Basically, given

  text/html;charset=utf-8;charset=gbk

I'd like all browsers to align on using UTF-8.

Comment 1 by mmenke@chromium.org, Nov 27 2017

Components: -Internals>Network Internals>Network>HTTP
My feeling is that for multiple distinct headers that conflict, we should generally go with the first (When we can't just fail the request), as at least a partial mitigation against response-splitting attacks.  While that logic doesn't really apply to semi-colon delimited lists, it would be consistent to prefer the first, so I think this is a reasonable direction to go in.

Comment 2 by yhirano@chromium.org, Nov 28 2017

Cc: yhirano@chromium.org
Components: Blink>Network

Comment 3 by krajshree@chromium.org, Nov 29 2017

Labels: Needs-Milestone

Comment 4 by krajshree@chromium.org, Nov 30 2017

Labels: Triaged-ET TE-NeedsTriageHelp
The issue seems to be out of TE-scope as it is related to MIME type parameters. Hence, adding label TE-NeedsTriageHelp for further investigation from dev team.

Thanks...!!

Comment 5 by ricea@chromium.org, Jan 12 2018

Status: Available (was: Unconfirmed)

Comment 6 by mmenke@chromium.org, Mar 14 2018

Owner: mmenke@chromium.org
Status: Assigned (was: Available)

Comment 7 by efoo@chromium.org, Jul 6

Components: Internals>Network

Comment 8 by efoo@chromium.org, Jul 6

Components: -Internals>Network>HTTP

Comment 9 by mmenke@chromium.org, Oct 4

Mergedinto: 892337
Status: Duplicate (was: Assigned)
Project Member

Comment 10 by bugdroid1@chromium.org, Oct 5 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5518c1a563526f51674feb28bfedd527e1c94072

commit 5518c1a563526f51674feb28bfedd527e1c94072
Author: Matt Menke <mmenke@chromium.org>
Date: Fri Oct 05 22:03:19 2018

Content-Type parser: Update to more closely match latest WHATWG spec.

The latest spec can be found at https://mimesniff.spec.whatwg.org/

In particular, this CL makes the parser:
* Trim whitespace within quotes.
* Not ignore first "(" in a charset or anything after it.
* Allow quoted empty strings.
* Prefer values closed to the beginning of the string.

This makes a number of previously failing WPT layout tests pass,
though there still remain some deviations from the spec:
* When there are multiple Content-Type lines, we use the last.
* We don't restrict the characters we allow in Content-Type fields.
* We trim whitespace before the first quote characters (The spec
  indicates that if there's a space after the "=", it's treated as a
  non-quoted string).

Bug:  788491 ,  772343 
Change-Id: Ieeb11eb76d824a9df5130d8c5dc0be3b442ca366
Reviewed-on: https://chromium-review.googlesource.com/c/1257443
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Asanka Herath <asanka@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597331}
[modify] https://crrev.com/5518c1a563526f51674feb28bfedd527e1c94072/net/http/http_response_headers_unittest.cc
[modify] https://crrev.com/5518c1a563526f51674feb28bfedd527e1c94072/net/http/http_util.cc
[modify] https://crrev.com/5518c1a563526f51674feb28bfedd527e1c94072/net/http/http_util_unittest.cc
[modify] https://crrev.com/5518c1a563526f51674feb28bfedd527e1c94072/third_party/WebKit/LayoutTests/external/wpt/mimesniff/mime-types/charset-parameter.window-expected.txt

Sign in to add a comment