Regression: --unsafely-treat-insecure-origin-as-secure broken in Chrome 63 |
||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Steps to reproduce the problem: This problem was discovered during web development while testing a service worker. The service worker cannot be registered due to this problem. 1. start the browser with the flag enabled, say for 'http://abc:123' 2. navigate to server at http://abc:123, which should attempt to register a service worker 3. service worker registration fails with the error: DOMException: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV). What is the expected behavior? Service worker registration should succeed when chrome is started with the flag What went wrong? the error message is: DOMException: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV). Did this work before? Yes 62 (sub-version unknown) Chrome version: 63.0.3239.84 Channel: n/a OS Version: Flash Version: This flag is the recommended solution for service worker debugging when localhost isn't available: https://www.chromium.org/blink/serviceworker/service-worker-faq
,
Dec 7 2017
I am having the same issue (with getUserMedia) on 63.0.3239.84. I do see the yellow bar at the top, window.isSecureContext returns false.
,
Dec 7 2017
Re #2: Can you share your exact command line and a screenshot of your test window?
,
Dec 7 2017
I can reproduce this on Chrome 63 but not 62 or 65. It looks like we end up in a weird state where the browser thinks the origin is secure but the renderer does not. e.g. chrome.exe --unsafely-treat-insecure-origin-as-secure=http://permission.site Then navigate to permission.site and click "Notification". The frame pops the "Do you want to allow notifications?" prompt, while the DevTools show that Notification is deprecated from non-secure contexts.
,
Dec 7 2017
I've been unable to bisect this, as the flag seems to work fine when bisecting. This probably should not block M63 rollout insofar as this is a fairly obscure flag used by developers only.
,
Dec 7 2017
Not repro in Chrome 64 Dev either.
,
Dec 11 2017
+vogelheim@, who might have ideas since he's been looking at this code recently.
,
Dec 11 2017
#7: No grand ideas, other than that recently there've been several changes in that general area. #5 + #6: For me, this reproduces cleanly on the M63 Chrome release, but not on a locally built version using the M63 branch point. So... either this was introduces on the release branch itself (and the branch does contain some changes to relevant files, although they look harmless), or this would be one of the rare cases where the Chrome build differs from the Chromium build. I'll update the bug if I can confirm/deny either theory.
,
Dec 11 2017
- ToT: ok (does not reproduce) - adb61db19020: M63 branch base: ok (does not reproduce) - 0f53a5abc7a4: M63 branch head: broken (does reproduce) My conclusion is that the bug was introduced on the release branch. That's consistent with the observations in #0, #2, #4, #6, where it's working on all other releases. I'm not sure what to do with that info, though.... In particular, I don't know the answers to: - Is this worth a re-spin of the M63, and - might this bug affect other functionality (and the --unsafely-... switch is merely where it surfaced first)?
,
Dec 11 2017
This looks suspicious: https://chromium.googlesource.com/chromium/src/+/e782cd2ad2e04d16a01b0a5d093f0dbcb125b005%5E%21/#F1 if (IsAutoReloadEnabled()) @@ -1779,6 +1789,7 @@ switches::kForcePNaClSubzero, #endif switches::kForceUIDirection, + switches::kIsolateOrigins, switches::kJavaScriptHarmony, switches::kOriginTrialDisabledFeatures, switches::kOriginTrialDisabledTokens, @@ -1790,7 +1801,7 @@ switches::kProfilingFile, switches::kProfilingFlush, switches::kReaderModeHeuristics, - switches::kUnsafelyTreatInsecureOriginAsSecure, + switches::kSitePerProcess, translate::switches::kTranslateSecurityOrigin, };
,
Dec 11 2017
I suspect the switches::kUnsafelyTreatInsecureOriginAsSecure removal from ChromeContentBrowserClient::AppendExtraCommandLineSwitches in #10 was caused by the cherry pick which accidentally picked up only one piece of https://chromium.googlesource.com/chromium/src/+/976f1c2cc31bf8a9b02ce776c60c62dbbd22163d%5E%21/#F0 which had landed in the interim.
,
Dec 11 2017
Won't Fixing after discussing with the M63 Release owners. Workarounds for developers: - Update to Chrome 64 Dev or Chrome 65 Canary, which do not have this bug. - Deploy HTTPS on your test sites
,
Dec 11 2017
Arg, I was afraid this might happen. I even brought it up with vogelheim at the time, but it seemed OK to us then. Sigh.
,
Dec 12 2017
#13: Oh. Yeah, I totally didn't see that. In uplifting news, there is now (post-M63) an end-to-end browsertest which tests this feature from command-line (or policy) to the loaded page, so this particular thing isn't going to happen again. Ref: https://cs.chromium.org/chromium/src/chrome/browser/secure_origin_whitelist_browsertest.cc
,
Dec 12 2017
reproduction / demo https://github.com/bdirito/c63unsafe
,
Dec 14 2017
Issue 794461 has been merged into this issue.
,
Dec 19 2017
Issue 793248 has been merged into this issue.
,
Dec 21 2017
Issue 796158 has been merged into this issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by elawrence@chromium.org
, Dec 7 2017Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Owner: elawrence@chromium.org
Status: Assigned (was: Unconfirmed)