Make cross-site document blocking deterministic when sniffing |
|||
Issue descriptionThe document blocking logic for Site Isolation added in r522016 has a flaw where the sniffing logic can fail to confirm a response is HTML, XML, or JSON if the first read from the network is too small to sniff. This is problematic, because it will allow the renderer to receive responses that would have otherwise been blocked if we'd read more data. (This is not a problem for responses with a nosniff header.) Note that this bug explains the flakiness observed in issue 794883, since the original test case there was missing a nosniff header. This is somewhat challenging to fix in ResourceHandlers because of the complexity of buffering the response.
,
Dec 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4e4a85fed62e5744877dac849ba08693a417d587 commit 4e4a85fed62e5744877dac849ba08693a417d587 Author: Nick Carter <nick@chromium.org> Date: Tue Dec 19 07:17:15 2017 CrossSiteDocumentResourceHandler: network-independent mime type sniffing Enhance the mime sniffers used by CrossSiteDocumentResourceHandler to expose an "maybe" result in addition to "yes" and "no". This indeterminate result, for example, would be returned if the first packet contained only "<". If that is followed by "html", it would sniff as HTML; if it were followed by "svg" it would not. In CrossSiteDocumentResourceHandler, if we don't have a definitive answer from the sniffers, keep buffering data until at least net::kMaxBytesToSniff bytes arrive. Additionally, don't sniff beyond net::kMaxBytesToSniff, even if more data is available -- this ensures determinism of the blocking logic, regardless of how the network delivers the stream. In CrossSiteDocumentResourceHandlerTest, modify the TestScenario so that the response body can arrive in multiple chunks, and include an expectation (|verdict_packet|) of which chunk will trigger the decision. Add TestScenarios to cover indeterminate sniffing cases, and empty-response cases. Bug: 795450 Change-Id: I5eaee2bb79c49db206264cc2255608152bd49a71 Reviewed-on: https://chromium-review.googlesource.com/825960 Commit-Queue: Charlie Reis <creis@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#524962} [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/browser/loader/cross_site_document_resource_handler.cc [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/browser/loader/cross_site_document_resource_handler.h [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/browser/loader/cross_site_document_resource_handler_unittest.cc [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/common/cross_site_document_classifier.cc [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/common/cross_site_document_classifier.h [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/common/cross_site_document_classifier_unittest.cc [modify] https://crrev.com/4e4a85fed62e5744877dac849ba08693a417d587/content/renderer/loader/site_isolation_stats_gatherer.cc
,
Dec 27 2017
,
Dec 28 2017
,
Apr 5 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by creis@chromium.org
, Dec 15 2017