SignedExchangeHandler can cause browser-side DoS |
||
Issue descriptionCurrently SignedExchangeHandler stores the all response body to |original_body_string_|. This can cause browser-side DoS. We must fix it before shipping.
,
Jun 7 2018
Now Signed Exchange uses simpler envelope format which does not require stream parsing, and browser bounds the maximum header size. I think we can close this. |
||
►
Sign in to add a comment |
||
Comment 1 by horo@chromium.org
, Feb 23 2018