New issue
Advanced search Search tips

Issue 824209 link

Starred by 2 users
Status: Fixed
Owner:
lizeb@chromium.org
Closed: May 2018
Cc:
jam@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug

Blocking:
issue 816837



Sign in to add a comment

Check that detached requests cached responses cannot be used without a SafeBrowsing check.

Project Member Reported by lizeb@chromium.org, Mar 21 2018 
Add tests to ensure this.

Comment 1 by jam@chromium.org, Mar 22 2018

Cc: jam@chromium.org
btw another option might be to set net::LOAD_DISABLE_CACHE so that these requests, which shouldn't have a body as they're not shown, don't get into the cache.

Comment 2 by lizeb@chromium.org, Mar 22 2018

Status: Started (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 23 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b574931e92b0a101e6201ee4dcab958f32721c0d

commit b574931e92b0a101e6201ee4dcab958f32721c0d
Author: Benoit Lize <lizeb@chromium.org>
Date: Fri Mar 23 10:49:45 2018

customtabs: Check that detached requests cannot be used to avoid SafeBrowsing.

Detached resource requests don't go through SafeBrowsing during the
initial fetch. This ensures that the checks are done when the cached
response is about to be used in a page.

Bug:  816837 ,  824209 
Change-Id: Ibac43bff9f3dfb211f1f05f8fabfda1d556e93f0
Reviewed-on: https://chromium-review.googlesource.com/975562
Reviewed-by: Bernhard Bauer <bauerb@chromium.org>
Commit-Queue: Benoit L <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545400}
[modify] https://crrev.com/b574931e92b0a101e6201ee4dcab958f32721c0d/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/DetachedResourceRequestTest.java
[modify] https://crrev.com/b574931e92b0a101e6201ee4dcab958f32721c0d/chrome/browser/android/customtabs/detached_resource_request.h
[modify] https://crrev.com/b574931e92b0a101e6201ee4dcab958f32721c0d/chrome/browser/android/customtabs/detached_resource_request_unittest.cc
Project Member

Comment 4 by bugdroid1@chromium.org, May 16 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45cdf7fca420476da4fdadebebeda2b1607e4af1

commit 45cdf7fca420476da4fdadebebeda2b1607e4af1
Author: Benoit Lize <lizeb@chromium.org>
Date: Wed May 16 16:13:03 2018

customtabs: Test that detached requests cannot avoid SafeBrowsing for subresources.

This is a follow-up to https://chromium-review.googlesource.com/975562,
testing subresources as well.

Bug:  824209 
Change-Id: Ie8ebe5d105bfd266f7f99e5851bdabc8f0323540
Reviewed-on: https://chromium-review.googlesource.com/1060033
Commit-Queue: Benoit L <lizeb@chromium.org>
Reviewed-by: Bernhard Bauer <bauerb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559127}
[modify] https://crrev.com/45cdf7fca420476da4fdadebebeda2b1607e4af1/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/DetachedResourceRequestTest.java
[add] https://crrev.com/45cdf7fca420476da4fdadebebeda2b1607e4af1/chrome/test/data/android/cacheable_subresource.html

Comment 5 by lizeb@chromium.org, May 16 2018

Status: Fixed (was: Started)

Sign in to add a comment