New issue
Advanced search Search tips

Issue 851419 link

Starred by 1 user
Status: Fixed
Owner:
yhirano@chromium.org
Closed: Jul 26
Cc:
kinuko@chromium.org
toyoshim@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

blink::ErrorParameters is dangerous

Project Member Reported by yhirano@chromium.org, Jun 11 2018 
It holds bare references (KURL&, String&), and we are storing a stale reference sometimes (see ErrorParameter::Create for example). This is basically an UAF.

Comment 1 by yhirano@chromium.org, Jun 13 2018 

ErrorParameter ErrorParameter::Create(
    const network::CORSErrorStatus& error_status,
    const KURL& first_url,
    const KURL& second_url,
    const int status_code,
    const HTTPHeaderMap& header_map,
    const SecurityOrigin& origin,
    const WebURLRequest::RequestContext context) {
  String hint;  // <========== THIS
  switch (error_status.cors_error) {
    case network::mojom::CORSError::kMethodDisallowedByPreflightResponse:
    case network::mojom::CORSError::kHeaderDisallowedByPreflightResponse:
      DCHECK(!error_status.failed_parameter.empty());
      hint = String(error_status.failed_parameter.c_str());
      break;
    default:
      break;
  }
  return ErrorParameter(error_status.cors_error, first_url, second_url,
                        status_code, header_map, origin, context, hint, false);
}

Comment 2 by ricea@chromium.org, Jun 13 2018 

Maybe we could change the references to pointers? If callers of the constructor had to explicitly use the & operator it might encourage them to think about object lifetimes.
Project Member

Comment 3 by bugdroid1@chromium.org, Jun 13 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/38ff31e97946d17752a0d2db5d74bf98025245c5

commit 38ff31e97946d17752a0d2db5d74bf98025245c5
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Wed Jun 13 07:38:06 2018

Fix a UaF in blink::ErrorParameter

ErrorParameter holds a reference to a stale object. Let's stop doing
that.

Bug:  851419 
Change-Id: I0c91acce7afaceeecdb368f5592417d4a39d8174
Reviewed-on: https://chromium-review.googlesource.com/1098646
Reviewed-by: Adam Rice <ricea@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#566747}
[modify] https://crrev.com/38ff31e97946d17752a0d2db5d74bf98025245c5/third_party/blink/renderer/platform/loader/cors/cors_error_string.h

Comment 4 by yhirano@chromium.org, Jun 13 2018

Labels: -Pri-1 Pri-3
>#2

Maybe. Or we may want to overhaul the pattern. I continue to own this issue in order not to forget about it, but if anyone want to make refactoring changes feel free to assign yourself.

Comment 5 by yhirano@chromium.org, Jun 13 2018

Components: Blink>Loader
Labels: OOR-CORS
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fc0443b140d8511046a73f3b3f093c5f315ef02f

commit fc0443b140d8511046a73f3b3f093c5f315ef02f
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Thu Jul 26 06:41:35 2018

Update CORS error messages

In preparation for out-of-blink CORS, this CL largely updates
CORS error messages.

 1. "Failed to load" is removed from DocumentThreadableLoader, and
    "Access to..." is now used instead, in order to align with
    CORS error messages in ResourceLoader.
 2. We now use "Access to <type> at <last request url> (redirected
    from <initial request url>) from origin <origin> has been blocked
    by CORS policy:" for all CORS error messages. "(redirected from
    <initial request url>)" is omitted when <initial request url> and
    <last request url> are same.
 3. As implied at 2, "Redirect from <redirect src> to <redirect dest>
    has been blocked by CORS policy" is removed.
 4. Http status code is not shown any more.
 5. "Origin <origin> is therefore not allowed access." is redundant,
    so it is removed.

Bug: 736308,  851419 
Change-Id: I1ceeab4a00a5cf4994acc317b792ffacd39db86d
Reviewed-on: https://chromium-review.googlesource.com/1147890
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578221}
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/devtools/console-xhr-logging-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/eventsource-cors-non-http-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/eventsource-cors-redirect-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/workers/eventsource-cors-basic-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/workers/eventsource-cors-non-http-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/workers/eventsource-cors-redirect-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/eventsource/workers/eventsource-cors-with-credentials-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/fetch/chromium/error-messages-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/htmlimports/cors-same-origin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/htmlimports/cross-origin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/htmlimports/import-script-block-crossorigin-dynamic-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-anonymous-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/cross-origin-xhr-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/link-crossorigin-stylesheet-reinserted-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/link-crossorigin-stylesheet-use-credentials-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/preload-script-crossorigin-fails-cross-origin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-fails-cross-origin-2-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-fails-cross-origin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-credentials-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-no-cors-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-onerror-crossorigin-no-cors-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-bad-integrity-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/text-track-crossorigin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-origin-no-credential-prompt-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-sync-2-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/cross-site-denied-response-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/onerror-event-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/ontimeout-event-override-after-failure-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-cross-origin-response-handling-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-preflight-handling-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-redirect-response-handling-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/07-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/08-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/09-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/10-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/11-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/12-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/13-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/14-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/15-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/16-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/17-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/18-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/19-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/20-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/21-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/22-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/23-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/24-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/25-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/26-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/27-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/28-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/29-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/30-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/31-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/32-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/33-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/34-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/35-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/36-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/37-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/38-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/39-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/40-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/41-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/42-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/43-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/44-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/45-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/46-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-exact-matching/47-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-removal-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-async-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/post-blob-content-type-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-2-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-double-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-tripmine-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-sync-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/upload-request-error-event-order-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-sync-no-progress-events-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/platform/linux/virtual/outofblink-cors/http/tests/xmlhttprequest/origin-header-cross-origin-get-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/platform/linux/virtual/outofblink-cors/http/tests/xmlhttprequest/origin-header-same-origin-post-async-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-redirect-response-handling-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-header-cross-origin-get-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-header-cross-origin-post-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/origin-header-same-origin-post-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/redirect-cross-origin-sync-double-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/cross-origin-unsupported-url-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-redirect-response-handling-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/origin-header-cross-origin-post-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/origin-header-same-origin-post-sync-expected.txt
[delete] https://crrev.com/0365d00eadee5c3b30271e36f95fceecc6634c31/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/redirect-cross-origin-sync-double-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/xmlhttprequest/workers/cross-origin-unsupported-url-expected.txt
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/core/loader/threadable_loader.cc
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/core/loader/threadable_loader.h
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/core/loader/threadable_loader_test.cc
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/cors/cors.cc
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/cors/cors.h
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/cors/cors_error_string.h
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/fetch/resource_error.cc
[modify] https://crrev.com/fc0443b140d8511046a73f3b3f093c5f315ef02f/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc

Comment 7 by yhirano@chromium.org, Jul 26

Status: Fixed (was: Assigned)

Sign in to add a comment