Issue metadata
Sign in to add a comment
|
Hook up OnCancelURLRequestWithPolicyViolatingReferrerHeader to the network service |
||||||||||||||||||||||||
Issue descriptionCurrently, the NetworkService doesn't cancel requests with policy violating headers (The default NetworkDelegate implementation of the method returns false). I'm not sure if we still want to record metrics or a "dump withotu crashing" crash dump of the network service in this case.
,
Jun 14 2018
I don't think we want a compromised renderer process to be able to crash the network process.
,
Jun 14 2018
,
Jun 14 2018
true. Well, so here's the issue. Every now and then, somebody commits code that incorrectly uses referrers, e.g., sending a https referrer to an http request. And typically, they didn't write tests for this, so a DCHECK() doesn't trigger. This DumpWithoutCrashing thing has been quite effective in finding those anyways. I mean, we could just strip incorrect referrers, but it feels to odd to have code that just blindly corrects bugs without leaving any trace
,
Jun 14 2018
I'm completely fine with keeping the DCHECK, if it's useful. Just wanted confirmation that we should be keeping it. We could even consider moving the logic into the mojo serialization code for the ResourceRequest, if we wanted, so we'd have a call stack in the consumer process.
,
Jun 14 2018
Erm...Keeping the DCHECK == keeping the DumpWithoutCrashing.
,
Jun 15 2018
,
Jun 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/10e6cadecfcf0a58ce2a2240e88180d96ec303d9 commit 10e6cadecfcf0a58ce2a2240e88180d96ec303d9 Author: Matt Menke <mmenke@chromium.org> Date: Wed Jun 20 12:54:20 2018 NetworkService: Make requests with bad referrers fail. This moves logic for this case from ChromeNetworkDelegate to NetworkContext's NetworkDelegate, and adds a Mojo parameter to cause requests with bad referrers to fail (enabled by default). Also removes the action Net.URLRequest_StartJob_InvalidReferrer rather than moving it, as it was unowned. Bug: 852871 Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;luci.chromium.try:linux_mojo;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: I9d6d55157ba28e2b12ca7136b78330100a8673aa Reviewed-on: https://chromium-review.googlesource.com/1103119 Reviewed-by: Gayane Petrosyan <gayane@chromium.org> Reviewed-by: David Roger <droger@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#568807} [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/chrome/browser/net/chrome_network_delegate.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/chrome/browser/net/network_context_configuration_browsertest.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/ios/chrome/browser/net/ios_chrome_network_delegate.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/net/base/layered_network_delegate.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/net/base/layered_network_delegate.h [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/net/base/layered_network_delegate_unittest.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/services/network/network_context.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/services/network/network_context_unittest.cc [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/services/network/public/mojom/network_context.mojom [modify] https://crrev.com/10e6cadecfcf0a58ce2a2240e88180d96ec303d9/tools/metrics/actions/actions.xml
,
Jun 20 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by jochen@chromium.org
, Jun 14 2018