Network Error Logging: Handle errors in different phases differently |
||
Issue descriptioncf https://github.com/w3c/network-error-logging/issues/74 and https://github.com/w3c/network-error-logging/pull/83 The NEL spec now only allows include_subdomains policies to be used to generate reports about DNS errors, and not about errors in later stages of processing a request. It also requires the server IP of the request and the IP address that the policy was received on to match — if they don't, the report is "downgraded" to only include information about DNS resolution. (This prevents DNS rebinding attacks, where an attacker delivers a NEL policy for an origin they control, and then switches DNS to resolve that origin to a server they don't control. With this IP address check, that would allow the attacker to use NEL to probe for information about that server.)
,
Jul 16
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada commit 4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada Author: Douglas Creager <dcreager@chromium.org> Date: Mon Jul 16 23:42:25 2018 Network Error Logging: Downgrade reports when IP addresses don't match When we make a request to a server that's different than the server that delivered the NEL policy, we now have to "downgrade" the report to only include information that's available during DNS resolution. Bug: 862188 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Ied45aecbab00d9041a77cf7cf1f6e830726f6716 Reviewed-on: https://chromium-review.googlesource.com/1136031 Commit-Queue: Douglas Creager <dcreager@chromium.org> Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Misha Efimov <mef@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#575483} [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/content/browser/browsing_data/browsing_data_remover_impl_unittest.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/network_error_logging/network_error_logging_service.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/network_error_logging/network_error_logging_service.h [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/network_error_logging/network_error_logging_service_unittest.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/url_request/url_request.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/url_request/url_request_http_job.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/net/url_request/url_request_unittest.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/services/network/network_context_unittest.cc [modify] https://crrev.com/4d1ef843b0c21ccfceb5f98ca4abf69a3c454ada/tools/metrics/histograms/enums.xml
,
Jul 27
|
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Jul 15