New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 874323 link

Starred by 1 user
Status: Fixed
Owner:
ksakamoto@chromium.org
Closed: Aug 28
Cc:
twif...@chromium.org
kinuko@chromium.org
kouhei@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Feature

Blocking:
issue 803774



Sign in to add a comment

Signed Exchange: Redirect on verification failure

Project Member Reported by ksakamoto@chromium.org, Aug 15 
Currently, error page (ERR_INVALID_SIGNED_EXCHANGE) is shown in the following situations:

1. sxg header parse error
2. sxg version mismatch
3. cert fetch failure
4. cert parse failure
5. cert verification failure
6. signature verification failure

For 3-6, we should redirect to the signed exchange's request URL instead of showing an error.
(Note: we shouldn't do it for sxg prefetch.)

Once https://github.com/WICG/webpackage/issues/242 is resolved, we would be able to do it for 2. (version mismatch) too.

Comment 1 by kinuko@chromium.org, Aug 15

Cc: twif...@chromium.org

Comment 2 by kinuko@chromium.org, Aug 16

Labels: SignedExchange-b2
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 21 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21ab4ad26638ec67a769cdb68c0f2fc1580e927a

commit 21ab4ad26638ec67a769cdb68c0f2fc1580e927a
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Tue Aug 21 10:26:21 2018

Signed Exchange: Redirect on verification failure

Before this patch, navigation to a signed exchange failed with
ERR_INVALID_SIGNED_EXCHANGE if an error occurred in the cert / signature
verification steps.

After this patch, signed exchange errors that happened after the header
parsing will cause a redirect to the inner URL of the exchange.

Bug:  874323 
Change-Id: Ie494df2f69383dcb3e70145d8c8e9b72616aed80
Reviewed-on: https://chromium-review.googlesource.com/1177287
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#584708}
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/loader/navigation_url_loader_impl.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_loader.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_loader.h
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_prefetch_handler.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_request_handler.cc
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/test/data/sxg/fallback.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/test/data/sxg/generate-test-sxgs.sh
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/content/test/data/sxg/test.example.com_invalid_test.sxg
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-cert-not-found-expected.txt
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-disable-cache.js
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-navigation-expected.txt
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-navigation-expired-expected.txt
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-prefetch.js
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/fallback-to-another-sxg.html
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/failure.html
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/fallback-to-another-sxg.sxg
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/generate-test-sxgs.sh
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/inner-url.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-cert-not-found.sxg
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-invalid-validity-url.sxg
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-location.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/resources/sxg-location.sxg
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-expired.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location-fragment.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location-origin-trial.html
[modify] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location.html
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial/http/tests/loading/sxg/fallback-to-another-sxg-expected.txt
[add] https://crrev.com/21ab4ad26638ec67a769cdb68c0f2fc1580e927a/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial/http/tests/loading/sxg/sxg-expired-expected.txt
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 28 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af

commit eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af
Author: Kouhei Ueno <kouhei@chromium.org>
Date: Tue Aug 28 02:50:11 2018

SignedExchange: Extract fallbackUrl and redirect for sxgs which magic string are invalid.

Before this CL, SignedExchangeHandler aborted parsing immediately when
the stream did not have correct magic string.

After this CL, SignedExchangeHandler will not stop parsing on invalid magic
string, and attempt to extract fallbackUrl. With this change, navigating to
a sxg with invalid magic string will redirect to its fallbackUrl as long as
it is valid.

Bug: 803774,  874323 ,  876968 
Change-Id: Ib903854f0a80437acd05e1fa6b9e71b759aa4c35
Reviewed-on: https://chromium-review.googlesource.com/1187855
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#586555}
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/browser/web_package/signed_exchange_handler.h
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/browser/web_package/signed_exchange_loader.cc
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/test/data/sxg/generate-test-sxgs.sh
[add] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/test/data/sxg/test.example.org_test_invalid_magic_string.sxg
[add] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/content/test/data/sxg/test.example.org_test_invalid_magic_string.sxg.mock-http-headers
[modify] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-invalid-validity-url.html
[add] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial-with-network-service/http/tests/loading/sxg/sxg-invalid-validity-url-expected.txt
[add] https://crrev.com/eef241f6fdf6b7b93f4617cea1ea2f43abf0b3af/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial/http/tests/loading/sxg/sxg-invalid-validity-url-expected.txt
Project Member

Comment 5 by bugdroid1@chromium.org, Aug 28 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/44900507c9c66d312f17f0d908f51e32f0e4c186

commit 44900507c9c66d312f17f0d908f51e32f0e4c186
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Tue Aug 28 06:15:15 2018

SignedExchange: Fallback redirect on unsupported versions of content-type

Before this CL, SignedExchangeHandler did not parse signed exchanges
when the v= parameter of content type was invalid.

After this CL, SignedExchangeHandler will parse the signed exchange
prologue even if content type indicates an unsupported version, and will
redirect to the sxg's fallbackUrl as long as it is valid.

Bug: 803774,  874323 ,  876968 
Change-Id: I7f890f439c25b8591f0d741fa6257282f791cdf1
Reviewed-on: https://chromium-review.googlesource.com/1192472
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#586594}
[modify] https://crrev.com/44900507c9c66d312f17f0d908f51e32f0e4c186/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/44900507c9c66d312f17f0d908f51e32f0e4c186/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
[modify] https://crrev.com/44900507c9c66d312f17f0d908f51e32f0e4c186/content/test/data/sxg/generate-test-sxgs.sh
[modify] https://crrev.com/44900507c9c66d312f17f0d908f51e32f0e4c186/content/test/data/sxg/test.example.org_test_invalid_content_type.sxg

Comment 7 by ksakamoto@chromium.org, Aug 28

Status: Fixed (was: Assigned)

Sign in to add a comment