Accessing a directory via file:// URL without trailing slash leads to ERR_UNSAFE_REDIRECT
Reported by
anowlcal...@gmail.com,
Sep 14
|
||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.9 Safari/537.36 Steps to reproduce the problem: 1. Open a directory via file:// URL, e.g. on most Linux systems, file:///home/ -- observe that it works fine 2. Navigate to the same directory, but remove the trailing slash from the URL (i.e. file:///home) -- observe that you get an ERR_UNSAFE_REDIRECT error message What is the expected behavior? Accessing a directory via file:// URL should work the same whether or not there's a trailing slash. What went wrong? When accessing a directory via file:// URL, if the URL is missing a trailing slash, a strange error message is displayed. Did this work before? N/A Chrome version: 70.0.3538.9 Channel: dev OS Version: Ubuntu 18.04 Flash Version:
,
Sep 18
Thanks for the report! I can reproduce this problem when the Network Service is enabled (chrome://flags/#network-service).
,
Sep 18
Able to reproduce the issue on reported chrome version 70.0.3538.9 also on latest chrome 71.0.3554.0 using Ubuntu 14.04. Issue not seen on Mac and Windows. Same behavior is seen on M61(61.0.3163.100) hence considering it as non-regression and marking it as Untriaged. NOTE: On M-61 >> Observed blank screen and (is available from M-61 >chrome://flags/#network-service), on latest stable seen crash(attached the same). Thanks!
,
Sep 18
,
Sep 18
,
Sep 19
Review: https://chromium-review.googlesource.com/c/chromium/src/+/1234335
,
Sep 21
is this the same cause as https://bugs.chromium.org/p/chromium/issues/detail?id=887039? can we dupe that one into this bug?
,
Sep 21
Issue 887039 has been merged into this issue.
,
Sep 26
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3 commit 90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3 Author: Chris Mumford <cmumford@google.com> Date: Wed Sep 26 20:10:43 2018 Allow file/filesystem schemes to redirect to same scheme. Relax redirect safety checks, which exist in the network service but were not present in URLRequestJob, to allow the loading of a file/filesystem scheme to redirect to the file/filesystem scheme. One example of a redirect is where the following URL: file:///path/to/directory during reload is redirected to: file:///path/to/directory/ This change also fixes redirects of Windows file links (with network service) as it redirects back to the client before following the redirect. This avoids an infinite recursion bug triggered by circular symbolic links. Bug: 884277 ,887039 Change-Id: I13923fc29397b1d3aa6679d861e9edc3af1c816b Reviewed-on: https://chromium-review.googlesource.com/1234335 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Chris Mumford <cmumford@chromium.org> Cr-Commit-Position: refs/heads/master@{#594450} [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/browser/file_url_loader_factory.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/browser/fileapi/file_system_url_loader_factory.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/browser/frame_host/navigation_request.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/browser/loader/navigation_url_loader_impl.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/public/common/url_utils.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/public/common/url_utils.h [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/public/common/url_utils_unittest.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/renderer/loader/resource_dispatcher.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/renderer/loader/url_loader_client_impl.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/content/renderer/loader/url_loader_client_impl.h [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/extensions/browser/api/web_request/web_request_proxying_url_loader_factory.cc [modify] https://crrev.com/90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3/extensions/browser/api/web_request/web_request_proxying_url_loader_factory.h
,
Sep 26
,
Sep 27
this needs to be merged back to M70. let's wait for canary verification first.
,
Sep 27
This bug requires manual review: M70 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 28
How does it look in canary?
,
Sep 28
oh oops - linux, let's verify this in dev first.
,
Sep 28
,
Sep 28
abdul, this also fixes crashes on non-linux platform too. See https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3Awin%3A%3AResolveShortcutProperties%27#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions which is fixed in 3563+ version.
,
Sep 28
Approved -branch:3538
,
Sep 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922 commit aee83ebf35d63cf10ccc1a279ca4d6772fc2a922 Author: Chris Mumford <cmumford@google.com> Date: Fri Sep 28 20:46:33 2018 Allow file/filesystem schemes to redirect to same scheme. Relax redirect safety checks, which exist in the network service but were not present in URLRequestJob, to allow the loading of a file/filesystem scheme to redirect to the file/filesystem scheme. One example of a redirect is where the following URL: file:///path/to/directory during reload is redirected to: file:///path/to/directory/ This change also fixes redirects of Windows file links (with network service) as it redirects back to the client before following the redirect. This avoids an infinite recursion bug triggered by circular symbolic links. Bug: 884277 ,887039 Change-Id: I13923fc29397b1d3aa6679d861e9edc3af1c816b Reviewed-on: https://chromium-review.googlesource.com/1234335 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Chris Mumford <cmumford@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#594450}(cherry picked from commit 90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3) Reviewed-on: https://chromium-review.googlesource.com/1252533 Reviewed-by: Daniel Xie <dxie@google.com> Cr-Commit-Position: refs/branch-heads/3538@{#748} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/browser/file_url_loader_factory.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/browser/fileapi/file_system_url_loader_factory.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/browser/frame_host/navigation_request.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/browser/loader/navigation_url_loader_impl.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/public/common/url_utils.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/public/common/url_utils.h [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/public/common/url_utils_unittest.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/renderer/loader/resource_dispatcher.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/renderer/loader/url_loader_client_impl.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/content/renderer/loader/url_loader_client_impl.h [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/extensions/browser/api/web_request/web_request_proxying_url_loader_factory.cc [modify] https://crrev.com/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922/extensions/browser/api/web_request/web_request_proxying_url_loader_factory.h
,
Sep 28
,
Sep 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aee83ebf35d63cf10ccc1a279ca4d6772fc2a922 Commit: aee83ebf35d63cf10ccc1a279ca4d6772fc2a922 Author: cmumford@google.com Commiter: dxie@google.com Date: 2018-09-28 20:46:33 +0000 UTC Allow file/filesystem schemes to redirect to same scheme. Relax redirect safety checks, which exist in the network service but were not present in URLRequestJob, to allow the loading of a file/filesystem scheme to redirect to the file/filesystem scheme. One example of a redirect is where the following URL: file:///path/to/directory during reload is redirected to: file:///path/to/directory/ This change also fixes redirects of Windows file links (with network service) as it redirects back to the client before following the redirect. This avoids an infinite recursion bug triggered by circular symbolic links. Bug: 884277 ,887039 Change-Id: I13923fc29397b1d3aa6679d861e9edc3af1c816b Reviewed-on: https://chromium-review.googlesource.com/1234335 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Chris Mumford <cmumford@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#594450}(cherry picked from commit 90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3) Reviewed-on: https://chromium-review.googlesource.com/1252533 Reviewed-by: Daniel Xie <dxie@google.com> Cr-Commit-Position: refs/branch-heads/3538@{#748} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
,
Oct 1
,
Oct 3
Issue 890666 has been merged into this issue. |
||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||
Comment 1 by susan.boorgula@chromium.org
, Sep 16