New issue
Advanced search Search tips

Issue 898128 link

Starred by 1 user
Status: Verified
Owner:
horo@chromium.org
Closed: Oct 29
Cc:
kinuko@chromium.org
kouhei@chromium.org
ksakamoto@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Origin Trial token of SiignedExchange is not correctly checked after redirect

Project Member Reported by horo@chromium.org, Oct 23 
Chrome Version: 72.0.3588.0 (Official Build) canary (64-bit)
OS: All

What steps will reproduce the problem?
(1) Enable chrome://flags/#allow-sxg-certs-without-extension
(2) Open http://bit.ly/2yvnzbX which returns a 301 redirect response with "Location: https://htxg-b1.appspot.com/sxg/hello_ec.sxg?v=" header.

What is the expected result?
- "https://htxg-b1.appspot.com/sxg/hello_ec.sxg?v=" returns a signed exchange with a valid Origin Trial token for "https://htxg-b1.appspot.com"
- Chrome handles the returned signed exchange and shows the content of the signed exchange "Hello SignedHTTPExchange".

What happens instead?
- The navigation is cancelled.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c8d8e9ea12485396934020d2d6e702b0fdbc2e63

commit c8d8e9ea12485396934020d2d6e702b0fdbc2e63
Author: Tsuyoshi Horo <horo@chromium.org>
Date: Fri Oct 26 07:10:27 2018

Use correct URL for handling Signed Exchange after redirects

Currently the initial navigation URL is used for handling Signed Exchange in
SignedExchangeLoader. But this URL must be updated after redirection.

This CL adds |request_url| argument to MaybeCreateLoaderForResponse() method of
NavigationLoaderInterceptor to update the URL.

And also, this CL moves the location where SignedExchangeRequestHandler is
created when NetworkService is disabled from CreateNonNetworkServiceURLLoader()
to StartWithoutNetworkService() where ServiceWorkerRequestHandler is created.

Bug:  898128 
Change-Id: I6fe34c7de2decd7d541988e026cef4ae4067fddf
Reviewed-on: https://chromium-review.googlesource.com/c/1296573
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#603018}
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/appcache/appcache_request_handler.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/appcache/appcache_request_handler.h
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/loader/navigation_loader_interceptor.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/loader/navigation_loader_interceptor.h
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/loader/navigation_url_loader_impl.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/loader/navigation_url_loader_impl_unittest.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/shared_worker/shared_worker_script_loader.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/web_package/signed_exchange_loader.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/web_package/signed_exchange_loader.h
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/web_package/signed_exchange_request_handler.cc
[modify] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/content/browser/web_package/signed_exchange_request_handler.h
[add] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-navigation-redirect-expected.txt
[add] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/third_party/WebKit/LayoutTests/http/tests/devtools/sxg/sxg-navigation-redirect.js
[add] https://crrev.com/c8d8e9ea12485396934020d2d6e702b0fdbc2e63/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location-origin-trial-redirect.html

Comment 2 by horo@chromium.org, Oct 29

Status: Verified (was: Assigned)
c8d8e9ea12485396934020d2d6e702b0fdbc2e63 landed in 72.0.3593.0

I verified that http://bit.ly/2yvnzbX shows "Hello SignedHTTPExchange" in 72.0.3594.0.

Sign in to add a comment