Perform Origin Verification locally |
|||
Issue descriptionCurrently we perform origin verification by querying Google's brandmaster servers. This fails when the server is not publicly accessible.
,
Nov 20
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d92a618e9b749f7e2fa4cffb0b8ef90ff84f91aa commit d92a618e9b749f7e2fa4cffb0b8ef90ff84f91aa Author: Peter E Conn <peconn@chromium.org> Date: Tue Nov 20 11:33:38 2018 🤝 Perform Origin Verification locally. Previously Digital Asset Link verification contacted a Google Server. This had the disadvantage that verification would only work with servers that were publicly accessible. By doing the verification locally it will work with non-publicly accessible servers (such as company internal sites). Bug: 905698 Change-Id: Iaf00ae3b0d6193349310359183f3154c7f1d84f6 Reviewed-on: https://chromium-review.googlesource.com/c/1338180 Commit-Queue: Peter Conn <peconn@chromium.org> Reviewed-by: Yusuf Ozuysal <yusufo@chromium.org> Reviewed-by: Peter Beverloo <peter@chromium.org> Cr-Commit-Position: refs/heads/master@{#609664} [modify] https://crrev.com/d92a618e9b749f7e2fa4cffb0b8ef90ff84f91aa/chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc [modify] https://crrev.com/d92a618e9b749f7e2fa4cffb0b8ef90ff84f91aa/chrome/browser/android/digital_asset_links/digital_asset_links_handler.h [modify] https://crrev.com/d92a618e9b749f7e2fa4cffb0b8ef90ff84f91aa/chrome/browser/android/digital_asset_links/digital_asset_links_handler_unittest.cc
,
Nov 28
,
Dec 4
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c5646a7580b338f700d2ad1d4c9cb4a000c9c478 commit c5646a7580b338f700d2ad1d4c9cb4a000c9c478 Author: Peter E Conn <peconn@chromium.org> Date: Tue Dec 04 15:39:52 2018 🤝 Log Asset Link matching failures. Bug: 905698 Change-Id: Id0f4b98ad4a916abac36b077858472fae66b0eac Reviewed-on: https://chromium-review.googlesource.com/c/1360653 Reviewed-by: Peter Beverloo <peter@chromium.org> Commit-Queue: Peter Conn <peconn@chromium.org> Cr-Commit-Position: refs/heads/master@{#613558} [modify] https://crrev.com/c5646a7580b338f700d2ad1d4c9cb4a000c9c478/chrome/browser/android/digital_asset_links/digital_asset_links_handler.cc
,
Jan 2
I noticed your update on chromium-dev related to this. Have you synced with security team on this? It's probably fine, but for security-related matters (i.e. we've changed the trust relationship away from querying a google server which may/could have additional verification) I prefer to loop them in ahead of time. |
|||
►
Sign in to add a comment |
|||
Comment 1 by peconn@google.com
, Nov 19