Issue 911299 link

Starred by 3 users

Issue metadata

Status:	Untriaged
Owner:	----
Cc:	wfh@chromium.org creis@chromium.org
Components:	Internals>Sandbox>SiteIsolation Internals>Services>Network
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug
Hotlist-KnownIssue
Proj-Servicification

Blocking:
issue 786673

Don't trust |site_for_cookies| and |top_frame_origin| provided by the renderer

Project Member Reported by lukasza@google.com, Dec 3

Issue description

network::ResourceRequest contains:
- site_for_cookies
- top_frame_origin (being introduced in https://crrev.com/c/1335869)

Rather than getting these values from the renderer, the network service should get them from the trustworthy browser process.  For example - we may be able to introduce a URLLoaderFactoryParams::first_party_url field and fill it out in RFHI::CommitNavigation (based on the last committed URL of the main frame for subframe navigations OR based on the URL being navigated to for main frame navigations).

Note that this is similiar, but quite distinct from the |request_initiator_origin_lock| being proposed in issue 871827.  |request_initiator_origin_lock| tracks the origin of the frame initiating requests, but |first_party_url| would track the URL of the *main* frame.

Comment 1 by mmenke@chromium.org, Dec 3

There's also request_initiator.

Referrer, too, for that matter, though I assume it's less relevant.

Comment 2 by dxie@google.com, Dec 4

Labels: Hotlist-KnownIssue

►

Issue 911299 link

Issue metadata

Don't trust |site_for_cookies| and |top_frame_origin| provided by the renderer

Issue description

Comment 1 by mmenke@chromium.org, Dec 3

Comment 1 Deleted

Comment 2 by dxie@google.com, Dec 4

Comment 2 Deleted

Sign in to add a comment