SignedExchangeSignatureVerifier should use unparsed url bytes |
||
Issue descriptionhttps://sxg-test.appspot.com/sxg/utf8-inner-url.sxg?v=1b2&ot=true The fallback URL of this sxg is "https://sxg.irorin.org/🌐📦.html" (containing emojis in UTF-8). Currently Chrome fails to validate the signature of this sxg, because it creates signing message with a percent-encoded form of the URL ("https://sxg.irorin.org/%F0%9F%8C%90%F0%9F%93%A6.html"). GenerateSignedMessage() should use original requestUrl and validity-url bytes, instead of URLs canonicalized by GURL.
,
Dec 19
|
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Dec 19