diff options
| author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-02-18 02:26:24 +0100 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-02-20 13:56:44 +0000 |
| commit | 8abd05a0ce1260bc85d1d407a1f768580fd452c5 (patch) | |
| tree | 479296a46cd8d8c6cbf628ed2da8d4b1f55553cf | |
| parent | 19ddfb039984262e389e8e4de3852c44d0d4be05 (diff) | |
| download | qtwebengine-chromium-8abd05a0ce1260bc85d1d407a1f768580fd452c5.tar.gz | |
Revert "[Backport] CVE-2023-0704: Insufficient policy enforcement in DevTools"
It is causing trouble with the inspector and it is low impact and should not
matter for production use cases.
This reverts commit aecb8093dd91f09f0333eb634fe6f0db38f6f48f.
Change-Id: I19cca67617ea0e43914a71f3b7fc97a9cbefaf7b
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461212
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
4 files changed, 0 insertions, 37 deletions
diff --git a/chromium/content/browser/devtools/devtools_http_handler.cc b/chromium/content/browser/devtools/devtools_http_handler.cc index c1bfd5ac351..f539e36ba12 100644 --- a/chromium/content/browser/devtools/devtools_http_handler.cc +++ b/chromium/content/browser/devtools/devtools_http_handler.cc @@ -10,7 +10,6 @@ #include <utility> #include "base/bind.h" -#include "base/command_line.h" #include "base/compiler_specific.h" #include "base/files/file_util.h" #include "base/guid.h" @@ -37,7 +36,6 @@ #include "content/public/browser/devtools_manager_delegate.h" #include "content/public/browser/devtools_socket_factory.h" #include "content/public/common/content_client.h" -#include "content/public/common/content_switches.h" #include "content/public/common/url_constants.h" #include "content/public/common/user_agent.h" #include "net/base/escape.h" @@ -721,13 +719,6 @@ void DevToolsHttpHandler::OnWebSocketRequest( if (!thread_) return; - if (request.headers.count("origin") && - !remote_allow_origins_.count(request.headers.at("origin")) && - !remote_allow_origins_.count("*")) { - Send403(connection_id); - return; - } - if (base::StartsWith(request.path, browser_guid_, base::CompareCase::SENSITIVE)) { scoped_refptr<DevToolsAgentHost> browser_agent = @@ -799,14 +790,6 @@ DevToolsHttpHandler::DevToolsHttpHandler( output_directory, debug_frontend_dir, browser_guid_, delegate_->HasBundledFrontendResources())); } - std::string remote_allow_origins = base::ToLowerASCII( - base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( - switches::kRemoteAllowOrigins)); - - auto origins = - base::SplitString(remote_allow_origins, ",", base::TRIM_WHITESPACE, - base::SPLIT_WANT_NONEMPTY); - remote_allow_origins_.insert(origins.begin(), origins.end()); } void DevToolsHttpHandler::ServerStarted( @@ -866,18 +849,6 @@ void DevToolsHttpHandler::Send404(int connection_id) { base::Unretained(server_wrapper_.get()), connection_id)); } -void DevToolsHttpHandler::Send403(int connection_id) { - if (!thread_) { - return; - } - net::HttpServerResponseInfo response(net::HTTP_FORBIDDEN); - response.SetBody(std::string(), "text/html"); - thread_->task_runner()->PostTask( - FROM_HERE, base::BindOnce(&ServerWrapper::SendResponse, - base::Unretained(server_wrapper_.get()), - connection_id, response)); -} - void DevToolsHttpHandler::Send500(int connection_id, const std::string& message) { if (!thread_) diff --git a/chromium/content/browser/devtools/devtools_http_handler.h b/chromium/content/browser/devtools/devtools_http_handler.h index 1110228d5c0..e12f1b54d0e 100644 --- a/chromium/content/browser/devtools/devtools_http_handler.h +++ b/chromium/content/browser/devtools/devtools_http_handler.h @@ -7,7 +7,6 @@ #include <map> #include <memory> -#include <set> #include <string> #include "base/files/file_path.h" @@ -91,7 +90,6 @@ class DevToolsHttpHandler { const std::string& data, const std::string& mime_type); void Send404(int connection_id); - void Send403(int connection_id); void Send500(int connection_id, const std::string& message); void AcceptWebSocket(int connection_id, @@ -108,7 +106,6 @@ class DevToolsHttpHandler { base::Value SerializeDescriptor(scoped_refptr<DevToolsAgentHost> agent_host, const std::string& host); - std::set<std::string> remote_allow_origins_; // The thread used by the devtools handler to run server socket. std::unique_ptr<base::Thread> thread_; std::string browser_guid_; diff --git a/chromium/content/public/common/content_switches.cc b/chromium/content/public/common/content_switches.cc index 5cd23bb291b..0ff8b5dcc8d 100644 --- a/chromium/content/public/common/content_switches.cc +++ b/chromium/content/public/common/content_switches.cc @@ -665,10 +665,6 @@ const char kRemoteDebuggingPipe[] = "remote-debugging-pipe"; // Enables remote debug over HTTP on the specified port. const char kRemoteDebuggingPort[] = "remote-debugging-port"; -// Enables web socket connections from the specified origins only. '*' allows -// any origin. -const char kRemoteAllowOrigins[] = "remote-allow-origins"; - const char kRendererClientId[] = "renderer-client-id"; // The contents of this flag are prepended to the renderer command line. diff --git a/chromium/content/public/common/content_switches.h b/chromium/content/public/common/content_switches.h index a3e3610420f..0d7b82f9ea5 100644 --- a/chromium/content/public/common/content_switches.h +++ b/chromium/content/public/common/content_switches.h @@ -191,7 +191,6 @@ CONTENT_EXPORT extern const char kReduceUserAgentMinorVersion[]; CONTENT_EXPORT extern const char kRegisterPepperPlugins[]; CONTENT_EXPORT extern const char kRemoteDebuggingPipe[]; CONTENT_EXPORT extern const char kRemoteDebuggingPort[]; -CONTENT_EXPORT extern const char kRemoteAllowOrigins[]; CONTENT_EXPORT extern const char kRendererClientId[]; extern const char kRendererCmdPrefix[]; CONTENT_EXPORT extern const char kRendererProcess[]; |