| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3078937:
css: Use document (not base) URL for inline style preloads' referrers
crrev.com/c/2592447 fixed one code path where setting a document's base
URL (via the HTML <base> tag) led to requests from inline CSS using the
base URL as their referrer, rather than the document URL. This goes
against the recommendation in the Referrer Policy spec that requests
from inline CSS use their documents' referrers. [1] In general, we try
to avoid letting pages override outgoing requests' referrers to
different-origin URLs, even though this is not a hard security boundary.
It turns out a separate code path can also trigger requests from inline
style sheets: in particular, '@import' statements in inline stylesheets
get prefetched by the HTML parser, which currently has separate logic
that explicitly sets those requests' referrers to the document's base
URL.
This change removes that logic. After this change, preload requests from
inline style in the HTML parser will use the document's URL, not its
base URL, when generating their referrers. This CL also adds two new WPTs:
* "stylesheet-with-differentorigin-base-url.html" verifies the referrer
for an inline stylesheet requesting another stylesheet via an @import
statement. There are other tests inspecting the referrers for SVG and
image fetches from inline stylesheets, but not for child stylesheet
fetches. This test passes even without this CL applied (because of
crrev.com/c/2592447).
* "stylesheet-with-differentorigin-base-url-from-preload.html" does the
same thing, except from a srcdoc iframe. Using a srcdoc iframe triggers
the preload code path since the inline stylesheet is hardcoded in a
<style> HTML tag. (In contrast, the test above uses JS to add the style
element to the DOM.) Because this second test exercises the preload
codepath, it fails without this patch's functional changes applied.
With this patch applied, the repro in the linked bug no longer succeeds.
[1] https://www.w3.org/TR/referrer-policy/#integration-with-css
Test: New WPT covers the preload path. Manually tested the bug's repro.
Change-Id: I6bd797978b207a4bc0bb1b35565eb93c7162729f
Fixed: 1233375
Commit-Queue: David Van Cleve <davidvc@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Cr-Commit-Position: refs/heads/main@{#924146}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I924781584def20fc800bedf6ff41fdb96c438193
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
| |
Change-Id: I42a050486714e9e54fc271f2a8939223a02ae364
|
|
|
|
|
| |
Change-Id: I0def1f08a2412aeed79a9ab95dd50eb5c3f65f31
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Iff4d9d18d2fcf1a576f3b1f453010f744a232920
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I3ae87d23e4eff4b4a469685658740a213600c667
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ib157360be8c2ffb2c73125751a89f60e049c1d54
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ide0ff151e94cd665ae6521a446995d34a9d1d644
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ib85eb4cfa1cbe2b2b81e5022c8cad5c493969535
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ie3a82f5bb0076eec2a7c6a6162326b4301ee291e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I98e1649aafae85ba3a83e67af00bb27ef301db7b
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
| |
Change-Id: I336b7182fab9bca80b709682489c07db112eaca5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: If185e0c0061b3437531c97c9c8c78f239352a68b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I1e89a5f3b009a9519a6705102ad65c92fe736f21
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I321c3f5f929c105aec0f98c5091ef6108822e647
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I86d2007fd27a45d5797eee06f4c9369b8b50ac4f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
| |
Change-Id: I8d2497da544c275415aedd94dd25328d555de811
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I08c9af2948b645f671e5d933aca1f7a90ea372f2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: Ic57220b00ecc929a893c91f5cc552f5d3e99e922
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I6a32086c33670e1b033f8b10e6bf1fd4da1d105d
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
| |
Change-Id: Ie634710bf039e26c1957f4ae45e101bd4c434ae7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I2b7b56e4e7a8b26656930def0d4575dc32b900a0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I23f19369e01f688e496f5bf179abb521ad73874f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
Change-Id: Idcb1341782e417561a2473eeecc82642dafda5b7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|