This change is ready for review.
To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.
LGTM as a short-term fix that we can merge back to beta. Hopefully we'll come up with a clever alternative when it comes time to actually ship this. :)
Patch set 1:Code-Review +1
Patch set 1:Commit-Queue +2
Try jobs failed on following builders:
chromium_presubmit on luci.chromium.try (JOB_FAILED, https://ci.chromium.org/b/8930326146904749120)
clamy: OWNERS review, please.
Patch Set 1:
clamy: OWNERS review, please.
(FWIW, this seems like something you could TBR :) )
Thanks! Lgtm.
Patch set 1:Code-Review +1
Patch set 1:Commit-Queue +2
Commit Bot merged this change.
[Origin Policy] Change request header default to "0".
Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).
Bug: 751996, 901477
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982
Reviewed-by: Mike West <mk...@chromium.org>
Reviewed-by: Camille Lamy <cl...@chromium.org>
Commit-Queue: Daniel Vogelheim <voge...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607246}
---
M content/browser/frame_host/origin_policy_throttle.cc
M content/browser/frame_host/origin_policy_throttle_unittest.cc
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/content/browser/frame_host/origin_policy_throttle.cc b/content/browser/frame_host/origin_policy_throttle.cc
index 323db40..e315801 100644
--- a/content/browser/frame_host/origin_policy_throttle.cc
+++ b/content/browser/frame_host/origin_policy_throttle.cc
@@ -22,7 +22,7 @@
namespace {
// Constants derived from the spec, https://github.com/WICG/origin-policy
-static const char* kDefaultPolicy = "1";
+static const char* kDefaultPolicy = "0";
static const char* kDeletePolicy = "0";
static const char* kWellKnown = "/.well-known/origin-policy/";
diff --git a/content/browser/frame_host/origin_policy_throttle_unittest.cc b/content/browser/frame_host/origin_policy_throttle_unittest.cc
index 2f61ac6..067d00b 100644
--- a/content/browser/frame_host/origin_policy_throttle_unittest.cc
+++ b/content/browser/frame_host/origin_policy_throttle_unittest.cc
@@ -41,7 +41,7 @@
void CreateHandleFor(const GURL& url) {
net::HttpRequestHeaders headers;
if (OriginPolicyThrottle::ShouldRequestOriginPolicy(url, nullptr))
- headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "1");
+ headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "0");
// Except for url and headers (which are determined by the test case)
// all parameters below are cargo-culted from
@@ -101,7 +101,7 @@
std::string version;
OriginPolicyThrottle::ShouldRequestOriginPolicy(url, &version);
- EXPECT_EQ(version, "1");
+ EXPECT_EQ(version, "0");
OriginPolicyThrottle::GetKnownVersionsForTesting()[url::Origin::Create(url)] =
"abcd";
To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.