[Origin Policy] Change request header default to "0". [chromium/src : master]

Daniel Vogelheim (Gerrit)

unread,

Nov 9, 2018, 8:04:43 AM11/9/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

This change is ready for review.

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Mike West (Gerrit)

unread,

Nov 9, 2018, 9:08:24 AM11/9/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Commit Bot, chromium...@chromium.org

LGTM as a short-term fix that we can merge back to beta. Hopefully we'll come up with a clever alternative when it comes time to actually ship this. :)

Patch set 1:Code-Review +1

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Daniel Vogelheim (Gerrit)

unread,

Nov 9, 2018, 9:36:20 AM11/9/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

Patch set 1:Commit-Queue +2

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Commit Bot (Gerrit)

unread,

Nov 9, 2018, 9:41:03 AM11/9/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Mike West, chromium...@chromium.org

Try jobs failed on following builders:
  chromium_presubmit on luci.chromium.try (JOB_FAILED, https://ci.chromium.org/b/8930326146904749120)

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Daniel Vogelheim (Gerrit)

unread,

Nov 9, 2018, 9:53:22 AM11/9/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Camille Lamy, Mike West, Commit Bot, chromium...@chromium.org

clamy: OWNERS review, please.

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Mike West (Gerrit)

unread,

Nov 12, 2018, 4:04:13 AM11/12/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Camille Lamy, Commit Bot, chromium...@chromium.org

Patch Set 1:
clamy: OWNERS review, please.

(FWIW, this seems like something you could TBR :) )

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Camille Lamy (Gerrit)

unread,

Nov 12, 2018, 9:25:29 AM11/12/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Mike West, Commit Bot, chromium...@chromium.org

Thanks! Lgtm.

Patch set 1:Code-Review +1

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Daniel Vogelheim (Gerrit)

unread,

Nov 12, 2018, 10:24:26 AM11/12/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Camille Lamy, Mike West, Commit Bot, chromium...@chromium.org

Patch set 1:Commit-Queue +2

View Change

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Commit Bot (Gerrit)

unread,

Nov 12, 2018, 11:19:17 AM11/12/18

to Daniel Vogelheim, alexmo...@chromium.org, creis...@chromium.org, nasko+c...@chromium.org, Camille Lamy, Mike West, chromium...@chromium.org

Commit Bot merged this change.

View Change

Approvals:
  Camille Lamy: Looks good to me
  Mike West: Looks good to me
  Daniel Vogelheim: Commit

[Origin Policy] Change request header default to "0".

Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).

Bug: 751996, 901477
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982
Reviewed-by: Mike West <mk...@chromium.org>
Reviewed-by: Camille Lamy <cl...@chromium.org>
Commit-Queue: Daniel Vogelheim <voge...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607246}
---
M content/browser/frame_host/origin_policy_throttle.cc
M content/browser/frame_host/origin_policy_throttle_unittest.cc
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/browser/frame_host/origin_policy_throttle.cc b/content/browser/frame_host/origin_policy_throttle.cc
index 323db40..e315801 100644
--- a/content/browser/frame_host/origin_policy_throttle.cc
+++ b/content/browser/frame_host/origin_policy_throttle.cc
@@ -22,7 +22,7 @@
 
 namespace {
 // Constants derived from the spec, https://github.com/WICG/origin-policy
-static const char* kDefaultPolicy = "1";
+static const char* kDefaultPolicy = "0";
 static const char* kDeletePolicy = "0";
 static const char* kWellKnown = "/.well-known/origin-policy/";
 
diff --git a/content/browser/frame_host/origin_policy_throttle_unittest.cc b/content/browser/frame_host/origin_policy_throttle_unittest.cc
index 2f61ac6..067d00b 100644
--- a/content/browser/frame_host/origin_policy_throttle_unittest.cc
+++ b/content/browser/frame_host/origin_policy_throttle_unittest.cc
@@ -41,7 +41,7 @@
   void CreateHandleFor(const GURL& url) {
     net::HttpRequestHeaders headers;
     if (OriginPolicyThrottle::ShouldRequestOriginPolicy(url, nullptr))
-      headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "1");
+      headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "0");
 
     // Except for url and headers (which are determined by the test case)
     // all parameters below are cargo-culted from
@@ -101,7 +101,7 @@
   std::string version;
 
   OriginPolicyThrottle::ShouldRequestOriginPolicy(url, &version);
-  EXPECT_EQ(version, "1");
+  EXPECT_EQ(version, "0");
 
   OriginPolicyThrottle::GetKnownVersionsForTesting()[url::Origin::Create(url)] =
       "abcd";

To view, visit change 1328982. To unsubscribe, or for help writing mail filters, visit settings.

Reply all

Reply to author

Forward