Wang Neden (Gerrit)

unread,

Oct 26, 2025, 9:54:40 AM (12 days ago) Oct 26

to chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Wang Neden voted

Auto-Submit	+1
Commit-Queue	+1

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Wang Neden (Gerrit)

unread,

Oct 26, 2025, 10:53:27 AM (12 days ago) Oct 26

to Andrey Kosyakov, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Attention needed from Andrey Kosyakov

Wang Neden added 1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Wang Neden . resolved

Hi Andrey,

PTAL. Thanks in advance for your time on this.

This patch addresses a subtle logic mismatch between `net::SchemefulSite::IsSameSite` and the network stack's origin-based Referrer policy. This was causing `Fetch.continueRequest` to fail for cross-port redirects on localhost, a scenario frequently used by automation tools.

Let me know what you think of the fix.

Open in Gerrit

Related details

Attention is currently required from:

Andrey Kosyakov

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Wang Neden (Gerrit)

unread,

Nov 3, 2025, 3:00:18 AM (4 days ago) Nov 3

to Andrey Kosyakov, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Attention needed from Andrey Kosyakov

Wang Neden added 1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Wang Neden . resolved

Hi Andrey,
PTAL. Thanks in advance for your time on this.
This patch addresses a subtle logic mismatch between `net::SchemefulSite::IsSameSite` and the network stack's origin-based Referrer policy. This was causing `Fetch.continueRequest` to fail for cross-port redirects on localhost, a scenario frequently used by automation tools.
Let me know what you think of the fix.

Wang Neden

Gentle ping. No rush on this, just wanted to bring it back to your attention when you have a free moment. Thanks for your time!

Open in Gerrit

Related details

Attention is currently required from:

Andrey Kosyakov

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Andrey Kosyakov (Gerrit)

unread,

Nov 3, 2025, 3:04:18 PM (4 days ago) Nov 3

to Wang Neden, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Attention needed from Wang Neden

Andrey Kosyakov voted and added 1 comment

Votes added by Andrey Kosyakov

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Andrey Kosyakov . resolved

Thanks, lgtm!

Open in Gerrit

Related details

Attention is currently required from:

Wang Neden

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Alex Rudenko (Gerrit)

unread,

Nov 4, 2025, 3:28:25 AM (3 days ago) Nov 4

to Wang Neden, Andrey Kosyakov, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Attention needed from Wang Neden

Alex Rudenko voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Wang Neden

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Nov 4, 2025, 4:38:36 AM (3 days ago) Nov 4

to Wang Neden, Alex Rudenko, Andrey Kosyakov, AyeAye, chromium...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

DevTools: Fix Fetch.continueRequest for localhost cross-port redirects

Using `Fetch.continueRequest` to redirect a request to a different
port on localhost would fail with ERR_BLOCKED_BY_CLIENT if the
initiator's URL contained a path or query string.

The root cause was a logic mismatch within InterceptionJob. It used
`net::SchemefulSite::IsSameSite` to decide whether to sanitize the
Referrer for the new URL. This function considers different ports on
localhost as same-site, so the Referrer was left unmodified.

However, the lower-level URLRequest performs a stricter, origin-based
Referrer-Policy check. It correctly identified the cross-port redirect
as cross-origin and expected a sanitized Referrer. This mismatch caused
the NetworkDelegate to block the request via
`CancelURLRequestWithPolicyViolatingReferrerHeader`.

This patch fixes the issue by replacing the `IsSameSite` check with
a direct `url::Origin` comparison. This aligns the interception logic
with the network stack, ensuring the Referrer is correctly handled for
cross-origin redirects before the request is dispatched.

Bug: 40922002

Change-Id: Ie67621da287e4b4e63f97229c629667473d2be93

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7081416

Reviewed-by: Andrey Kosyakov <ca...@chromium.org>

Commit-Queue: Alex Rudenko <alexr...@chromium.org>

Auto-Submit: Wang Neden <nede...@gmail.com>

Reviewed-by: Alex Rudenko <alexr...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1539861}

Files:

M content/browser/devtools/devtools_url_loader_interceptor.cc
A third_party/blink/web_tests/http/tests/inspector-protocol/fetch/redirect-localhost-cross-port-expected.txt
A third_party/blink/web_tests/http/tests/inspector-protocol/fetch/redirect-localhost-cross-port.js

Change size: M

Delta: 3 files changed, 89 insertions(+), 3 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Alex Rudenko, +1 by Andrey Kosyakov

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

DevTools: Fix Fetch.continueRequest for localhost cross-port redirects [chromium/src : main]

Wang Neden (Gerrit)

Wang Neden voted

Related details

Wang Neden (Gerrit)

Wang Neden added 1 comment

Related details

Wang Neden (Gerrit)

Wang Neden added 1 comment

Related details

Andrey Kosyakov (Gerrit)

Andrey Kosyakov voted and added 1 comment

Votes added by Andrey Kosyakov

1 comment

Related details

Alex Rudenko (Gerrit)

Alex Rudenko voted

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information