[Fetch] Handle whitespace normalization for forbidden header values. [chromium/src : main]
Mike West (Gerrit)
Mike West added 1 comment![]( "Open in Gerrit")
Related details
- Daniel Vogelheim
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Daniel Vogelheim (Gerrit)
Daniel Vogelheim voted and added 3 comments![]( "Open in Gerrit")
Votes added by Daniel Vogelheim
| Code-Review | +1 |
3 comments
LGTM, w/ a testing nitpick.
I couldn't find the spec that governs this. Any links?
];Given the `.Latin1()` normalization, maybe there should be one example with a non-ASCII Latin1 character, and one with a non-Latin1? E.g., "GËT" and "GЭT".
];permittedValues should maybe have an example with whitespace in it, like `" get "`.
Related details
- Mike West
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Mike West (Gerrit)
Mike West voted and added 3 comments![]( "Open in Gerrit")
Votes added by Mike West
| Commit-Queue | +1 |
LGTM, w/ a testing nitpick.
I couldn't find the spec that governs this. Any links?
It's defined in step 3 of https://fetch.spec.whatwg.org/#forbidden-request-header. I'll add it to the CL description.
Given the `.Latin1()` normalization, maybe there should be one example with a non-ASCII Latin1 character, and one with a non-Latin1? E.g., "GËT" and "GЭT".
These are good suggestions. `\nGËT` actually crashes the renderer... I'm going to deal with these in a subsequent CL.
permittedValues should maybe have an example with whitespace in it, like `" get "`.
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Blink W3C Test Autoroller (Gerrit)
Message from Blink W3C Test Autoroller![]( "Open in Gerrit")
Exportable changes to web-platform-tests were detected in this CL and a pull request in the upstream repo has been made: https://github.com/web-platform-tests/wpt/pull/58911.
When this CL lands, the bot will automatically merge the PR on GitHub if the required GitHub checks pass; otherwise, ecosystem-infra@ team will triage the failures and may contact you.
WPT Export docs:
https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md#Automatic-export-process
Related details
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Mike West (Gerrit)
Mike West voted Commit-Queue+2![]( "Open in Gerrit")
| Commit-Queue | +2 |
Related details
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Chromium LUCI CQ (Gerrit)
Chromium LUCI CQ submitted the change![]( "Open in Gerrit")
Unreviewed changes
1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
Change information
[Fetch] Handle whitespace normalization for forbidden header values.
We should pass the normalized header value to the network-level
forbidden method checks, not the raw values.
https://fetch.spec.whatwg.org/#forbidden-request-header
- M third_party/blink/renderer/platform/loader/cors/cors.cc
- A third_party/blink/web_tests/external/wpt/fetch/api/headers/headers-forbidden-override.any.js
Code-Review: +1 by Daniel Vogelheim
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Blink W3C Test Autoroller (Gerrit)
Message from Blink W3C Test Autoroller![]( "Open in Gerrit")
The WPT PR for this CL has been merged upstream! https://github.com/web-platform-tests/wpt/pull/58911
Related details
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |