Reject negative request IDs and stabilize interception [chromium/src : main]
Danil Somsikov (Gerrit)
Danil Somsikov voted![]( "Open in Gerrit")
| Auto-Submit | +1 |
| Commit-Queue | +1 |
Related details
- Andrey Kosyakov
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
mmenke (Gerrit)
mmenke added 2 comments![]( "Open in Gerrit")
[toyoshim] Can you take this one?
Given my lack of familiarity with ServiceWorker, I don't feel like I can adequately review if trusting service worker main resources or scripts is a problem, and probably not useful for me to do a dive into that.
bool is_browser_initiated =This seems inaccurate to me. If a webpage triggers a navigation, I would not say it's browser initiated. Its ResourceRequest::initiator is the renderer's orign, I believe.
Related details
- Andrey Kosyakov
- Danil Somsikov
- Takashi Toyoshima
- Yoshisato Yanagisawa
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Danil Somsikov (Gerrit)
Danil Somsikov added 1 comment![]( "Open in Gerrit")
bool is_browser_initiated =This seems inaccurate to me. If a webpage triggers a navigation, I would not say it's browser initiated. Its ResourceRequest::initiator is the renderer's orign, I believe.
That's a fair point, Matt. In the context of this fix, the flag is intended to identify requests where the `request_id` is generated and controlled by the browser process, which is why they are permitted to use negative values. Even for renderer-triggered navigations, the browser process manages the request and assigns the ID, distinguishing them from standard renderer-initiated subresource requests.
Would renaming the flag to something like `is_browser_generated_id` or `is_browser_controlled_id` address your concern about the semantic ambiguity?
Related details
- Andrey Kosyakov
- Takashi Toyoshima
- Yoshisato Yanagisawa
- mmenke
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
mmenke (Gerrit)
mmenke added 1 comment![]( "Open in Gerrit")
bool is_browser_initiated =Danil SomsikovThis seems inaccurate to me. If a webpage triggers a navigation, I would not say it's browser initiated. Its ResourceRequest::initiator is the renderer's orign, I believe.
That's a fair point, Matt. In the context of this fix, the flag is intended to identify requests where the `request_id` is generated and controlled by the browser process, which is why they are permitted to use negative values. Even for renderer-triggered navigations, the browser process manages the request and assigns the ID, distinguishing them from standard renderer-initiated subresource requests.
Would renaming the flag to something like `is_browser_generated_id` or `is_browser_controlled_id` address your concern about the semantic ambiguity?
Works for me, though I don't see an ID being passed into this function.
Related details
- Andrey Kosyakov
- Danil Somsikov
- Takashi Toyoshima
- Yoshisato Yanagisawa
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |