Release v1.0.1650677: Block access to resources from blocked targets. · ChromeDevTools/devtools-frontend

v1.0.1650677
921932c
Choose a tag to compare

Filter

View all tags

v1.0.1650677: Block access to resources from blocked targets.

v1.0.1650677
921932c
Choose a tag to compare

Filter

View all tags

danilsomsikov tagged this 24 Jun 20:18

This change updates the ExtensionServer to prevent extensions from accessing network requests and resources if the associated target's inspected URL is blocked, even if the resource or request URL itself is on an allowed domain. This is applied to HAR entries, resource content fetching, and network request finished events. New tests are added to verify these security constraints.

Bug: 513754837
Change-Id: Iaced3448d56b24bd7e55268569303257cd36daf9
Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/7985744
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!