Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: cherry-pick dbde8795233a from chromium #32210

Merged
merged 6 commits into from Jan 10, 2022

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Dec 16, 2021

Prevent opaque range request responses from entering the preload cache

ResourceLoader cancels range request responses that were not initiated
with range request headers causing them to error out and be cleared from
the preload cache. Other responses (200, 416, error, etc) complete
successfully and would otherwise enter the preload cache, making them
observable.

This prevents opaque range responses of any kind from persisting in the
preload cache (which would not naturally have any anyway).

(cherry picked from commit a5f630e5f94da28a926d60da7dde194acd8697f0)

Bug: 1270990
Change-Id: Ife9922fe0b88e39722f3664ddd091a1516892157
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3294001
Reviewed-by: Ben Kelly wanderview@chromium.org
Reviewed-by: Yoav Weiss yoavweiss@chromium.org
Commit-Queue: Patrick Meenan pmeenan@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#946055}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3313416
Auto-Submit: Patrick Meenan pmeenan@chromium.org
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/4664@{#1222}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}

Notes: Backported fix for CVE-2021-4059.

@ppontes ppontes requested a review from as a code owner Dec 16, 2021
@ppontes ppontes added 15-x-y backport-check-skip semver/patch labels Dec 16, 2021
@electron-cation electron-cation bot added new-pr 🌱 and removed new-pr 🌱 labels Dec 16, 2021
@ppontes ppontes force-pushed the cherry-pick/15-x-y/chromium/dbde8795233a branch from 41b9771 to 913fe84 Compare Dec 20, 2021
@codebytere
Copy link
Member

@codebytere codebytere commented Jan 10, 2022

Unrelated Appveyor failure - merging

@codebytere codebytere merged commit d136430 into 15-x-y Jan 10, 2022
14 of 15 checks passed
@codebytere codebytere deleted the cherry-pick/15-x-y/chromium/dbde8795233a branch Jan 10, 2022
@release-clerk
Copy link

@release-clerk release-clerk bot commented Jan 10, 2022

Release Notes Persisted

Backported fix for CVE-2021-4059.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
15-x-y backport-check-skip security 🔒 semver/patch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants