Skip to content

fix: validate header name and value in webRequest.onBeforeSendHeaders#51366

Merged
jkleinsc merged 4 commits into
42-x-yfrom
trop/42-x-y-bp-fix-validate-header-name-and-value-in-webrequest-onbeforesendheaders-1777383506338
Apr 28, 2026
Merged

fix: validate header name and value in webRequest.onBeforeSendHeaders#51366
jkleinsc merged 4 commits into
42-x-yfrom
trop/42-x-y-bp-fix-validate-header-name-and-value-in-webrequest-onbeforesendheaders-1777383506338

Conversation

@trop
Copy link
Copy Markdown
Contributor

@trop trop Bot commented Apr 28, 2026

Backport of #51340

See that PR for details.

Notes: Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback

trop Bot and others added 4 commits April 28, 2026 13:38
@trop @loufultoncz-coder
fix: validate header name and value in webRequest.onBeforeSendHeaders
59f1551 
Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce
valid header names and values, which causes a fatal crash if the caller
passes invalid strings. When users modify requestHeaders in the
onBeforeSendHeaders callback with invalid header names (e.g. containing
spaces) or invalid header values (e.g. containing CRLF), the
gin::Converter<net::HttpRequestHeaders>::FromV8() calls SetHeader()
directly, triggering the CHECK and crashing the process.

This change adds pre-validation using net::HttpUtil::IsValidHeaderName()
and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(),
silently skipping invalid headers instead of crashing.

Co-authored-by: loufulton <loufulton.cz@gmail.com>
@trop @loufultoncz-coder
Update shell/common/gin_converters/net_converter.cc
5d12ac3 
Co-authored-by: Charles Kerr <charles@charleskerr.com>

Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>
@trop @loufultoncz-coder
Update spec/api-web-request-spec.ts
a45ba49 
Co-authored-by: Charles Kerr <charles@charleskerr.com>

Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>
@trop @loufultoncz-coder
fix: lint
69fd8a4 
Co-authored-by: loufulton <loufulton.cz@gmail.com>
@trop trop Bot mentioned this pull request Apr 28, 2026
Merged
7 tasks
@trop trop Bot added 42-x-y backport This is a backport PR semver/patch backwards-compatible bug fixes labels Apr 28, 2026
@jkleinsc jkleinsc merged commit d7126ad into 42-x-y Apr 28, 2026
75 checks passed
@jkleinsc jkleinsc deleted the trop/42-x-y-bp-fix-validate-header-name-and-value-in-webrequest-onbeforesendheaders-1777383506338 branch April 28, 2026 15:52
@release-clerk
Copy link
Copy Markdown

release-clerk Bot commented Apr 28, 2026

Release Notes Persisted

Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees

No one assigned

Labels

42-x-y backport This is a backport PR semver/patch backwards-compatible bug fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jkleinsc