Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CookieStore: Add validation behavior for __Host- prefixed cookies #23026

Merged
merged 1 commit into from Apr 21, 2020
Merged

CookieStore: Add validation behavior for __Host- prefixed cookies #23026

merged 1 commit into from Apr 21, 2020

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Apr 16, 2020
edited

This change adds the following checks for "__Host-" prefixed cookies:

  1. Disallows overwriting with an explicit domain
  2. Disallows non "/" path

This behavior is mentioned in the spec here [1].
Creating a cookie that violates this will cause a crash without
this change.

[1] https://wicg.github.io/cookie-store/#prefixes

Change-Id: I20968f11759019921aa7a6b37602878a17b091ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2151825
Commit-Queue: Victor Costan <pwnall@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#760776}

wpt-pr-bot
wpt-pr-bot approved these changes Apr 16, 2020
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@ayuishii @chromium-wpt-export-bot
CookieStore: Add validation behavior for __Host- prefixed cookies
4733437 
This change adds the following checks for "__Host-" prefixed cookies:

1. Disallows overwriting with an explicit domain
2. Disallows non "/" path

This behavior is mentioned in the spec here [1].
Creating a cookie that violates this will cause a crash without
this change.

[1] https://wicg.github.io/cookie-store/#prefixes

Change-Id: I20968f11759019921aa7a6b37602878a17b091ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2151825
Commit-Queue: Victor Costan <pwnall@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#760776}
@Hexcles Hexcles closed this Apr 21, 2020
@Hexcles Hexcles reopened this Apr 21, 2020
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit e731ebb into master Apr 21, 2020
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2151825 branch April 21, 2020 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export cookie-store
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@chromium-wpt-export-bot @wpt-pr-bot @Hexcles @ayuishii