commit | 36f5b705e81215a8909ff80842572ca547783776 | [log] [tgz] |
---|---|---|
author | Titouan Rigoudy <titouan@chromium.org> | Mon Jun 13 14:52:36 2022 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Jun 13 14:52:36 2022 |
tree | 642fe7c97eecc201f44f60dd9b12654cde5d9e21 | |
parent | 27e7be46b9f10ea41a4e0fd4d06e94f6f0c6b7a3 [diff] |
[Merge] [Private Network Access] Skip inconsistency check when PNA is disabled. The special-case logic we have for proxied resources (treat them as `kUnknown`) does not apply to cached resources that were originally proxied. When we load a proxied video, the first few bytes are cached. Say we then load the video again, this time from cache - at this point its address space is `kLocal`. Once the next bytes are fetched from the network, it looks like a split range request pointing to `kUnknown` after `kLocal`, and the fetch fails. We should not apply any of this logic when PNA is disabled, as it is entirely specific to PNA. As argued in test comments, this should not re-open the door to crbug.com/1279376 - ignored inconsistencies can only trigger a problem if PNA is enabled in the first place. Indeed, a problem only arises if we decide to send a PNA preflight after receiving headers, and we can only send a PNA preflight [1] if the private network request policy is kPreflightWarn or kPreflightBlock [2]. Also skip the target address space check when PNA is disabled, though that should never have happened before. The request's target address space can only be set by CorsURLLoader [1] if the private network request policy is kPreflightWarn or kPreflightBlock [2]. A couple DCHECKs are introduced to verify the above assumptions, which revealed a small caveat to the above. If the client security state is set on the request itself instead of the URL loader factory, then the preflight request's URLLoader could find itself with no client security state even though the request carried a target IP address space. While a benign quirk, it is fixed in this CL by explicitly copying over the client security state from the original request to the preflight request. Also make PrivateNetworkAccessCheckResult streamable for easier test failure debugging. [1] https://source.chromium.org/chromium/chromium/src/+/main:services/network/cors/cors_url_loader.cc;l=877-896;drc=8d6a246c9be4f6b731dc7f6e680b7d5e13a512b5 [2] https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/private_network_access_check_result.cc;l=63-65;drc=8d6a246c9be4f6b731dc7f6e680b7d5e13a512b5 (cherry picked from commit ab2f014c174ff79812568da5307b73d408df4b72) Bug: chromium:1332495 Change-Id: I3731fe317ef9c67b29fc2926785eabe8a6c49fab Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3687957 Commit-Queue: Titouan Rigoudy <titouan@chromium.org> Auto-Submit: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1011373} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3695177 Reviewed-by: Lutz Vahl <vahl@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5060@{#782} Cr-Branched-From: b83393d0f4038aeaf67f970a024d8101df7348d1-refs/heads/main@{#1002911}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone
! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.