Google Git
Sign in
chromium / chromium / src / add5e181c71051d746370d2a017a7903c6b19b33
commitadd5e181c71051d746370d2a017a7903c6b19b33[log] [tgz]
authorTarun Bansal <tbansal@chromium.org>Fri Feb 09 19:07:58 2018
committerCommit Bot <commit-bot@chromium.org>Fri Feb 09 19:07:58 2018
tree7577e7c0dcd3949602330208f961bdc3b8dc9484
parentee42e70e84955213a33f3d7b24bb02615935744b [diff]
Restrict persistent client hints to first party origins

With this CL, if an origin has provided persistent client hint
settings in the past, the persistent client hints would be
attached with
(i) Main frame request headers
(ii) Subresource request headers for subresources that have the
same origin as the document origin.

Before this CL, the client hints would have attached for subresource
origins as well (regardless of the opt-in of the document level
origin).

Discussion here of restricting client hints to first party origins only:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-359038699

In the future, feature policy may be used by 1P origins to allow
attaching of client hints to 3P hosts.

Bug: 735518
Change-Id: I74ba430bd5403b23535022ded87d24695be5bd70
Reviewed-on: https://chromium-review.googlesource.com/892486
Commit-Queue: Tarun Bansal <tbansal@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Ryan Sturm <ryansturm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535776}
10 files changed
tree: 7577e7c0dcd3949602330208f961bdc3b8dc9484
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. mash/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. ENG_REVIEW_OWNERS
  65. LICENSE
  66. LICENSE.chromium_os
  67. OWNERS
  68. PRESUBMIT.py
  69. PRESUBMIT_test.py
  70. PRESUBMIT_test_mocks.py
  71. README.md
  72. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .