-
Notifications
You must be signed in to change notification settings - Fork 891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude referrer patch code when url is chrome-extension #421
Conversation
+ common_params_.url = last_committed_entry->GetURL(); | ||
+ // With chrome-extension by using Pocket on a page with a youtube iframe, | ||
+ // it can lead to insecure referrer mismatch error. | ||
+ if (!common_params_.url.SchemeIs("chrome-extension")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we should be checking secure/insecure schemes for all redirects? Might be other similar issues somewhere? Isn't there a referrer sanitizing method that checks that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't sure if common_params_.url is always set or not. Otherwise I considered using GURL::SchemeIsCryptographic
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think there's a clear way directly in this patch to do it though, because in this case the url we'd overwrite to is secure, but for some reason it still fails with the extension isn't insecure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I think this way is the least risky.
cedd4f2
to
06901e4
Compare
This is moved to the common network redirect so the test was meant to be removed
++'ed in slack by bridiver |
Exclude referrer patch code when url is chrome-extension
0.55.x ccda442 |
Touch overridden objective-c++ file(.mm) also
Touch overridden objective-c++ file(.mm) also
Touch overridden objective-c++ file(.mm) also
Fix brave/brave-browser#991
This just only runs code we patched in in one less case than it used to before. Risk should be small.
We do have referrer tests from before and they still pass.
Submitter Checklist:
git rebase -i
to squash commits (if needed).Test Plan:
Reviewer Checklist: