diff options
author | Andrey Kosyakov <caseq@chromium.org> | 2021-08-30 16:54:52 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2021-11-10 18:25:49 +0000 |
commit | 40e1edf940d1364488f26f539ce39099234704cf (patch) | |
tree | 15a5065d44e104db685be2b0f017197f5cc6ee51 | |
parent | a97e74afa987382c0f6b10eefc14cbf49e079c85 (diff) | |
download | qtwebengine-chromium-40e1edf940d1364488f26f539ce39099234704cf.tar.gz |
[Backport] CVE-2021-30618: Inappropriate implementation in DevTools
Manual partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3128603:
Forbid embedding DevTools discovery page as an iframe
Also, mark the discovery page as deprecated and recommend
using chrome://inspect instead.
(cherry picked from commit 8e23347b3e089cd00c9d3741b394b92c21f70f88)
Bug: 1232509, 1232279
Change-Id: I41f8e9f4914d53b72b82ed8343612ad5bb794ce5
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#905584}
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Owners-Override: Srinivas Sista <srinivassista@chromium.org>
Auto-Submit: Srinivas Sista <srinivassista@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/branch-heads/4515@{#2098}
Cr-Branched-From: 488fc70865ddaa05324ac00a54a6eb783b4bc41c-refs/heads/master@{#885287}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit a0f1a26add613a2b0d2ef65100fd307d3b906ec3)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/content/browser/devtools/devtools_http_handler.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/chromium/content/browser/devtools/devtools_http_handler.cc b/chromium/content/browser/devtools/devtools_http_handler.cc index 35c1d85e523..d17be84d06c 100644 --- a/chromium/content/browser/devtools/devtools_http_handler.cc +++ b/chromium/content/browser/devtools/devtools_http_handler.cc @@ -709,8 +709,14 @@ void DevToolsHttpHandler::RespondToJsonList( } void DevToolsHttpHandler::OnDiscoveryPageRequest(int connection_id) { - std::string response = delegate_->GetDiscoveryPageHTML(); - Send200(connection_id, response, "text/html; charset=UTF-8"); + net::HttpServerResponseInfo response(net::HTTP_OK); + response.AddHeader("X-Frame-Options", "DENY"); + response.SetBody(delegate_->GetDiscoveryPageHTML(), + "text/html; charset=UTF-8"); + thread_->task_runner()->PostTask( + FROM_HERE, base::BindOnce(&ServerWrapper::SendResponse, + base::Unretained(server_wrapper_.get()), + connection_id, response)); } void DevToolsHttpHandler::OnFrontendResourceRequest( |