summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRayan Kanso <rayankans@google.com>2022-06-07 13:13:36 +0000
committerMichael BrĂ¼ning <michael.bruning@qt.io>2022-08-08 15:23:49 +0000
commit232367711b07476515a3a58c869b2f31046c93a1 (patch)
tree6f59166ac2a25f60c382a8d106f576f5be38a1bf
parentab704233c9ef10135ec6b8dd472e868d5f05bf50 (diff)
downloadqtwebengine-chromium-232367711b07476515a3a58c869b2f31046c93a1.tar.gz
[Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3693143: [BackgroundFetch] Don't expose URL chain in case of CO redirect Bug: 1278255 Change-Id: If853327b853e29792e5c8d1dfaeecf21d6fec004 Reviewed-by: Susanne Westphal <swestphal@google.com> Commit-Queue: Rayan Kanso <rayankans@chromium.org> Cr-Commit-Position: refs/heads/main@{#1011409} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat
-rw-r--r--chromium/content/browser/background_fetch/storage/mark_request_complete_task.cc2
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/content/browser/background_fetch/storage/mark_request_complete_task.cc b/chromium/content/browser/background_fetch/storage/mark_request_complete_task.cc
index 9036ec9a922..76cc94dd0ea 100644
--- a/chromium/content/browser/background_fetch/storage/mark_request_complete_task.cc
+++ b/chromium/content/browser/background_fetch/storage/mark_request_complete_task.cc
@@ -103,6 +103,8 @@ void MarkRequestCompleteTask::StoreResponse(base::OnceClosure done_closure) {
BackgroundFetchCrossOriginFilter filter(
registration_id_.storage_key().origin(), *request_info_);
if (!filter.CanPopulateBody()) {
+ // Don't expose the initial URL in case of cross-origin redirects.
+ response_->url_list.resize(1);
failure_reason_ = proto::BackgroundFetchRegistration::FETCH_ERROR;
// No point writing the response to the cache since it won't be exposed.
CreateAndStoreCompletedRequest(std::move(done_closure));
View Lorry Controller Status