From be75b2ea5983d537b15c056c08f6ec5573a45ee4 Mon Sep 17 00:00:00 2001 From: Matt Menke Date: Thu, 1 Nov 2018 11:21:27 +0000 Subject: [PATCH] Bug 1501150 [wpt PR 13663] - HttpStreamParser: Reject headers with nulls in them., a=testonly Automatic update from web-platform-testsHttpStreamParser: Reject headers with nulls in them. While the HTTP spec further limits what values are legal, nulls are particularly concerning, and it's safest just to reject them. See discussion here: https://github.com/whatwg/xhr/issues/165 Chrome will be the first browser to reject nulls in responses, despite there being wpt tests for this, so we'll have to keep an eye out for breakages. For reference, 0x00 through 0x1F aren't allowed in header values or fields, (https://tools.ietf.org/html/rfc7230#section-3.2 - VCHAR excludes those characters). CRs and LFs are of course needed, and 0x0C and 0x0B are allowed by other specs for particular header parsers, strangely. This CL does not affect other code that can generate HTTP response headers, which still uses the old behavior of just removing nulls. ServiceWorkers, extensions, WebPackages, Dial (?), and various tests still inherit the old behavior, since they create headers directly with a method that can't fail. It does introduce a new helper method, however, that they should eventually be switched to use: HttpResponseHeaders::TryToCreate(). We should probably put off conversion until this successfully makes it to stable. Bug: 832086 Change-Id: Ib75ac03a6a298238cafb41eaa5f046c082fd0bdf Reviewed-on: https://chromium-review.googlesource.com/c/1291812 Reviewed-by: Asanka Herath Commit-Queue: Matt Menke Cr-Commit-Position: refs/heads/master@{#601776} -- wpt-commits: 89637ce97bb8073a2db5182fc100125acba01481 wpt-pr: 13663 --- .../tests/cookies/http-state/chromium-tests.html | 1 - .../test-files/disabled-chromium0022-test | Bin 23 -> 23 bytes .../test-files/disabled-chromium0023-expected | 1 - .../test-files/disabled-chromium0023-test | 1 - 4 files changed, 3 deletions(-) delete mode 100644 testing/web-platform/tests/cookies/http-state/resources/test-files/disabled-chromium0023-expected delete mode 100644 testing/web-platform/tests/cookies/http-state/resources/test-files/disabled-chromium0023-test diff --git a/testing/web-platform/tests/cookies/http-state/chromium-tests.html b/testing/web-platform/tests/cookies/http-state/chromium-tests.html index e5d745e03909d..d9e1d28623f5d 100644 --- a/testing/web-platform/tests/cookies/http-state/chromium-tests.html +++ b/testing/web-platform/tests/cookies/http-state/chromium-tests.html @@ -43,7 +43,6 @@

Test Results

{file: "disabled-chromium0020", name: "disabled-chromium0020"}, {file: "chromium0021", name: "chromium0021"}, {file: "disabled-chromium0022", name: "disabled-chromium0022"}, - {file: "disabled-chromium0023", name: "disabled-chromium0023"}, ]; for (const i in TEST_CASES) { diff --git a/testing/web-platform/tests/cookies/http-state/resources/test-files/disabled-chromium0022-test b/testing/web-platform/tests/cookies/http-state/resources/test-files/disabled-chromium0022-test index 1a8f35ffbd849ebd836c4b41a97a9f6fa4113d4b..76a8ed4e9b8725200a3e282eeac1062ce3b9c570 100644 GIT binary patch literal 23 ecmWGeEzxz(&(F?GwNh|&bhLGH;*E-o-~s?xg$A?$ literal 23 ecmWGeEzxz(&(F?GwNh|&bhLGHVu*^2-~s?xL