Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick dbde8795233a from chromium #32210

Merged
merged 6 commits into from Jan 10, 2022
Merged

chore: cherry-pick dbde8795233a from chromium #32210

merged 6 commits into from Jan 10, 2022

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Dec 16, 2021
edited

Prevent opaque range request responses from entering the preload cache

ResourceLoader cancels range request responses that were not initiated
with range request headers causing them to error out and be cleared from
the preload cache. Other responses (200, 416, error, etc) complete
successfully and would otherwise enter the preload cache, making them
observable.

This prevents opaque range responses of any kind from persisting in the
preload cache (which would not naturally have any anyway).

(cherry picked from commit a5f630e5f94da28a926d60da7dde194acd8697f0)

Bug: 1270990
Change-Id: Ife9922fe0b88e39722f3664ddd091a1516892157
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3294001
Reviewed-by: Ben Kelly wanderview@chromium.org
Reviewed-by: Yoav Weiss yoavweiss@chromium.org
Commit-Queue: Patrick Meenan pmeenan@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#946055}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3313416
Auto-Submit: Patrick Meenan pmeenan@chromium.org
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/4664@{#1222}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}

Notes: Backported fix for CVE-2021-4059.

@ppontes ppontes requested a review from a team as a code owner December 16, 2021 16:51
@ppontes ppontes added 15-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Dec 16, 2021
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Dec 16, 2021
@ppontes ppontes force-pushed the cherry-pick/15-x-y/chromium/dbde8795233a branch from 41b9771 to 913fe84 Compare December 20, 2021 10:19
@codebytere
Copy link
Member

Unrelated Appveyor failure - merging

@codebytere codebytere merged commit d136430 into 15-x-y Jan 10, 2022
@codebytere codebytere deleted the cherry-pick/15-x-y/chromium/dbde8795233a branch January 10, 2022 10:10
@release-clerk
Copy link

release-clerk bot commented Jan 10, 2022

Release Notes Persisted

Backported fix for CVE-2021-4059.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

Assignees
No one assigned
Labels
15-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ppontes @codebytere @nornagon @electron-bot