WebKit Bugzilla
Attachment 371652 Details for
Bug 191356
: Be strict on request's Content-Type
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-191356-20190608133935.patch (text/plain), 2.94 KB, created by
Rob Buis
on 2019-06-08 04:39:36 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Rob Buis
Created:
2019-06-08 04:39:36 PDT
Size:
2.94 KB
patch
obsolete
>Subversion Revision: 246195 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 2d8bd2e80852c9078c00a5afb0c140c50bf54185..c5eae57c1912f8944f4ff5d6c84686004ef7e5ac 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,15 @@ >+2019-06-08 Rob Buis <rbuis@igalia.com> >+ >+ Be strict on request's Content-Type >+ https://bugs.webkit.org/show_bug.cgi?id=191356 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * platform/network/HTTPParsers.cpp: >+ (WebCore::isCorsUnsafeRequestHeaderByte): >+ (WebCore::containsCORSUnsafeRequestHeaderBytes): >+ (WebCore::isCrossOriginSafeRequestHeader): >+ > 2019-06-07 Enrique Ocaña González <eocanha@igalia.com> > > [MSE][GStreamer] Avoid QUOTA_EXCEEDED_ERR when seeking to a buffered range just before the buffered one >diff --git a/Source/WebCore/platform/network/HTTPParsers.cpp b/Source/WebCore/platform/network/HTTPParsers.cpp >index 474a1a2e0c54a3a75e1e6b4bfc744c0282bca10f..6ac0dcb0f079a8ec4ebc1c88608c5e323441e367 100644 >--- a/Source/WebCore/platform/network/HTTPParsers.cpp >+++ b/Source/WebCore/platform/network/HTTPParsers.cpp >@@ -34,6 +34,7 @@ > #include "HTTPParsers.h" > > #include "HTTPHeaderNames.h" >+#include "ParsedContentType.h" > #include <wtf/DateMath.h> > #include <wtf/Language.h> > #include <wtf/NeverDestroyed.h> >@@ -156,6 +157,24 @@ bool isValidAcceptHeaderValue(const String& value) > return true; > } > >+// https://fetch.spec.whatwg.org/#cors-unsafe-request-header-byte >+static bool isCorsUnsafeRequestHeaderByte(const UChar c) >+{ >+ return (c == '"' || c == '(' || c == ')' || c == ':' || c == '<' || c == '>' || c == '?' || c == '@' >+ || c == '[' || c == '\\' || c == ']' || c == 0x7B || c == '{' || c == '}' || c == 0x7F); >+} >+ >+static bool containsCORSUnsafeRequestHeaderBytes(const String& value) >+{ >+ for (unsigned i = 0; i < value.length(); ++i) { >+ UChar c = value[i]; >+ if ((c < 0x20 && c != '\t') || isCorsUnsafeRequestHeaderByte(c)) >+ return true; >+ } >+ >+ return false; >+} >+ > // See RFC 7231, Section 5.3.5 and 3.1.3.2. > bool isValidLanguageHeaderValue(const String& value) > { >@@ -869,7 +888,12 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName name, const String& value) > break; > case HTTPHeaderName::ContentType: { > // Preflight is required for MIME types that can not be sent via form submission. >- String mimeType = extractMIMETypeFromMediaType(value); >+ if (containsCORSUnsafeRequestHeaderBytes(value)) >+ return false; >+ auto parsedContentType = ParsedContentType::create(value); >+ if (!parsedContentType) >+ return false; >+ String mimeType = parsedContentType->mimeType(); > if (!(equalLettersIgnoringASCIICase(mimeType, "application/x-www-form-urlencoded") || equalLettersIgnoringASCIICase(mimeType, "multipart/form-data") || equalLettersIgnoringASCIICase(mimeType, "text/plain"))) > return false; > break;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=371652">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 191356
:
371652
|
371653
|
371654
|
371655
|
371656
|
371658
|
371659
|
371660
|
371661
|
371663
|
374569
|
381526
|
381536
|
381538
|
381695