Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Coop header parsing null byte #25181

Closed
wants to merge 6 commits into from
Closed

Coop header parsing null byte #25181

wants to merge 6 commits into from

Conversation

zcorpan
Copy link
Member

@zcorpan zcorpan commented Aug 21, 2020

@Hexcles as per #20873 (comment) (which this PR is on top of, only the last commit here is new).

When looking at this again, it seems the connection rejection may be happening in Chromium, since this test is working in Firefox. That is, wptserve handles this fine.

The interesting URL is https://web-platform.test:8443/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin%00&coep=&channel=unspecified_to_SAME_ORIGIN_same-origin%00 (or whatever port you get with wpt run or wpt serve)

In Chrome, I get an error page:

This page isn’t working
web-platform.test sent an invalid response.
ERR_INVALID_HTTP_RESPONSE

@annevk
Copy link
Member

annevk commented Aug 21, 2020
edited
Loading

Oh yeah, this is by design, but only Chrome implements it thus far I think. Edit: see whatwg/xhr#165.

@zcorpan
Copy link
Member Author

zcorpan commented Aug 21, 2020

Aha, thanks @annevk! I see tests for fetch and XHR were added. Other kinds of loads with 0x00 might also be good to test, right?

@annevk
Copy link
Member

annevk commented Aug 23, 2020

Yup, see #21019 for some of those.

@annevk
Copy link
Member

annevk commented Aug 23, 2020

I guess it's also time to enshrine this in the specification given that it stuck in Chromium and others want this as well.

@zcorpan
Copy link
Member Author

zcorpan commented Aug 24, 2020

Thanks. I'll close this, since the test introduced here is invalid.

Is the spec change for HTTP? Is there an issue for this?

@zcorpan zcorpan closed this Aug 24, 2020
@zcorpan zcorpan mentioned this pull request Aug 24, 2020
Merged
@annevk
Copy link
Member

annevk commented Aug 24, 2020

It's whatwg/xhr#165 and it would be either HTTP or Fetch. And if it's HTTP, Fetch should probably still call it out as an assert or some such.

@annevk annevk deleted the coop-header-parsing-null-byte branch August 24, 2020 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk Awaiting requested review from annevk

@arturjanc arturjanc Awaiting requested review from arturjanc

@domenic domenic Awaiting requested review from domenic

@foolip foolip Awaiting requested review from foolip

@hemeryar hemeryar Awaiting requested review from hemeryar

@jdm jdm Awaiting requested review from jdm

@jgraham jgraham Awaiting requested review from jgraham

@jugglinmike jugglinmike Awaiting requested review from jugglinmike

@mikewest mikewest Awaiting requested review from mikewest

@ParisMeuleman ParisMeuleman Awaiting requested review from ParisMeuleman

@valenting valenting Awaiting requested review from valenting

@zqzhang zqzhang Awaiting requested review from zqzhang

Assignees

@zqzhang zqzhang

Labels
html
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zcorpan @annevk @zqzhang @wpt-pr-bot @jugglinmike