Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify Sec-Fetch-Site is correct for domains with trailing dots. #16036

Merged
merged 1 commit into from
Mar 26, 2019
Merged

Verify Sec-Fetch-Site is correct for domains with trailing dots. #16036

merged 1 commit into from
Mar 26, 2019

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Mar 23, 2019
edited
Loading

example.com != example.com.. These are clearly distinct origins,
and we don't currently consider them to have the same registrable
domain (though there's a bit of a question about that. See
publicsuffix/list#792), so they ought
to compare as cross-site

This patch adds a test for this behavior, and teaches the test harness
to resolve domains that end in .test..

Closes w3c/webappsec-fetch-metadata#15.

Bug: 843478
Change-Id: Ic71afeda69f274c23c19608177756d882307a59d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180
Commit-Queue: Mike West <[email protected]>
Reviewed-by: Łukasz Anforowicz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#644261}

wpt-pr-bot
wpt-pr-bot approved these changes Mar 23, 2019
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already reviewed downstream.

@mikewest mikewest mentioned this pull request Mar 23, 2019
Closed
@mikewest @chromium-wpt-export-bot
Verify Sec-Fetch-Site is correct for domains with trailing dots.
405c943 
`example.com` != `example.com.`. These are clearly distinct origins,
and we don't currently consider them to have the same registrable
domain (though there's a bit of a question about that. See
publicsuffix/list#792), so they ought
to compare as `cross-site`

This patch adds a test for this behavior, and teaches the test harness
to resolve domains that end in `.test.`.

Closes w3c/webappsec-fetch-metadata#15.

Bug: 843478
Change-Id: Ic71afeda69f274c23c19608177756d882307a59d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1536180
Commit-Queue: Mike West <[email protected]>
Reviewed-by: Łukasz Anforowicz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#644261}
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 22be9a9 into master Mar 26, 2019
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-1536180 branch March 26, 2019 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export fetch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Trailing dot when determining same-site-edness for Sec-Fetch-Site
3 participants
@chromium-wpt-export-bot @wpt-pr-bot @mikewest