corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73f4f0146549173f51fd9f2950fd988ce646edfe
tubestation/testing/web-platform/tests/browsing-topics/iframe-topics-attribute.tentative.https.html
Yao Xiao e28349efcc Bug 1834902 [wpt PR 40209] - [Topics] pad topics header to make it harder to expose information via its length, a=testonly 
Automatic update from web-platform-tests
[Topics] pad topics header to make it harder to expose information via its length

What:
Switch to a different header format to allow padding.
Example: "t=(1;v=chrome.1:1:2), p=P00000000000"

The total length of the inner topics list plus the padding depends on the number of distinct version in the underlying epochs:
- If it's 0 or 1, use 27
  ("100;v=chrome.1:1:10 200 300")
- If it's 2, use 43
  ("100;v=chrome.1:1:10 200;v=chrome.1:1:20 300")
- If it's 3, use 59
  ("100;v=chrome.1:1:10 200;v=chrome.1:1:20 300;v=chrome.1:1:30")

This assumes maximum 3 digit topic ID, 2 digit model version,
and 1 digit config version and taxonomy version.

Why: Servers typically have a GET request size limit e.g. 8KB, and
will return an error when the limit is reached. An attacker can rely
this to learn the number of topics for a different origin.

Bug: 1443540
Change-Id: Ieadad5730870457ae219f4db30b072f829771ac4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4553756
Commit-Queue: Yao Xiao <yaoxia@chromium.org>
Reviewed-by: Josh Karlin <jkarlin@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1150078}

--

wpt-commits: 4c27189ed2db4ddad8e727d4ea9ae8329c3e1672
wpt-pr: 40209
2023-06-13 07:14:46 +00:00

20 lines
713 B
HTML
Raw Blame History

<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/browsing-topics/resources/header-util.sub.js></script>
<script>
async_test(t => {
test_topics_iframe_navigation_header(
t, /*has_browsing_topics_attribute=*/false, /*is_same_origin=*/false,
expect_topics_header_unavailable);
}, 'test <iframe src=[url]></iframe>');
async_test(t => {
test_topics_iframe_navigation_header(
t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
expect_topics_header_available);
}, 'test <iframe browsingtopics src=[url]></iframe>');
</script>
</body>
Reference in New Issue View Git Blame Copy Permalink