Closed
Bug 1453318
Opened 7 years ago
Closed 1 year ago
Disallow responses when a response header value contains 0x00
Categories
(Core :: Networking: HTTP, enhancement, P3)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
118 Branch
| Tracking | Status | |
|---|---|---|
| firefox118 | --- | fixed |
People
(Reporter: annevk, Assigned: twisniewski)
References
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
In bug 1277019 we fixed an issue whereby we dropped part of an header value if the header value included a 0x00. This fixed several failures in the CORS test suite.
Based on discussion with Google in https://github.com/whatwg/xhr/issues/165 I'd like to suggest that when we encounter a 0x00 in a header value we consider it a network error, rather than an acceptable response.
(Network response header values are the only place where 0x00 can occur at the moment with respect to headers and Edge already does not seem to handle them whatsoever (results in infinite loading). Thus the discussion concluded that it would best if we tried to outlaw them there for consistency and somewhat closer alignment to the RFC.)
I adjusted the test added in that bug here: https://github.com/w3c/web-platform-tests/pull/10424.
|
Reporter | |
Comment 1•5 years ago
|
||
More tests at https://github.com/web-platform-tests/wpt/pull/21019.
|
||
Updated•3 years ago
|
Flags: needinfo?(dd.mozilla)
|
|
||
Updated•3 years ago
|
Flags: needinfo?(dd.mozilla)
Priority: P2 → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
|
Assignee | |
Comment 2•1 year ago
|
||
|
|
Assignee | |
Comment 3•1 year ago
|
||
|
||
Updated•1 year ago
|
Assignee: nobody → twisniewski
Status: NEW → ASSIGNED
Pushed by twisniewski@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a86a27857ef6
Disallow responses when a response header value contains 0x00; r=kershaw,sunil,necko-reviewers
|
|
Assignee | |
Comment 6•1 year ago
|
||
How rare to be backed out for passing more web platform tests than expected. I'll push the patch again with the test metadata updated appropriately.
Flags: needinfo?(twisniewski)
Pushed by twisniewski@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cb9938ab6bca
Disallow responses when a response header value contains 0x00; r=kershaw,sunil,necko-reviewers
|
||
Comment 8•1 year ago
|
||
Backed out for causing cookies related failures.
Failure logs:
- https://treeherder.mozilla.org/logviewer?job_id=425124521&repo=autoland
- https://treeherder.mozilla.org/logviewer?job_id=425125764&repo=autoland
Backout link: https://hg.mozilla.org/integration/autoland/rev/f4f211db29dd3b8d9a15bdede2a23dc22033af73
Flags: needinfo?(twisniewski)
|
|
Assignee | |
Comment 9•1 year ago
•
|
||
I suspect that I just didn't quite get the test-annotations right in the last patch. I'll do my own try-run today to check, then re-land.
https://treeherder.mozilla.org/jobs?repo=try&revision=cff7d8f7f2447d641124e896d0d620d46c5ab3b7
Flags: needinfo?(twisniewski)
|
|
Assignee | |
Comment 10•1 year ago
|
||
Ok, the try-run seems clean, so let's try landing one more time.
|
||
Comment 11•1 year ago
|
||
Pushed by twisniewski@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8c3b9498c831
Disallow responses when a response header value contains 0x00; r=kershaw,sunil,necko-reviewers
|
||
Comment 12•1 year ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox118:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 118 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•