Skip to content

Coop header parsing null byte#25181

Closed
zcorpan wants to merge 6 commits intomasterfrom
coop-header-parsing-null-byte
Closed

Coop header parsing null byte#25181
zcorpan wants to merge 6 commits intomasterfrom
coop-header-parsing-null-byte

Conversation

@zcorpan
Copy link
Copy Markdown
Member

@zcorpan zcorpan commented Aug 21, 2020

@Hexcles as per #20873 (comment) (which this PR is on top of, only the last commit here is new).

When looking at this again, it seems the connection rejection may be happening in Chromium, since this test is working in Firefox. That is, wptserve handles this fine.

The interesting URL is https://web-platform.test:8443/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin%00&coep=&channel=unspecified_to_SAME_ORIGIN_same-origin%00 (or whatever port you get with wpt run or wpt serve)

In Chrome, I get an error page:

This page isn’t working
web-platform.test sent an invalid response.
ERR_INVALID_HTTP_RESPONSE

@annevk
Copy link
Copy Markdown
Member

annevk commented Aug 21, 2020
edited
Loading

Oh yeah, this is by design, but only Chrome implements it thus far I think. Edit: see whatwg/xhr#165.

@zcorpan
Copy link
Copy Markdown
Member Author

zcorpan commented Aug 21, 2020

Aha, thanks @annevk! I see tests for fetch and XHR were added. Other kinds of loads with 0x00 might also be good to test, right?

@annevk
Copy link
Copy Markdown
Member

annevk commented Aug 23, 2020

Yup, see #21019 for some of those.

@annevk
Copy link
Copy Markdown
Member

annevk commented Aug 23, 2020

I guess it's also time to enshrine this in the specification given that it stuck in Chromium and others want this as well.

@zcorpan
Copy link
Copy Markdown
Member Author

zcorpan commented Aug 24, 2020

Thanks. I'll close this, since the test introduced here is invalid.

Is the spec change for HTTP? Is there an issue for this?

@zcorpan zcorpan closed this Aug 24, 2020
@zcorpan zcorpan mentioned this pull request Aug 24, 2020
Merged
@annevk
Copy link
Copy Markdown
Member

annevk commented Aug 24, 2020

It's whatwg/xhr#165 and it would be either HTTP or Fetch. And if it's HTTP, Fetch should probably still call it out as an assert or some such.

@annevk annevk deleted the coop-header-parsing-null-byte branch August 24, 2020 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@annevk annevk Awaiting requested review from annevk

@arturjanc arturjanc Awaiting requested review from arturjanc

@domenic domenic Awaiting requested review from domenic

@foolip foolip Awaiting requested review from foolip

@hemeryar hemeryar Awaiting requested review from hemeryar

@jdm jdm Awaiting requested review from jdm

@jgraham jgraham Awaiting requested review from jgraham

@jugglinmike jugglinmike Awaiting requested review from jugglinmike

@mikewest mikewest Awaiting requested review from mikewest

@ParisMeuleman ParisMeuleman Awaiting requested review from ParisMeuleman

@valenting valenting Awaiting requested review from valenting

@zqzhang zqzhang Awaiting requested review from zqzhang

Assignees

@zqzhang zqzhang

Labels

html

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zcorpan @annevk @zqzhang @wpt-pr-bot @jugglinmike