-
David Van Cleve authored
This relands: - http://crrev/e98b84e "net: Change HttpRequestHeaders::SetHeader's DCHECKs to CHECK" - http://crrev/f998816347be "content: Enforce precondition that UA overrides must..." The first change upgraded a security-relevant network stack DCHECK, ensuring no invalid characters (\r, \n, \0) in headers, to a CHECK; the second bubbled this invariant up to the //content API so that its "override the UA" method wouldn't result in crashes when the CHECKs failed. We ended up reverting these changes out of Android WebView compat concerns. Torne (thanks!) has since then landed and analyzed some metrics and verified (see the linked bug) that there won't be too big a compat impact, so we're relanding these initial changes. Rather than reintroducing the second CHECK, in web_contents_impl.cc, this CL just adds an early return to WebContentsImpl::SetUserAgentOverride in the case that the given override is not a valid HTTP header value. Bug: 1105745 Change-Id: Ie2924bdbfbfd092c12e52fda8eaa52aa40e5425d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2589666Reviewed-by:
Devlin <rdevlin.cronin@chromium.org> Reviewed-by:
Matt Menke <mmenke@chromium.org> Reviewed-by:
Charlie Reis <creis@chromium.org> Commit-Queue: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#839485}
de398a55
