4 years ago · b94f838a95
--- a/build/patches/Block-gateway-attacks-via-websockets.patch
+++ b/build/patches/Block-gateway-attacks-via-websockets.patch
@@ -2,10 +2,20 @@ From: csagan5 <32685696+csagan5@users.noreply.github.com>
 
				 Date: Tue, 28 Jul 2020 12:28:58 +0200
			
 
				 Subject: Block gateway attacks via websockets
			
 
				 
			
 
				-FILE:Block-gateway-attacks-via-websockets.patch
			
 
				 ---
			
 
				+ content/public/common/content_features.cc     |  2 +-
			
 
				+ .../renderer/core/loader/base_fetch_context.h |  1 +
			
 
				+ .../core/loader/frame_fetch_context.cc        | 18 +++++++++++++
			
 
				+ .../core/loader/frame_fetch_context.h         |  1 +
			
 
				+ .../core/loader/worker_fetch_context.cc       | 19 +++++++++++++
			
 
				+ .../core/loader/worker_fetch_context.h        |  1 +
			
 
				+ .../background_fetch_manager.cc               |  2 --
			
 
				+ .../websockets/websocket_channel_impl.cc      |  5 ++++
			
 
				+ .../modules/websockets/websocket_common.cc    | 27 +++++++++++++++++++
			
 
				+ .../modules/websockets/websocket_common.h     |  4 +++
			
 
				+ 10 files changed, 77 insertions(+), 3 deletions(-)
			
 
				+
			
 
				 diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
			
 
				-index 47038f78be..e6863517f6 100644
			
 
				 --- a/content/public/common/content_features.cc
			
 
				 +++ b/content/public/common/content_features.cc
			
 
				 @@ -92,7 +92,7 @@ const base::Feature kBlockCredentialedSubresources{
			
@@ -18,7 +28,6 @@ index 47038f78be..e6863517f6 100644
 
				  // Use ThreadPriority::DISPLAY for browser UI and IO threads.
			
 
				  #if defined(OS_ANDROID) || BUILDFLAG(IS_CHROMEOS_ASH)
			
 
				 diff --git a/third_party/blink/renderer/core/loader/base_fetch_context.h b/third_party/blink/renderer/core/loader/base_fetch_context.h
			
 
				-index 3d705c54a1..3fb0f1da8f 100644
			
 
				 --- a/third_party/blink/renderer/core/loader/base_fetch_context.h
			
 
				 +++ b/third_party/blink/renderer/core/loader/base_fetch_context.h
			
 
				 @@ -81,6 +81,7 @@ class CORE_EXPORT BaseFetchContext : public FetchContext {
			
@@ -30,7 +39,6 @@ index 3d705c54a1..3fb0f1da8f 100644
 
				    CreateWebSocketHandshakeThrottle() = 0;
			
 
				  
			
 
				 diff --git a/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
			
 
				-index 97b148cd88..1a18627bae 100644
			
 
				 --- a/third_party/blink/renderer/core/loader/frame_fetch_context.cc
			
 
				 +++ b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
			
 
				 @@ -556,6 +556,24 @@ bool FrameFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
			
@@ -59,7 +67,6 @@ index 97b148cd88..1a18627bae 100644
 
				      const ResourceRequest& resource_request,
			
 
				      const FetchInitiatorInfo& fetch_initiator_info,
			
 
				 diff --git a/third_party/blink/renderer/core/loader/frame_fetch_context.h b/third_party/blink/renderer/core/loader/frame_fetch_context.h
			
 
				-index 89d4825f3f..075fccb21f 100644
			
 
				 --- a/third_party/blink/renderer/core/loader/frame_fetch_context.h
			
 
				 +++ b/third_party/blink/renderer/core/loader/frame_fetch_context.h
			
 
				 @@ -162,6 +162,7 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext,
			
@@ -71,7 +78,6 @@ index 89d4825f3f..075fccb21f 100644
 
				        mojom::blink::RequestContextType request_context,
			
 
				        const base::Optional<ResourceRequest::RedirectInfo>& redirect_info,
			
 
				 diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.cc b/third_party/blink/renderer/core/loader/worker_fetch_context.cc
			
 
				-index a2a9bc9b41..35ca40c1ed 100644
			
 
				 --- a/third_party/blink/renderer/core/loader/worker_fetch_context.cc
			
 
				 +++ b/third_party/blink/renderer/core/loader/worker_fetch_context.cc
			
 
				 @@ -26,6 +26,7 @@
			
@@ -108,7 +114,6 @@ index a2a9bc9b41..35ca40c1ed 100644
 
				      const ResourceRequest& resource_request,
			
 
				      const FetchInitiatorInfo& fetch_initiator_info,
			
 
				 diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.h b/third_party/blink/renderer/core/loader/worker_fetch_context.h
			
 
				-index 2129f25db5..b478e0f5da 100644
			
 
				 --- a/third_party/blink/renderer/core/loader/worker_fetch_context.h
			
 
				 +++ b/third_party/blink/renderer/core/loader/worker_fetch_context.h
			
 
				 @@ -62,6 +62,7 @@ class WorkerFetchContext final : public BaseFetchContext {
			
@@ -120,7 +125,6 @@ index 2129f25db5..b478e0f5da 100644
 
				        mojom::blink::RequestContextType request_context,
			
 
				        const base::Optional<ResourceRequest::RedirectInfo>& redirect_info,
			
 
				 diff --git a/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc b/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
			
 
				-index d9012d9716..9e317d6ef4 100644
			
 
				 --- a/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
			
 
				 +++ b/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
			
 
				 @@ -106,7 +106,6 @@ bool ShouldBlockDanglingMarkup(const KURL& request_url) {
			
@@ -140,7 +144,6 @@ index d9012d9716..9e317d6ef4 100644
 
				    return false;
			
 
				  }
			
 
				 diff --git a/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc b/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
			
 
				-index bd6db3af29..7c28e9d07f 100644
			
 
				 --- a/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
			
 
				 +++ b/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
			
 
				 @@ -214,6 +214,11 @@ bool WebSocketChannelImpl::Connect(const KURL& url, const String& protocol) {
			
@@ -156,7 +159,6 @@ index bd6db3af29..7c28e9d07f 100644
 
				      feature_handle_for_scheduler_ = scheduler->RegisterFeature(
			
 
				          SchedulingPolicy::Feature::kWebSocket,
			
 
				 diff --git a/third_party/blink/renderer/modules/websockets/websocket_common.cc b/third_party/blink/renderer/modules/websockets/websocket_common.cc
			
 
				-index 009f487eea..e89ec105bf 100644
			
 
				 --- a/third_party/blink/renderer/modules/websockets/websocket_common.cc
			
 
				 +++ b/third_party/blink/renderer/modules/websockets/websocket_common.cc
			
 
				 @@ -79,6 +79,15 @@ WebSocketCommon::ConnectResult WebSocketCommon::Connect(
			
@@ -201,7 +203,6 @@ index 009f487eea..e89ec105bf 100644
 
				                                      const String& reason,
			
 
				                                      WebSocketChannel* channel,
			
 
				 diff --git a/third_party/blink/renderer/modules/websockets/websocket_common.h b/third_party/blink/renderer/modules/websockets/websocket_common.h
			
 
				-index 40f454f33e..e2f9c6620a 100644
			
 
				 --- a/third_party/blink/renderer/modules/websockets/websocket_common.h
			
 
				 +++ b/third_party/blink/renderer/modules/websockets/websocket_common.h
			
 
				 @@ -10,6 +10,8 @@
			
@@ -222,3 +223,6 @@ index 40f454f33e..e2f9c6620a 100644
 
				    // The following methods are public for testing.
			
 
				  
			
 
				    // Returns true if |protocol| is a valid WebSocket subprotocol name.
			
 
				+-- 
			
 
				+2.17.1
			
 
				+