ff69f9e490* fix: validate header name and value in webRequest.onBeforeSendHeaders Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce valid header names and values, which causes a fatal crash if the caller passes invalid strings. When users modify requestHeaders in the onBeforeSendHeaders callback with invalid header names (e.g. containing spaces) or invalid header values (e.g. containing CRLF), the gin::Converter<net::HttpRequestHeaders>::FromV8() calls SetHeader() directly, triggering the CHECK and crashing the process. This change adds pre-validation using net::HttpUtil::IsValidHeaderName() and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(), silently skipping invalid headers instead of crashing. Co-authored-by: loufulton <loufulton.cz@gmail.com> * Update shell/common/gin_converters/net_converter.cc Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com> * Update spec/api-web-request-spec.ts Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com> * fix: lint Co-authored-by: loufulton <loufulton.cz@gmail.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: loufulton <loufulton.cz@gmail.com> |
||
|---|---|---|
| .. | ||
| app | ||
| browser | ||
| common | ||
| renderer | ||
| services/node | ||
| utility | ||