Bug 179475
| Summary: | [SOUP] Case of request headers depends on global state in libsoup | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ms2ger (he/him; ⌚ UTC+1/+2) <Ms2ger> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bugs-noreply, clopez, csaavedra, mcatanzaro |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=177530 https://bugzilla.gnome.org/show_bug.cgi?id=792176 |
||
Ms2ger (he/him; ⌚ UTC+1/+2)
http://w3c-test.org/fetch/api/basic/request-headers-case.any.html
soup_message_headers_append interns the header name case-insensitively, and always uses the casing it got in the first call. This means that
fetch("..", {headers: [["TEST", 1]] })
fetch("..", {headers: [["test", 1]] })
will the same header name twice. The name might be "TEST", or it might be any other casing which any other web page has used during the runtime of the browser.
This also provides a way of cross-origin communication: if a web page A uses a sufficiently unique header name in a particular casing, another web page B can check if page A was loaded before page B by checking what happens when using the header name in a different casing.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
Wow, good find!
I don't think there is anything to change in WebKit here. Do you want to report this on GNOME Bugzilla?
Anyway, the fix would surely be in soup-message-headers.c:
static const char *
intern_header_name (const char *name, SoupHeaderSetter *setter)
{
// ...
if (!header_pool) {
header_pool = g_hash_table_new (soup_str_case_hash, soup_str_case_equal);
// ...
}
Presumably that would need to be changed to:
header_pool = g_hash_table_new (g_str_hash, g_str_equal);
But we should probably audit other uses of soup_str_case_hash and soup_str_case_equal to ensure they are appropriate.
Michael Catanzaro
danw the "cross-origin communication" idea seems a little crazy, but people have done crazier stuff... I'd say file a libsoup bug yeah. you can't just change intern_header_name to be non-case-sensitive though. that would definitely break things
mcatanzaro What sort of things?
danw eg, when you call soup_message_headers_get_content_type(), it has to return the content type whether it was specified as "Content-Type" or "CONTENT-type"
I guess if you want to fix it, the fix would be to not intern header names at all. just copy both name and value, and use g_ascii_strcasecmp() rather than pointer equality to compare header names when needed
Michael Catanzaro
This is a bug in libsoup, not in WebKit. This report needs to be moved to GNOME Bugzilla.
Carlos Alberto Lopez Perez
This two tests pass now when webkit is built with libsoup3