[SRI Message Signatures] Enforce signature matching.
This patch teaches the network service's URLLoader how to evaluate the
SRI-valid subset of HTTP Message Signatures, blocking mismatched
responses once headers are received and processed.
This check is implemented behind a new feature flag, which is disabled
by default. End-to-end tests live in web platform tests under
//web_tests/virtual/sri-message-signatures that enables the flag.
This is part of a chain of CLs implementing this feature (#2 from
https://wicg.github.io/signature-based-sri/#overview):
-
[Parsing] https://crrev.com/c/6020612
-
[Validation 1] https://crrev.com/c/6030571
-
[Validation 2] https://crrev.com/c/6032589
-
[Enforcement] https://crrev.com/c/6038714 [You are here]
url_loader.ccare the only meaningful changes in behavior
reported as undercovered. These are tested through the WPT
included in this CL.
Bug: 379534943
Low-Coverage-Reason: COVERAGE_UNDERREPORTED The changes to
Change-Id: I6ece80da25ed4329a6f976c2c74c639c2799b856
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6038714
Reviewed-by: Kenichi Ishibashi bashi@chromium.org
Reviewed-by: Camille Lamy clamy@chromium.org
Reviewed-by: Kent Tamura tkent@chromium.org
Commit-Queue: Mike West mkwst@chromium.org
Cr-Commit-Position: refs/heads/main@{#1389294}