Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #19302 Force Chromium-based browsers to segment the cache to defend against cache probing
    Actions
    Infos
    #19302
    Thomas Gerbet (tgerbet)
    2021-02-18 16:14
    2021-02-12 15:52
    20873
    Details
    Force Chromium-based browsers to segment the cache to defend against cache probing

    We should instruct browsers supporting the Fetch Metadata Request Headers (Chromium-based browsers only at this time) to segment their cache according to the origin of the requests in order to defend against a class of cross-site leaks. While Firefox does not support the Fetch Metadata Request Headers since FF85 the cache is partitioned by top-level origin.

    References:

    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2021-02-18
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #18867 Tuleap Releases 12.6 Delivered 2021-04-03 13:12 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #19302

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/73/21773/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 27459a6d8e
    User avatar Yannis ROSSETTO (rossettoy) , 2021-02-18 16:13
    request #19302: Force Chromium-based browsers to segment the cache to defend against cache probing 6e3c18ff65
    User avatar Thomas Gerbet (tgerbet) , 2021-02-12 15:58
    Referenced by request #19302

    Artifact Tracker v5

    rel #18867 12.6

    Other

    gerrit #21773
    Display settings

    Follow-ups

    User avatar
    Yannis ROSSETTO (rossettoy)2021-02-18 16:14
    Integrated into Tuleap 12.5.99.140
    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2021-02-18
    User avatar
    Thomas Gerbet (tgerbet)2021-02-12 16:02
    See gerrit #21773.
    • Summary
      -Force Chromium-based browsers to segment the cache to to defend against cache probing 
      +Force Chromium-based browsers to segment the cache to defend against cache probing 
    • Status changed from Under implementation to Under review
    User avatar
    Thomas Gerbet (tgerbet)2021-02-12 15:53
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes