Page MenuHomePhabricator

Mostly defuse DNS rebinding attack for outbound requests
ClosedPublic

Authored by epriestley on Mar 26 2015, 2:05 PM.
Tags
None
Referenced Files
F15440741: D12169.id29243.diff
Wed, Mar 26, 2:21 PM
F15434405: D12169.diff
Tue, Mar 25, 3:27 AM
F15419877: D12169.id29243.diff
Fri, Mar 21, 9:36 AM
F15419394: D12169.id29252.diff
Fri, Mar 21, 5:55 AM
F15414091: D12169.id.diff
Wed, Mar 19, 11:09 PM
F15406232: D12169.diff
Tue, Mar 18, 12:15 PM
F15398128: D12169.diff
Sun, Mar 16, 11:20 PM
F15390509: D12169.id29243.diff
Sat, Mar 15, 6:16 AM
Subscribers

Details

Summary

Ref T6755. I'll add some notes there about specifics.

Test Plan
  • Made connections to HTTP and HTTPS URIs.
  • Added some debugging code to verify that HTTP URIs were pre-resolved.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Mostly defuse DNS rebinding attack for outbound requests.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 26 2015, 6:11 PM
This revision was automatically updated to reflect the committed changes.