loufultoncz-coder 3f0c48f567 fix: validate header name and value in webRequest.onBeforeSendHeaders (#51340) ...

* fix: validate header name and value in webRequest.onBeforeSendHeaders

Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce
valid header names and values, which causes a fatal crash if the caller
passes invalid strings. When users modify requestHeaders in the
onBeforeSendHeaders callback with invalid header names (e.g. containing
spaces) or invalid header values (e.g. containing CRLF), the
gin::Converter<net::HttpRequestHeaders>::FromV8() calls SetHeader()
directly, triggering the CHECK and crashing the process.

This change adds pre-validation using net::HttpUtil::IsValidHeaderName()
and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(),
silently skipping invalid headers instead of crashing.

* Update shell/common/gin_converters/net_converter.cc

Co-authored-by: Charles Kerr <charles@charleskerr.com>

* Update spec/api-web-request-spec.ts

Co-authored-by: Charles Kerr <charles@charleskerr.com>

* fix: lint

---------

Co-authored-by: Charles Kerr <charles@charleskerr.com>

2026-04-28 09:38:15 -04:00

..

app

chore: bump chromium to 149.0.7798.0 (main) (#50814)

2026-04-23 16:32:10 -05:00

browser

chore: bump chromium to 149.0.7812.0 (main) (#51357)

2026-04-28 10:13:10 +02:00

common

fix: validate header name and value in webRequest.onBeforeSendHeaders (#51340)

2026-04-28 09:38:15 -04:00

renderer

fix: add MicrotasksScope for worker exit emit in ContextWillDestroy (#51326)

2026-04-27 16:18:09 -04:00

services/node

chore: bump chromium to 148.0.7768.0 (main) (#50599)

2026-04-06 20:38:46 -07:00

utility

fix: broken OOP window.print() on macOS/Linux (#45214)

2025-01-20 10:23:44 +01:00