From 4b5de12de2d9dbd8424ff4728b0950b64eae6576 Mon Sep 17 00:00:00 2001
From: Pedro Bernardo <pedro_bernardo@icloud.com>
Date: Mon, 14 Apr 2025 16:29:03 +0200
Subject: [PATCH] RIP is required for client-side inflation error side-channel
 mitigation

It is possible to detect redirections using fetch using the same technique of client-side inflation errors.

For example, on Chrome:
`await fetch(`https://bank.com/redir#<BIG-fragment>`, {method: 'GET', mode :'no-cors', credentials: 'include'});`

The server redirects to `/bigger` based on a cookie which is included in the fetch request. The first request succeeds, but the second request (redirection) will raise an exception which an attacker can observe.
---
 content/docs/attacks/navigations.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/attacks/navigations.md b/content/docs/attacks/navigations.md
index e23de424d..af3d5e6ee 100644
--- a/content/docs/attacks/navigations.md
+++ b/content/docs/attacks/navigations.md
@@ -237,7 +237,7 @@ Partitioned HTTP Cache Bypass can be prevented using the header `Vary: Sec-Fetch
 |  Download Navigation (iframes)  |                                         ✔️                                          |                          ❌                          |                  ❌{{< katex>}}^{1}{{< /katex >}}                  |                                        [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}})                                         |
 |  Download Navigation (windows)  |                                         ❌                                          |           ❌{{< katex>}}^{1}{{< /katex >}}           |                                 ❌                                 |                                       [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}})                                       |
 |  Inflation (Server-Side Errors) |                                         ✔️                                          |                          ❌                          |                                 ❌                                 |                                        [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}})                                        |
-|  Inflation (Client-Side Errors) |                                         ❌                                          |                          ❌                          |                                 ❌                                 |                                       [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}})                                       |
+|  Inflation (Client-Side Errors) |                                         ❌                                          |                          ❌                          |                                 ❌                                 |                                       [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}})                                       |
 |         CSP Violations          |            ❌{{< katex>}}^{2}{{< /katex >}}                                        |                          ❌                          |                                 ❌                                 | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) |
 
 🔗 – Defense mechanisms must be combined to be effective against different scenarios.