Loading CHANGELOG.md +4 −0 Original line number Diff line number Diff line # 78.0.3904.119 * replace fixed DNS-over-HTTPS feature flag with user-customizable option * fix background playback issue (fixes https://github.com/bromite/bromite/issues/424) # 78.0.3904.105 * add flag to disable WebGL (fixes https://github.com/bromite/bromite/issues/411) * more selective AMP sanitization (fixes https://github.com/bromite/bromite/issues/410) Loading build/bromite_patches_list.txt +2 −2 Original line number Diff line number Diff line Loading @@ -69,7 +69,6 @@ Multiple-fingerprinting-mitigations-for-canvas-text-and-client-rectangles.patch Add-flags-to-disable-device-motion-and-orientation-APIs.patch Punt-the-Widevine-version-string.patch Disable-metrics-on-all-I-O-threads.patch Add-a-flag-for-DNS-over-HTTPS.patch Always-respect-async-dns-flag-regardless-of-SDK-version.patch Add-flag-to-configure-maximum-connections-per-host.patch Add-site-settings-option-for-session-only-cookies.patch Loading Loading @@ -156,3 +155,4 @@ e-rebrand-translations.patch e-fix-settings-crash-issue.patch e-enable-custom-tabs-by-default.patch Fix-About-Chrome-regression.patch Add-user-setting-for-DNS-over-HTTPS-custom-URL.patch build/patches/Add-a-flag-for-DNS-over-HTTPS.patchdeleted 100644 → 0 +0 −258 Original line number Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Sat, 28 Apr 2018 08:30:26 +0200 Subject: Add a flag for DNS-over-HTTPS Allow selection between Google and Cloudflare endpoints. Serve DoH requests with maximum priority, remove traffic annotation. Reduce HTTP headers in DoH requests to bare minimum. Add AdGuard (default) endpoint Do not fallback to UDP when using DoH See also: https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-14.txt --- chrome/browser/about_flags.cc | 10 +++++++++- chrome/browser/net/system_network_context_manager.cc | 18 +++++++++++------- chrome/common/chrome_features.cc | 9 --------- chrome/common/chrome_features.h | 2 -- .../common/network_features.cc | 6 ++++++ .../common/network_features.h | 6 ++++++ .../common/network_switch_list.h | 4 ++++ net/base/load_flags_list.h | 6 ++++++ net/dns/dns_transaction.cc | 4 ++-- net/url_request/url_request_http_job.cc | 16 +++++++++++----- 10 files changed, 55 insertions(+), 26 deletions(-) diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -418,6 +418,14 @@ const FeatureEntry::FeatureVariation kCCTModuleCacheVariations[] = { base::size(kCCTModuleCache_ThirtyMinutes), nullptr}, }; +const FeatureEntry::Choice kDnsOverHttpsChoices[] = { + {features::kDnsOverHttpsChoiceDefault, "", ""}, + {features::kDnsOverHttpsChoiceGoogle, switches::kDnsOverHttpsServer, "https://dns.google/dns-query"}, + {features::kDnsOverHttpsChoiceCloudflare, switches::kDnsOverHttpsServer, "https://1.1.1.1/dns-query"}, + {features::kDnsOverHttpsChoiceQuad9, switches::kDnsOverHttpsServer, "https://9.9.9.9/dns-query"}, + {features::kDnsOverHttpsChoiceAdGuard, switches::kDnsOverHttpsServer, "https://dns.adguard.com/dns-query"} +}; + #endif // OS_ANDROID const FeatureEntry::FeatureParam kForceDark_SimpleHsl[] = { @@ -4491,7 +4499,7 @@ const FeatureEntry kFeatureEntries[] = { {"dns-over-https", flag_descriptions::kDnsOverHttpsName, flag_descriptions::kDnsOverHttpsDescription, kOsMac | kOsWin | kOsCrOS | kOsAndroid, - FEATURE_VALUE_TYPE(features::kDnsOverHttps)}, + MULTI_VALUE_TYPE(kDnsOverHttpsChoices)}, #if defined(OS_ANDROID) {"tab-switcher-longpress-menu", diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc --- a/chrome/browser/net/system_network_context_manager.cc +++ b/chrome/browser/net/system_network_context_manager.cc @@ -25,6 +25,7 @@ #include "chrome/browser/chrome_content_browser_client.h" #include "chrome/browser/component_updater/crl_set_component_installer.h" #include "chrome/browser/net/chrome_mojo_proxy_resolver_factory.h" +#include "components/network_session_configurator/common/network_switches.h" #include "chrome/browser/net/dns_util.h" #include "chrome/browser/safe_browsing/safe_browsing_service.h" #include "chrome/browser/ssl/ssl_config_service_manager.h" @@ -142,6 +143,7 @@ void GetStubResolverConfig( base::SPLIT_WANT_NONEMPTY)) { if (!chrome_browser_net::IsValidDohTemplate(server_template, &server_method)) { + LOG(ERROR) << "Invalid DoH template: " << server_template << " with method " << server_method; continue; } @@ -406,14 +408,16 @@ SystemNetworkContextManager::SystemNetworkContextManager( base::Value(ShouldEnableAsyncDns())); std::string default_doh_mode = chrome_browser_net::kDnsOverHttpsModeOff; std::string default_doh_templates = ""; - if (base::FeatureList::IsEnabled(features::kDnsOverHttps)) { - if (features::kDnsOverHttpsFallbackParam.Get()) { - default_doh_mode = chrome_browser_net::kDnsOverHttpsModeAutomatic; - } else { - default_doh_mode = chrome_browser_net::kDnsOverHttpsModeSecure; - } - default_doh_templates = features::kDnsOverHttpsTemplatesParam.Get(); + + std::string server = + base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( + switches::kDnsOverHttpsServer); + if (!server.empty()) { + default_doh_mode = chrome_browser_net::kDnsOverHttpsModeSecure; + // will use POST when URLs do not contain a 'dns' query parameter + default_doh_templates = server; } + local_state_->SetDefaultPrefValue(prefs::kDnsOverHttpsMode, base::Value(default_doh_mode)); local_state_->SetDefaultPrefValue(prefs::kDnsOverHttpsTemplates, diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc --- a/chrome/common/chrome_features.cc +++ b/chrome/common/chrome_features.cc @@ -269,15 +269,6 @@ const base::Feature kDisallowUnsafeHttpDownloads{ "DisallowUnsafeHttpDownloads", base::FEATURE_DISABLED_BY_DEFAULT}; const char kDisallowUnsafeHttpDownloadsParamName[] = "MimeTypeList"; -// Enable DNS over HTTPS (DoH). -const base::Feature kDnsOverHttps{"DnsOverHttps", - base::FEATURE_DISABLED_BY_DEFAULT}; - -// Set whether fallback to insecure DNS is allowed by default. This setting may -// be overridden for individual transactions. -const base::FeatureParam<bool> kDnsOverHttpsFallbackParam{&kDnsOverHttps, - "Fallback", true}; - // Supply one or more space-separated DoH server URI templates to use when this // feature is enabled. If no templates are specified, then a hardcoded mapping // will be used to construct a list of DoH templates associated with the IP diff --git a/chrome/common/chrome_features.h b/chrome/common/chrome_features.h --- a/chrome/common/chrome_features.h +++ b/chrome/common/chrome_features.h @@ -166,8 +166,6 @@ extern const char kDisallowUnsafeHttpDownloadsParamName[]; COMPONENT_EXPORT(CHROME_FEATURES) extern const base::Feature kDnsOverHttps; COMPONENT_EXPORT(CHROME_FEATURES) -extern const base::FeatureParam<bool> kDnsOverHttpsFallbackParam; -COMPONENT_EXPORT(CHROME_FEATURES) extern const base::FeatureParam<std::string> kDnsOverHttpsTemplatesParam; #if defined(OS_ANDROID) diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc --- a/components/network_session_configurator/common/network_features.cc +++ b/components/network_session_configurator/common/network_features.cc @@ -8,4 +8,10 @@ namespace features { +const char kDnsOverHttpsChoiceDefault[] = "Disabled", + kDnsOverHttpsChoiceGoogle[] = "Google", + kDnsOverHttpsChoiceCloudflare[] = "Cloudflare", + kDnsOverHttpsChoiceQuad9[] = "Quad9", + kDnsOverHttpsChoiceAdGuard[] = "AdGuard"; + } // namespace features diff --git a/components/network_session_configurator/common/network_features.h b/components/network_session_configurator/common/network_features.h --- a/components/network_session_configurator/common/network_features.h +++ b/components/network_session_configurator/common/network_features.h @@ -10,6 +10,12 @@ namespace features { +// DNS over HTTPS server endpoint choices + // (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-12.txt). +NETWORK_SESSION_CONFIGURATOR_EXPORT extern const char kDnsOverHttpsChoiceDefault[], + kDnsOverHttpsChoiceGoogle[], kDnsOverHttpsChoiceCloudflare[], kDnsOverHttpsChoiceQuad9[], + kDnsOverHttpsChoiceAdGuard[]; + } // namespace features #endif // COMPONENTS_NETWORK_SESSION_CONFIGURATOR_COMMON_NETWORK_FEATURES_H_ diff --git a/components/network_session_configurator/common/network_switch_list.h b/components/network_session_configurator/common/network_switch_list.h --- a/components/network_session_configurator/common/network_switch_list.h +++ b/components/network_session_configurator/common/network_switch_list.h @@ -32,6 +32,10 @@ NETWORK_SWITCH(kOriginToForceQuicOn, "origin-to-force-quic-on") // the server. NETWORK_SWITCH(kQuicConnectionOptions, "quic-connection-options") +// Specifies an IETF DNS-over-HTTPS server endpoint +// (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-02.txt). +NETWORK_SWITCH(kDnsOverHttpsServer, "dns-over-https-server") + // Specifies the maximum length for a QUIC packet. NETWORK_SWITCH(kQuicMaxPacketLength, "quic-max-packet-length") diff --git a/net/base/load_flags_list.h b/net/base/load_flags_list.h --- a/net/base/load_flags_list.h +++ b/net/base/load_flags_list.h @@ -117,3 +117,9 @@ LOAD_FLAG(RESTRICTED_PREFETCH, 1 << 18) // is considered privileged, and therefore this flag must only be set from a // trusted process. LOAD_FLAG(CAN_USE_RESTRICTED_PREFETCH, 1 << 19) + +// This load will not send Accept-Language or User-Agent headers, and not +// advertise brotli encoding. +// Used to comply with IETF (draft) DNS-over-HTTPS: +// "Implementors SHOULD NOT set non-essential HTTP headers in DoH client requests." +LOAD_FLAG(MINIMAL_HEADERS, 1 << 20) diff --git a/net/dns/dns_transaction.cc b/net/dns/dns_transaction.cc --- a/net/dns/dns_transaction.cc +++ b/net/dns/dns_transaction.cc @@ -403,7 +403,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { // perspective to prevent the client from sending AIA requests). request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE | LOAD_BYPASS_PROXY | - LOAD_DISABLE_CERT_NETWORK_FETCHES); + LOAD_DISABLE_CERT_NETWORK_FETCHES | LOAD_MINIMAL_HEADERS); request_->set_allow_credentials(false); } @@ -997,7 +997,7 @@ class DnsTransactionImpl : public DnsTransaction, had_tcp_attempt_(false), first_server_index_(0), url_request_context_(url_request_context), - request_priority_(DEFAULT_PRIORITY) { + request_priority_(MAXIMUM_PRIORITY) { DCHECK(session_.get()); DCHECK(!hostname_.empty()); DCHECK(!callback_.is_null()); diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -339,6 +339,7 @@ void URLRequestHttpJob::Start() { // plugin could set a referrer although sending the referrer is inhibited. request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer); + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { // Our consumer should have made sure that this is a safe referrer. See for // instance WebCore::FrameLoader::HideReferrer. if (referrer.is_valid()) { @@ -354,11 +355,14 @@ void URLRequestHttpJob::Start() { request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer, referer_value); } + } + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { request_info_.extra_headers.SetHeaderIfMissing( HttpRequestHeaders::kUserAgent, http_user_agent_settings_ ? http_user_agent_settings_->GetUserAgent() : std::string()); + } AddExtraHeaders(); AddCookieHeaderAndStart(); @@ -582,10 +586,12 @@ void URLRequestHttpJob::AddExtraHeaders() { } else { // Advertise "br" encoding only if transferred data is opaque to proxy. bool advertise_brotli = false; - if (request()->context()->enable_brotli()) { - if (request()->url().SchemeIsCryptographic() || - IsLocalhost(request()->url())) { - advertise_brotli = true; + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { + if (request()->context()->enable_brotli()) { + if (request()->url().SchemeIsCryptographic() || + IsLocalhost(request()->url())) { + advertise_brotli = true; + } } } @@ -603,7 +609,7 @@ void URLRequestHttpJob::AddExtraHeaders() { } } - if (http_user_agent_settings_) { + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS) && http_user_agent_settings_) { // Only add default Accept-Language if the request didn't have it // specified. std::string accept_language = -- 2.11.0 build/patches/Add-flag-to-configure-maximum-connections-per-host.patch +7 −9 Original line number Diff line number Diff line Loading @@ -19,7 +19,7 @@ with limited CPU/memory resources and it is disabled by default. diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -677,6 +677,11 @@ const FeatureEntry::Choice kForceEffectiveConnectionTypeChoices[] = { @@ -669,6 +669,11 @@ const FeatureEntry::Choice kForceEffectiveConnectionTypeChoices[] = { net::kEffectiveConnectionType4G}, }; Loading @@ -31,7 +31,7 @@ diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc // Ensure that all effective connection types returned by Network Quality // Estimator (NQE) are also exposed via flags. static_assert(net::EFFECTIVE_CONNECTION_TYPE_LAST + 2 == @@ -2546,6 +2551,9 @@ const FeatureEntry kFeatureEntries[] = { @@ -2538,6 +2543,9 @@ const FeatureEntry kFeatureEntries[] = { flag_descriptions::kPassiveDocumentEventListenersName, flag_descriptions::kPassiveDocumentEventListenersDescription, kOsAll, FEATURE_VALUE_TYPE(features::kPassiveDocumentEventListeners)}, Loading Loading @@ -71,16 +71,14 @@ diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptio diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc --- a/components/network_session_configurator/common/network_features.cc +++ b/components/network_session_configurator/common/network_features.cc @@ -8,6 +8,9 @@ @@ -8,4 +8,7 @@ namespace features { +const char kMaxConnectionsPerHostChoiceDefault[] = "6", + kMaxConnectionsPerHostChoice15[] = "15"; + const char kDnsOverHttpsChoiceDefault[] = "Disabled", kDnsOverHttpsChoiceGoogle[] = "Google", kDnsOverHttpsChoiceCloudflare[] = "Cloudflare", } // namespace features diff --git a/components/network_session_configurator/common/network_features.h b/components/network_session_configurator/common/network_features.h --- a/components/network_session_configurator/common/network_features.h +++ b/components/network_session_configurator/common/network_features.h Loading @@ -92,9 +90,9 @@ diff --git a/components/network_session_configurator/common/network_features.h b + kMaxConnectionsPerHostChoice6[], + kMaxConnectionsPerHostChoice15[]; + // DNS over HTTPS server endpoint choices // (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-12.txt). NETWORK_SESSION_CONFIGURATOR_EXPORT extern const char kDnsOverHttpsChoiceDefault[], } // namespace features #endif // COMPONENTS_NETWORK_SESSION_CONFIGURATOR_COMMON_NETWORK_FEATURES_H_ diff --git a/components/network_session_configurator/common/network_switch_list.h b/components/network_session_configurator/common/network_switch_list.h --- a/components/network_session_configurator/common/network_switch_list.h +++ b/components/network_session_configurator/common/network_switch_list.h Loading build/patches/Add-flag-to-control-video-playback-resume-feature.patch +2 −13 Original line number Diff line number Diff line Loading @@ -4,11 +4,11 @@ Subject: Add flag to control video playback resume feature Disable it by default on Android as it is everywhere else --- chrome/browser/about_flags.cc | 8 ++++---- chrome/browser/about_flags.cc | 4 ++++ chrome/browser/flag_descriptions.cc | 5 +++++ chrome/browser/flag_descriptions.h | 3 +++ media/base/media_switches.cc | 6 +----- 4 files changed, 13 insertions(+), 9 deletions(-) 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc Loading @@ -24,17 +24,6 @@ diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc {"shared-array-buffer", flag_descriptions::kEnableSharedArrayBufferName, flag_descriptions::kEnableSharedArrayBufferDescription, kOsAll, FEATURE_VALUE_TYPE(features::kSharedArrayBuffer)}, @@ -1603,10 +1607,6 @@ const FeatureEntry kFeatureEntries[] = { FEATURE_VALUE_TYPE(features::kAppNotificationStatusMessaging)}, #endif // OS_ANDROID {"enable-devtools-experiments", flag_descriptions::kDevtoolsExperimentsName, - {"resume-background-video", - flag_descriptions::kResumeBackgroundVideoName, - flag_descriptions::kResumeBackgroundVideoDescription, kOsAll, - FEATURE_VALUE_TYPE(media::kResumeBackgroundVideo)}, flag_descriptions::kDevtoolsExperimentsDescription, kOsDesktop, SINGLE_VALUE_TYPE(switches::kEnableDevToolsExperiments)}, {"silent-debugger-extension-api", diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc --- a/chrome/browser/flag_descriptions.cc +++ b/chrome/browser/flag_descriptions.cc Loading Loading
CHANGELOG.md +4 −0 Original line number Diff line number Diff line # 78.0.3904.119 * replace fixed DNS-over-HTTPS feature flag with user-customizable option * fix background playback issue (fixes https://github.com/bromite/bromite/issues/424) # 78.0.3904.105 * add flag to disable WebGL (fixes https://github.com/bromite/bromite/issues/411) * more selective AMP sanitization (fixes https://github.com/bromite/bromite/issues/410) Loading
build/bromite_patches_list.txt +2 −2 Original line number Diff line number Diff line Loading @@ -69,7 +69,6 @@ Multiple-fingerprinting-mitigations-for-canvas-text-and-client-rectangles.patch Add-flags-to-disable-device-motion-and-orientation-APIs.patch Punt-the-Widevine-version-string.patch Disable-metrics-on-all-I-O-threads.patch Add-a-flag-for-DNS-over-HTTPS.patch Always-respect-async-dns-flag-regardless-of-SDK-version.patch Add-flag-to-configure-maximum-connections-per-host.patch Add-site-settings-option-for-session-only-cookies.patch Loading Loading @@ -156,3 +155,4 @@ e-rebrand-translations.patch e-fix-settings-crash-issue.patch e-enable-custom-tabs-by-default.patch Fix-About-Chrome-regression.patch Add-user-setting-for-DNS-over-HTTPS-custom-URL.patch
build/patches/Add-a-flag-for-DNS-over-HTTPS.patchdeleted 100644 → 0 +0 −258 Original line number Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Sat, 28 Apr 2018 08:30:26 +0200 Subject: Add a flag for DNS-over-HTTPS Allow selection between Google and Cloudflare endpoints. Serve DoH requests with maximum priority, remove traffic annotation. Reduce HTTP headers in DoH requests to bare minimum. Add AdGuard (default) endpoint Do not fallback to UDP when using DoH See also: https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-14.txt --- chrome/browser/about_flags.cc | 10 +++++++++- chrome/browser/net/system_network_context_manager.cc | 18 +++++++++++------- chrome/common/chrome_features.cc | 9 --------- chrome/common/chrome_features.h | 2 -- .../common/network_features.cc | 6 ++++++ .../common/network_features.h | 6 ++++++ .../common/network_switch_list.h | 4 ++++ net/base/load_flags_list.h | 6 ++++++ net/dns/dns_transaction.cc | 4 ++-- net/url_request/url_request_http_job.cc | 16 +++++++++++----- 10 files changed, 55 insertions(+), 26 deletions(-) diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -418,6 +418,14 @@ const FeatureEntry::FeatureVariation kCCTModuleCacheVariations[] = { base::size(kCCTModuleCache_ThirtyMinutes), nullptr}, }; +const FeatureEntry::Choice kDnsOverHttpsChoices[] = { + {features::kDnsOverHttpsChoiceDefault, "", ""}, + {features::kDnsOverHttpsChoiceGoogle, switches::kDnsOverHttpsServer, "https://dns.google/dns-query"}, + {features::kDnsOverHttpsChoiceCloudflare, switches::kDnsOverHttpsServer, "https://1.1.1.1/dns-query"}, + {features::kDnsOverHttpsChoiceQuad9, switches::kDnsOverHttpsServer, "https://9.9.9.9/dns-query"}, + {features::kDnsOverHttpsChoiceAdGuard, switches::kDnsOverHttpsServer, "https://dns.adguard.com/dns-query"} +}; + #endif // OS_ANDROID const FeatureEntry::FeatureParam kForceDark_SimpleHsl[] = { @@ -4491,7 +4499,7 @@ const FeatureEntry kFeatureEntries[] = { {"dns-over-https", flag_descriptions::kDnsOverHttpsName, flag_descriptions::kDnsOverHttpsDescription, kOsMac | kOsWin | kOsCrOS | kOsAndroid, - FEATURE_VALUE_TYPE(features::kDnsOverHttps)}, + MULTI_VALUE_TYPE(kDnsOverHttpsChoices)}, #if defined(OS_ANDROID) {"tab-switcher-longpress-menu", diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc --- a/chrome/browser/net/system_network_context_manager.cc +++ b/chrome/browser/net/system_network_context_manager.cc @@ -25,6 +25,7 @@ #include "chrome/browser/chrome_content_browser_client.h" #include "chrome/browser/component_updater/crl_set_component_installer.h" #include "chrome/browser/net/chrome_mojo_proxy_resolver_factory.h" +#include "components/network_session_configurator/common/network_switches.h" #include "chrome/browser/net/dns_util.h" #include "chrome/browser/safe_browsing/safe_browsing_service.h" #include "chrome/browser/ssl/ssl_config_service_manager.h" @@ -142,6 +143,7 @@ void GetStubResolverConfig( base::SPLIT_WANT_NONEMPTY)) { if (!chrome_browser_net::IsValidDohTemplate(server_template, &server_method)) { + LOG(ERROR) << "Invalid DoH template: " << server_template << " with method " << server_method; continue; } @@ -406,14 +408,16 @@ SystemNetworkContextManager::SystemNetworkContextManager( base::Value(ShouldEnableAsyncDns())); std::string default_doh_mode = chrome_browser_net::kDnsOverHttpsModeOff; std::string default_doh_templates = ""; - if (base::FeatureList::IsEnabled(features::kDnsOverHttps)) { - if (features::kDnsOverHttpsFallbackParam.Get()) { - default_doh_mode = chrome_browser_net::kDnsOverHttpsModeAutomatic; - } else { - default_doh_mode = chrome_browser_net::kDnsOverHttpsModeSecure; - } - default_doh_templates = features::kDnsOverHttpsTemplatesParam.Get(); + + std::string server = + base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( + switches::kDnsOverHttpsServer); + if (!server.empty()) { + default_doh_mode = chrome_browser_net::kDnsOverHttpsModeSecure; + // will use POST when URLs do not contain a 'dns' query parameter + default_doh_templates = server; } + local_state_->SetDefaultPrefValue(prefs::kDnsOverHttpsMode, base::Value(default_doh_mode)); local_state_->SetDefaultPrefValue(prefs::kDnsOverHttpsTemplates, diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc --- a/chrome/common/chrome_features.cc +++ b/chrome/common/chrome_features.cc @@ -269,15 +269,6 @@ const base::Feature kDisallowUnsafeHttpDownloads{ "DisallowUnsafeHttpDownloads", base::FEATURE_DISABLED_BY_DEFAULT}; const char kDisallowUnsafeHttpDownloadsParamName[] = "MimeTypeList"; -// Enable DNS over HTTPS (DoH). -const base::Feature kDnsOverHttps{"DnsOverHttps", - base::FEATURE_DISABLED_BY_DEFAULT}; - -// Set whether fallback to insecure DNS is allowed by default. This setting may -// be overridden for individual transactions. -const base::FeatureParam<bool> kDnsOverHttpsFallbackParam{&kDnsOverHttps, - "Fallback", true}; - // Supply one or more space-separated DoH server URI templates to use when this // feature is enabled. If no templates are specified, then a hardcoded mapping // will be used to construct a list of DoH templates associated with the IP diff --git a/chrome/common/chrome_features.h b/chrome/common/chrome_features.h --- a/chrome/common/chrome_features.h +++ b/chrome/common/chrome_features.h @@ -166,8 +166,6 @@ extern const char kDisallowUnsafeHttpDownloadsParamName[]; COMPONENT_EXPORT(CHROME_FEATURES) extern const base::Feature kDnsOverHttps; COMPONENT_EXPORT(CHROME_FEATURES) -extern const base::FeatureParam<bool> kDnsOverHttpsFallbackParam; -COMPONENT_EXPORT(CHROME_FEATURES) extern const base::FeatureParam<std::string> kDnsOverHttpsTemplatesParam; #if defined(OS_ANDROID) diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc --- a/components/network_session_configurator/common/network_features.cc +++ b/components/network_session_configurator/common/network_features.cc @@ -8,4 +8,10 @@ namespace features { +const char kDnsOverHttpsChoiceDefault[] = "Disabled", + kDnsOverHttpsChoiceGoogle[] = "Google", + kDnsOverHttpsChoiceCloudflare[] = "Cloudflare", + kDnsOverHttpsChoiceQuad9[] = "Quad9", + kDnsOverHttpsChoiceAdGuard[] = "AdGuard"; + } // namespace features diff --git a/components/network_session_configurator/common/network_features.h b/components/network_session_configurator/common/network_features.h --- a/components/network_session_configurator/common/network_features.h +++ b/components/network_session_configurator/common/network_features.h @@ -10,6 +10,12 @@ namespace features { +// DNS over HTTPS server endpoint choices + // (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-12.txt). +NETWORK_SESSION_CONFIGURATOR_EXPORT extern const char kDnsOverHttpsChoiceDefault[], + kDnsOverHttpsChoiceGoogle[], kDnsOverHttpsChoiceCloudflare[], kDnsOverHttpsChoiceQuad9[], + kDnsOverHttpsChoiceAdGuard[]; + } // namespace features #endif // COMPONENTS_NETWORK_SESSION_CONFIGURATOR_COMMON_NETWORK_FEATURES_H_ diff --git a/components/network_session_configurator/common/network_switch_list.h b/components/network_session_configurator/common/network_switch_list.h --- a/components/network_session_configurator/common/network_switch_list.h +++ b/components/network_session_configurator/common/network_switch_list.h @@ -32,6 +32,10 @@ NETWORK_SWITCH(kOriginToForceQuicOn, "origin-to-force-quic-on") // the server. NETWORK_SWITCH(kQuicConnectionOptions, "quic-connection-options") +// Specifies an IETF DNS-over-HTTPS server endpoint +// (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-02.txt). +NETWORK_SWITCH(kDnsOverHttpsServer, "dns-over-https-server") + // Specifies the maximum length for a QUIC packet. NETWORK_SWITCH(kQuicMaxPacketLength, "quic-max-packet-length") diff --git a/net/base/load_flags_list.h b/net/base/load_flags_list.h --- a/net/base/load_flags_list.h +++ b/net/base/load_flags_list.h @@ -117,3 +117,9 @@ LOAD_FLAG(RESTRICTED_PREFETCH, 1 << 18) // is considered privileged, and therefore this flag must only be set from a // trusted process. LOAD_FLAG(CAN_USE_RESTRICTED_PREFETCH, 1 << 19) + +// This load will not send Accept-Language or User-Agent headers, and not +// advertise brotli encoding. +// Used to comply with IETF (draft) DNS-over-HTTPS: +// "Implementors SHOULD NOT set non-essential HTTP headers in DoH client requests." +LOAD_FLAG(MINIMAL_HEADERS, 1 << 20) diff --git a/net/dns/dns_transaction.cc b/net/dns/dns_transaction.cc --- a/net/dns/dns_transaction.cc +++ b/net/dns/dns_transaction.cc @@ -403,7 +403,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { // perspective to prevent the client from sending AIA requests). request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE | LOAD_BYPASS_PROXY | - LOAD_DISABLE_CERT_NETWORK_FETCHES); + LOAD_DISABLE_CERT_NETWORK_FETCHES | LOAD_MINIMAL_HEADERS); request_->set_allow_credentials(false); } @@ -997,7 +997,7 @@ class DnsTransactionImpl : public DnsTransaction, had_tcp_attempt_(false), first_server_index_(0), url_request_context_(url_request_context), - request_priority_(DEFAULT_PRIORITY) { + request_priority_(MAXIMUM_PRIORITY) { DCHECK(session_.get()); DCHECK(!hostname_.empty()); DCHECK(!callback_.is_null()); diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -339,6 +339,7 @@ void URLRequestHttpJob::Start() { // plugin could set a referrer although sending the referrer is inhibited. request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer); + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { // Our consumer should have made sure that this is a safe referrer. See for // instance WebCore::FrameLoader::HideReferrer. if (referrer.is_valid()) { @@ -354,11 +355,14 @@ void URLRequestHttpJob::Start() { request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer, referer_value); } + } + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { request_info_.extra_headers.SetHeaderIfMissing( HttpRequestHeaders::kUserAgent, http_user_agent_settings_ ? http_user_agent_settings_->GetUserAgent() : std::string()); + } AddExtraHeaders(); AddCookieHeaderAndStart(); @@ -582,10 +586,12 @@ void URLRequestHttpJob::AddExtraHeaders() { } else { // Advertise "br" encoding only if transferred data is opaque to proxy. bool advertise_brotli = false; - if (request()->context()->enable_brotli()) { - if (request()->url().SchemeIsCryptographic() || - IsLocalhost(request()->url())) { - advertise_brotli = true; + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) { + if (request()->context()->enable_brotli()) { + if (request()->url().SchemeIsCryptographic() || + IsLocalhost(request()->url())) { + advertise_brotli = true; + } } } @@ -603,7 +609,7 @@ void URLRequestHttpJob::AddExtraHeaders() { } } - if (http_user_agent_settings_) { + if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS) && http_user_agent_settings_) { // Only add default Accept-Language if the request didn't have it // specified. std::string accept_language = -- 2.11.0
build/patches/Add-flag-to-configure-maximum-connections-per-host.patch +7 −9 Original line number Diff line number Diff line Loading @@ -19,7 +19,7 @@ with limited CPU/memory resources and it is disabled by default. diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -677,6 +677,11 @@ const FeatureEntry::Choice kForceEffectiveConnectionTypeChoices[] = { @@ -669,6 +669,11 @@ const FeatureEntry::Choice kForceEffectiveConnectionTypeChoices[] = { net::kEffectiveConnectionType4G}, }; Loading @@ -31,7 +31,7 @@ diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc // Ensure that all effective connection types returned by Network Quality // Estimator (NQE) are also exposed via flags. static_assert(net::EFFECTIVE_CONNECTION_TYPE_LAST + 2 == @@ -2546,6 +2551,9 @@ const FeatureEntry kFeatureEntries[] = { @@ -2538,6 +2543,9 @@ const FeatureEntry kFeatureEntries[] = { flag_descriptions::kPassiveDocumentEventListenersName, flag_descriptions::kPassiveDocumentEventListenersDescription, kOsAll, FEATURE_VALUE_TYPE(features::kPassiveDocumentEventListeners)}, Loading Loading @@ -71,16 +71,14 @@ diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptio diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc --- a/components/network_session_configurator/common/network_features.cc +++ b/components/network_session_configurator/common/network_features.cc @@ -8,6 +8,9 @@ @@ -8,4 +8,7 @@ namespace features { +const char kMaxConnectionsPerHostChoiceDefault[] = "6", + kMaxConnectionsPerHostChoice15[] = "15"; + const char kDnsOverHttpsChoiceDefault[] = "Disabled", kDnsOverHttpsChoiceGoogle[] = "Google", kDnsOverHttpsChoiceCloudflare[] = "Cloudflare", } // namespace features diff --git a/components/network_session_configurator/common/network_features.h b/components/network_session_configurator/common/network_features.h --- a/components/network_session_configurator/common/network_features.h +++ b/components/network_session_configurator/common/network_features.h Loading @@ -92,9 +90,9 @@ diff --git a/components/network_session_configurator/common/network_features.h b + kMaxConnectionsPerHostChoice6[], + kMaxConnectionsPerHostChoice15[]; + // DNS over HTTPS server endpoint choices // (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-12.txt). NETWORK_SESSION_CONFIGURATOR_EXPORT extern const char kDnsOverHttpsChoiceDefault[], } // namespace features #endif // COMPONENTS_NETWORK_SESSION_CONFIGURATOR_COMMON_NETWORK_FEATURES_H_ diff --git a/components/network_session_configurator/common/network_switch_list.h b/components/network_session_configurator/common/network_switch_list.h --- a/components/network_session_configurator/common/network_switch_list.h +++ b/components/network_session_configurator/common/network_switch_list.h Loading
build/patches/Add-flag-to-control-video-playback-resume-feature.patch +2 −13 Original line number Diff line number Diff line Loading @@ -4,11 +4,11 @@ Subject: Add flag to control video playback resume feature Disable it by default on Android as it is everywhere else --- chrome/browser/about_flags.cc | 8 ++++---- chrome/browser/about_flags.cc | 4 ++++ chrome/browser/flag_descriptions.cc | 5 +++++ chrome/browser/flag_descriptions.h | 3 +++ media/base/media_switches.cc | 6 +----- 4 files changed, 13 insertions(+), 9 deletions(-) 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc Loading @@ -24,17 +24,6 @@ diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc {"shared-array-buffer", flag_descriptions::kEnableSharedArrayBufferName, flag_descriptions::kEnableSharedArrayBufferDescription, kOsAll, FEATURE_VALUE_TYPE(features::kSharedArrayBuffer)}, @@ -1603,10 +1607,6 @@ const FeatureEntry kFeatureEntries[] = { FEATURE_VALUE_TYPE(features::kAppNotificationStatusMessaging)}, #endif // OS_ANDROID {"enable-devtools-experiments", flag_descriptions::kDevtoolsExperimentsName, - {"resume-background-video", - flag_descriptions::kResumeBackgroundVideoName, - flag_descriptions::kResumeBackgroundVideoDescription, kOsAll, - FEATURE_VALUE_TYPE(media::kResumeBackgroundVideo)}, flag_descriptions::kDevtoolsExperimentsDescription, kOsDesktop, SINGLE_VALUE_TYPE(switches::kEnableDevToolsExperiments)}, {"silent-debugger-extension-api", diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc --- a/chrome/browser/flag_descriptions.cc +++ b/chrome/browser/flag_descriptions.cc Loading
