|
|
@@ -1,282 +0,0 @@
|
|
|
-From: csagan5 <32685696+csagan5@users.noreply.github.com>
|
|
|
-Date: Sat, 28 Apr 2018 08:30:26 +0200
|
|
|
-Subject: Add a flag for DNS-over-HTTPS
|
|
|
-
|
|
|
-Allow selection between Google and Cloudflare endpoints.
|
|
|
-Serve DoH requests with maximum priority, remove traffic annotation.
|
|
|
-Reduce HTTP headers in DoH requests to bare minimum.
|
|
|
-
|
|
|
-See also: https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-02.txt
|
|
|
----
|
|
|
- chrome/browser/about_flags.cc | 12 +++++++++
|
|
|
- chrome/browser/flag_descriptions.cc | 3 +++
|
|
|
- chrome/browser/flag_descriptions.h | 3 +++
|
|
|
- .../browser/net/system_network_context_manager.cc | 12 +++++----
|
|
|
- .../common/network_features.cc | 5 ++--
|
|
|
- .../common/network_features.h | 5 ++--
|
|
|
- .../common/network_switch_list.h | 4 +++
|
|
|
- net/base/load_flags_list.h | 6 +++++
|
|
|
- net/dns/dns_transaction.cc | 29 +++-------------------
|
|
|
- net/url_request/url_request_http_job.cc | 26 +++++++++++--------
|
|
|
- 10 files changed, 61 insertions(+), 44 deletions(-)
|
|
|
-
|
|
|
-diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
|
|
|
---- a/chrome/browser/about_flags.cc
|
|
|
-+++ b/chrome/browser/about_flags.cc
|
|
|
-@@ -421,6 +421,12 @@ const FeatureEntry::Choice kChromeHomeSwipeLogicChoices[] = {
|
|
|
- switches::kChromeHomeSwipeLogicType, "velocity"},
|
|
|
- };
|
|
|
-
|
|
|
-+const FeatureEntry::Choice kDnsOverHttpsChoices[] = {
|
|
|
-+ {features::kDnsOverHttpsChoiceDefault, "", ""},
|
|
|
-+ {features::kDnsOverHttpsChoiceGoogle, switches::kDnsOverHttpsServer, "https://dns.google.com/experimental"},
|
|
|
-+ {features::kDnsOverHttpsChoiceCloudflare, switches::kDnsOverHttpsServer, "https://1.1.1.1/dns-query"},
|
|
|
-+};
|
|
|
-+
|
|
|
- #endif // OS_ANDROID
|
|
|
-
|
|
|
- const FeatureEntry::Choice kNumRasterThreadsChoices[] = {
|
|
|
-@@ -3517,6 +3523,12 @@ const FeatureEntry kFeatureEntries[] = {
|
|
|
- FEATURE_VALUE_TYPE(features::kAsyncDns)},
|
|
|
- #endif // defined(OS_ANDROID)
|
|
|
-
|
|
|
-+#if defined(OS_ANDROID)
|
|
|
-+ {"enable-dns-over-https", flag_descriptions::kDnsOverHttpsName,
|
|
|
-+ flag_descriptions::kDnsOverHttpsDescription, kOsAndroid,
|
|
|
-+ MULTI_VALUE_TYPE(kDnsOverHttpsChoices)},
|
|
|
-+#endif // defined(OS_ANDROID)
|
|
|
-+
|
|
|
- {"enable-overflow-icons-for-media-controls",
|
|
|
- flag_descriptions::kOverflowIconsForMediaControlsName,
|
|
|
- flag_descriptions::kOverflowIconsForMediaControlsDescription, kOsAll,
|
|
|
-diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
|
|
|
---- a/chrome/browser/flag_descriptions.cc
|
|
|
-+++ b/chrome/browser/flag_descriptions.cc
|
|
|
-@@ -2112,6 +2112,9 @@ const char kAndroidPaymentAppsDescription[] =
|
|
|
- const char kAsyncDnsName[] = "Async DNS resolver";
|
|
|
- const char kAsyncDnsDescription[] = "Enables the built-in DNS resolver.";
|
|
|
-
|
|
|
-+const char kDnsOverHttpsName[] = "DNS over HTTPS";
|
|
|
-+const char kDnsOverHttpsDescription[] = "Enables DNS-over-HTTPS (experimental).";
|
|
|
-+
|
|
|
- const char kAutofillAccessoryViewName[] =
|
|
|
- "Autofill suggestions as keyboard accessory view";
|
|
|
- const char kAutofillAccessoryViewDescription[] =
|
|
|
-diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
|
|
|
---- a/chrome/browser/flag_descriptions.h
|
|
|
-+++ b/chrome/browser/flag_descriptions.h
|
|
|
-@@ -1284,6 +1284,9 @@ extern const char kAppNotificationStatusMessagingDescription[];
|
|
|
- extern const char kAsyncDnsName[];
|
|
|
- extern const char kAsyncDnsDescription[];
|
|
|
-
|
|
|
-+extern const char kDnsOverHttpsName[];
|
|
|
-+extern const char kDnsOverHttpsDescription[];
|
|
|
-+
|
|
|
- extern const char kAutofillAccessoryViewName[];
|
|
|
- extern const char kAutofillAccessoryViewDescription[];
|
|
|
-
|
|
|
-diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc
|
|
|
---- a/chrome/browser/net/system_network_context_manager.cc
|
|
|
-+++ b/chrome/browser/net/system_network_context_manager.cc
|
|
|
-@@ -23,6 +23,7 @@
|
|
|
- #include "chrome/common/chrome_features.h"
|
|
|
- #include "chrome/common/pref_names.h"
|
|
|
- #include "components/network_session_configurator/common/network_features.h"
|
|
|
-+#include "components/network_session_configurator/common/network_switches.h"
|
|
|
- #include "components/policy/core/common/policy_namespace.h"
|
|
|
- #include "components/policy/core/common/policy_service.h"
|
|
|
- #include "components/policy/policy_constants.h"
|
|
|
-@@ -370,11 +371,12 @@ void SystemNetworkContextManager::RegisterPrefs(PrefRegistrySimple* registry) {
|
|
|
- std::make_unique<base::ListValue>();
|
|
|
- std::unique_ptr<base::ListValue> default_doh_server_methods =
|
|
|
- std::make_unique<base::ListValue>();
|
|
|
-- if (base::FeatureList::IsEnabled(features::kDnsOverHttps)) {
|
|
|
-- base::Value server(variations::GetVariationParamValueByFeature(
|
|
|
-- features::kDnsOverHttps, "server"));
|
|
|
-- base::Value method(variations::GetVariationParamValueByFeature(
|
|
|
-- features::kDnsOverHttps, "method"));
|
|
|
-+ std::string dnsOverHttpsServer =
|
|
|
-+ base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
|
|
|
-+ switches::kDnsOverHttpsServer);
|
|
|
-+ if (!dnsOverHttpsServer.empty()) {
|
|
|
-+ base::Value server(dnsOverHttpsServer);
|
|
|
-+ base::Value method("POST");
|
|
|
- if (!server.GetString().empty()) {
|
|
|
- default_doh_servers->GetList().push_back(std::move(server));
|
|
|
- default_doh_server_methods->GetList().push_back(std::move(method));
|
|
|
-diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc
|
|
|
---- a/components/network_session_configurator/common/network_features.cc
|
|
|
-+++ b/components/network_session_configurator/common/network_features.cc
|
|
|
-@@ -14,7 +14,8 @@ const base::Feature kTokenBinding{"token-binding",
|
|
|
- // TODO(nharper): Disable kChannelID on all platforms in M69.
|
|
|
- const base::Feature kChannelID{"channel-id", base::FEATURE_ENABLED_BY_DEFAULT};
|
|
|
-
|
|
|
--const base::Feature kDnsOverHttps{"dns-over-https",
|
|
|
-- base::FEATURE_DISABLED_BY_DEFAULT};
|
|
|
-+const char kDnsOverHttpsChoiceDefault[] = "Disabled",
|
|
|
-+ kDnsOverHttpsChoiceGoogle[] = "Google",
|
|
|
-+ kDnsOverHttpsChoiceCloudflare[] = "Cloudflare";
|
|
|
-
|
|
|
- } // namespace features
|
|
|
-diff --git a/components/network_session_configurator/common/network_features.h b/components/network_session_configurator/common/network_features.h
|
|
|
---- a/components/network_session_configurator/common/network_features.h
|
|
|
-+++ b/components/network_session_configurator/common/network_features.h
|
|
|
-@@ -17,9 +17,10 @@ NETWORK_SESSION_CONFIGURATOR_EXPORT extern const base::Feature kTokenBinding;
|
|
|
- // Enables Channel ID.
|
|
|
- NETWORK_SESSION_CONFIGURATOR_EXPORT extern const base::Feature kChannelID;
|
|
|
-
|
|
|
--// Enabled DNS over HTTPS
|
|
|
-+// DNS over HTTPS server endpoint choices
|
|
|
- // (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-02.txt).
|
|
|
--NETWORK_SESSION_CONFIGURATOR_EXPORT extern const base::Feature kDnsOverHttps;
|
|
|
-+NETWORK_SESSION_CONFIGURATOR_EXPORT extern const char kDnsOverHttpsChoiceDefault[],
|
|
|
-+ kDnsOverHttpsChoiceGoogle[], kDnsOverHttpsChoiceCloudflare[];
|
|
|
-
|
|
|
- } // namespace features
|
|
|
-
|
|
|
-diff --git a/components/network_session_configurator/common/network_switch_list.h b/components/network_session_configurator/common/network_switch_list.h
|
|
|
---- a/components/network_session_configurator/common/network_switch_list.h
|
|
|
-+++ b/components/network_session_configurator/common/network_switch_list.h
|
|
|
-@@ -35,6 +35,10 @@ NETWORK_SWITCH(kOriginToForceQuicOn, "origin-to-force-quic-on")
|
|
|
- // the server.
|
|
|
- NETWORK_SWITCH(kQuicConnectionOptions, "quic-connection-options")
|
|
|
-
|
|
|
-+// Specifies an IETF DNS-over-HTTPS server endpoint
|
|
|
-+// (https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-02.txt).
|
|
|
-+NETWORK_SWITCH(kDnsOverHttpsServer, "dns-over-https-server")
|
|
|
-+
|
|
|
- // Specifies the maximum length for a QUIC packet.
|
|
|
- NETWORK_SWITCH(kQuicMaxPacketLength, "quic-max-packet-length")
|
|
|
-
|
|
|
-diff --git a/net/base/load_flags_list.h b/net/base/load_flags_list.h
|
|
|
---- a/net/base/load_flags_list.h
|
|
|
-+++ b/net/base/load_flags_list.h
|
|
|
-@@ -92,6 +92,12 @@ LOAD_FLAG(MAYBE_USER_GESTURE, 1 << 14)
|
|
|
- LOAD_FLAG(DO_NOT_USE_EMBEDDED_IDENTITY, 1 << 15)
|
|
|
-
|
|
|
- // Indicates that this request is not to be migrated to a cellular network when
|
|
|
-+
|
|
|
-+// This load will not send Accept-Language or User-Agent headers, and not
|
|
|
-+// advertise brotli encoding.
|
|
|
-+// Used to comply with IETF (draft) DNS-over-HTTPS:
|
|
|
-+// "Implementors SHOULD NOT set non-essential HTTP headers in DoH client requests."
|
|
|
-+LOAD_FLAG(MINIMAL_HEADERS, 1 << 18)
|
|
|
- // QUIC connection migration is enabled.
|
|
|
- LOAD_FLAG(DISABLE_CONNECTION_MIGRATION_TO_CELLULAR, 1 << 16)
|
|
|
-
|
|
|
-diff --git a/net/dns/dns_transaction.cc b/net/dns/dns_transaction.cc
|
|
|
---- a/net/dns/dns_transaction.cc
|
|
|
-+++ b/net/dns/dns_transaction.cc
|
|
|
-@@ -389,30 +389,8 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
|
|
|
-
|
|
|
- HttpRequestHeaders extra_request_headers;
|
|
|
- extra_request_headers.SetHeader("Accept", kDnsOverHttpResponseContentType);
|
|
|
--
|
|
|
-- request_ = url_request_context->CreateRequest(
|
|
|
-- url, request_priority_, this,
|
|
|
-- net::DefineNetworkTrafficAnnotation("dns_over_https", R"(
|
|
|
-- semantics {
|
|
|
-- sender: "DNS over HTTPS"
|
|
|
-- description: "Domain name resolution over HTTPS"
|
|
|
-- trigger: "User enters a navigates to a domain or Chrome otherwise "
|
|
|
-- "makes a connection to a domain whose IP address isn't cached"
|
|
|
-- data: "The domain name that is being requested"
|
|
|
-- destination: OTHER
|
|
|
-- destination_other: "The user configured DNS over HTTPS server, which"
|
|
|
-- "may be dns.google.com"
|
|
|
-- }
|
|
|
-- policy {
|
|
|
-- cookies_allowed: NO
|
|
|
-- setting:
|
|
|
-- "You can configure this feature via that 'dns_over_https_servers' and"
|
|
|
-- "'dns_over_https.method' prefs. Empty lists imply this feature is"
|
|
|
-- "disabled"
|
|
|
-- policy_exception_justification: "Experimental feature that"
|
|
|
-- "is disabled by default"
|
|
|
-- }
|
|
|
-- )"));
|
|
|
-+ //extra_request_headers.SetHeader(HttpRequestHeaders::kUserAgent, "DoH client");
|
|
|
-+ request_ = url_request_context->CreateRequest(url, request_priority_, this);
|
|
|
- net_log_ = request_->net_log();
|
|
|
-
|
|
|
- if (use_post) {
|
|
|
-@@ -430,6 +408,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
|
|
|
- request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE |
|
|
|
- LOAD_BYPASS_PROXY | LOAD_DO_NOT_SEND_COOKIES |
|
|
|
- LOAD_DO_NOT_SAVE_COOKIES |
|
|
|
-+ LOAD_IGNORE_LIMITS | LOAD_MINIMAL_HEADERS |
|
|
|
- LOAD_DO_NOT_SEND_AUTH_DATA);
|
|
|
- }
|
|
|
-
|
|
|
-@@ -849,7 +828,7 @@ class DnsTransactionImpl : public DnsTransaction,
|
|
|
- had_tcp_attempt_(false),
|
|
|
- doh_attempt_(false),
|
|
|
- first_server_index_(0),
|
|
|
-- request_priority_(DEFAULT_PRIORITY) {
|
|
|
-+ request_priority_(MAXIMUM_PRIORITY) {
|
|
|
- DCHECK(session_.get());
|
|
|
- DCHECK(!hostname_.empty());
|
|
|
- DCHECK(!callback_.is_null());
|
|
|
-diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
|
|
|
---- a/net/url_request/url_request_http_job.cc
|
|
|
-+++ b/net/url_request/url_request_http_job.cc
|
|
|
-@@ -434,21 +434,25 @@ void URLRequestHttpJob::Start() {
|
|
|
- // plugin could set a referrer although sending the referrer is inhibited.
|
|
|
- request_info_.extra_headers.RemoveHeader(HttpRequestHeaders::kReferer);
|
|
|
-
|
|
|
-- // Our consumer should have made sure that this is a safe referrer. See for
|
|
|
-- // instance WebCore::FrameLoader::HideReferrer.
|
|
|
-- if (referrer.is_valid()) {
|
|
|
-- request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
|
|
|
-+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
|
-+ // Our consumer should have made sure that this is a safe referrer. See for
|
|
|
-+ // instance WebCore::FrameLoader::HideReferrer.
|
|
|
-+ if (referrer.is_valid()) {
|
|
|
-+ request_info_.extra_headers.SetHeader(HttpRequestHeaders::kReferer,
|
|
|
- referrer.spec());
|
|
|
-+ }
|
|
|
- }
|
|
|
-
|
|
|
- request_info_.token_binding_referrer = request_->token_binding_referrer();
|
|
|
-
|
|
|
- // This should be kept in sync with the corresponding code in
|
|
|
- // URLRequest::GetUserAgent.
|
|
|
-- request_info_.extra_headers.SetHeaderIfMissing(
|
|
|
-+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
|
-+ request_info_.extra_headers.SetHeaderIfMissing(
|
|
|
- HttpRequestHeaders::kUserAgent,
|
|
|
- http_user_agent_settings_ ?
|
|
|
- http_user_agent_settings_->GetUserAgent() : std::string());
|
|
|
-+ }
|
|
|
-
|
|
|
- AddExtraHeaders();
|
|
|
- AddCookieHeaderAndStart();
|
|
|
-@@ -666,10 +670,12 @@ void URLRequestHttpJob::AddExtraHeaders() {
|
|
|
- HttpRequestHeaders::kAcceptEncoding)) {
|
|
|
- // Advertise "br" encoding only if transferred data is opaque to proxy.
|
|
|
- bool advertise_brotli = false;
|
|
|
-- if (request()->context()->enable_brotli()) {
|
|
|
-- if (request()->url().SchemeIsCryptographic() ||
|
|
|
-- IsLocalhost(request()->url())) {
|
|
|
-- advertise_brotli = true;
|
|
|
-+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS)) {
|
|
|
-+ if (request()->context()->enable_brotli()) {
|
|
|
-+ if (request()->url().SchemeIsCryptographic() ||
|
|
|
-+ IsLocalhost(request()->url())) {
|
|
|
-+ advertise_brotli = true;
|
|
|
-+ }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
-@@ -686,7 +692,7 @@ void URLRequestHttpJob::AddExtraHeaders() {
|
|
|
- advertised_encodings);
|
|
|
- }
|
|
|
-
|
|
|
-- if (http_user_agent_settings_) {
|
|
|
-+ if (!(request_info_.load_flags & LOAD_MINIMAL_HEADERS) && http_user_agent_settings_) {
|
|
|
- // Only add default Accept-Language if the request didn't have it
|
|
|
- // specified.
|
|
|
- std::string accept_language =
|
|
|
---
|
|
|
-2.11.0
|
|
|
-
|
csagan5