chromium/src
0
Fork 0
Code Activity

Confine enable_device_bound_sessions buildflag to //net

Browse Source 
This CL removes usages of the enable_device_bound_sessions buildflag
outside of //net. This minimizes readability cost for the rest of the
codebase, while still fully disabling DBSC on unsupported platforms.

This requires making the source of truth for session id a member of
SessionKey, since that is built on all platforms.

NO_IFTTT=TrustedParams is excluded from prefetch: https://source.chromium.org/chromium/chromium/src/+/main:services/network/prefetch_matches.cc;drc=0d7b52b4e799da9280133abae48e073fe5645a35;l=315

Bug: 353774427
Change-Id: Ic81e8b2e4329b8fb79437114a8b65a475e2e04df
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6014679
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1382689}
This commit is contained in:
Daniel Rubery
2024-11-14 00:14:18 +00:00
committed by Chromium LUCI CQ
parent f178d909c6
commit 2be62cf09b
32 changed files with 197 additions and 273 deletions

2
chrome/browser/about_flags.cc

@ -10996,7 +10996,6 @@ const FeatureEntry kFeatureEntries[] = {
FEATURE_VALUE_TYPE(ash::features::kBirchWeather)},
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
{"enable-standard-device-bound-session-credentials",
flag_descriptions::kEnableStandardBoundSessionCredentialsName,
flag_descriptions::kEnableStandardBoundSessionCredentialsDescription,
@ -11005,7 +11004,6 @@ const FeatureEntry kFeatureEntries[] = {
flag_descriptions::kEnableStandardBoundSessionPersistenceName,
flag_descriptions::kEnableStandardBoundSessionPersistenceDescription,
kOsWin, FEATURE_VALUE_TYPE(net::features::kPersistDeviceBoundSessions)},
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
{"cros-soul-gd", flag_descriptions::kCrosSoulGravediggerName,

2
chrome/browser/flag_descriptions.cc

@ -8253,7 +8253,6 @@ const char
"manual testing only.";
#endif // BUILDFLAG(ENABLE_BOUND_SESSION_CREDENTIALS)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
const char kEnableStandardBoundSessionCredentialsName[] =
"Device Bound Session Credentials (Standard)";
const char kEnableStandardBoundSessionCredentialsDescription[] =
@ -8264,7 +8263,6 @@ const char kEnableStandardBoundSessionPersistenceName[] =
const char kEnableStandardBoundSessionPersistenceDescription[] =
"Enables session persistence for the official version of "
"Device Bound Session Credentials.";
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#if BUILDFLAG(CHROME_ROOT_STORE_CERT_MANAGEMENT_UI)
const char kEnableCertManagementV2UIName[] = "Cert Management V2 UI";

2
chrome/browser/flag_descriptions.h

@ -4819,12 +4819,10 @@ extern const char
kEnableBoundSessionCredentialsSoftwareKeysForManualTestingDescription[];
#endif // BUILDFLAG(ENABLE_BOUND_SESSION_CREDENTIALS)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
extern const char kEnableStandardBoundSessionCredentialsName[];
extern const char kEnableStandardBoundSessionCredentialsDescription[];
extern const char kEnableStandardBoundSessionPersistenceName[];
extern const char kEnableStandardBoundSessionPersistenceDescription[];
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#if BUILDFLAG(CHROME_ROOT_STORE_CERT_MANAGEMENT_UI)
extern const char kEnableCertManagementV2UIName[];

2
content/browser/loader/navigation_url_loader_impl_unittest.cc

@ -129,9 +129,7 @@ class TestNavigationLoaderInterceptor : public NavigationLoaderInterceptor {
/*trust_token_observer=*/mojo::NullRemote(),
/*url_loader_network_observer=*/mojo::NullRemote(),
/*devtools_observer=*/mojo::NullRemote(),
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
/*device_bound_session_observer=*/mojo::NullRemote(),
#endif
/*accept_ch_frame_observer=*/mojo::NullRemote(),
/*attribution_request_helper=*/nullptr,
/*shared_storage_writable=*/false);

8
net/BUILD.gn

@ -428,6 +428,8 @@ component("net") {
"cookies/site_for_cookies.h",
"cookies/static_cookie_policy.cc",
"cookies/static_cookie_policy.h",
"device_bound_sessions/session_key.cc",
"device_bound_sessions/session_key.h",
"disk_cache/backend_cleanup_tracker.cc",
"disk_cache/backend_cleanup_tracker.h",
"disk_cache/backend_experiment.cc",
@ -1190,8 +1192,6 @@ component("net") {
"device_bound_sessions/session_inclusion_rules.h",
"device_bound_sessions/session_json_utils.cc",
"device_bound_sessions/session_json_utils.h",
"device_bound_sessions/session_key.cc",
"device_bound_sessions/session_key.h",
"device_bound_sessions/session_params.cc",
"device_bound_sessions/session_params.h",
"device_bound_sessions/session_service.cc",
@ -3431,9 +3431,7 @@ if (!is_ios) {
}
if (is_android) {
deps += [
"//net/android:net_java",
]
deps += [ "//net/android:net_java" ]
}
}
}

4
net/device_bound_sessions/session.h

@ -9,12 +9,12 @@
#include <optional>
#include <string>
#include "base/types/strong_alias.h"
#include "components/unexportable_keys/service_error.h"
#include "components/unexportable_keys/unexportable_key_id.h"
#include "net/base/net_export.h"
#include "net/device_bound_sessions/cookie_craving.h"
#include "net/device_bound_sessions/session_inclusion_rules.h"
#include "net/device_bound_sessions/session_key.h"
#include "net/device_bound_sessions/session_params.h"
#include "url/gurl.h"
@ -31,7 +31,7 @@ class Session;
// This class represents a DBSC (Device Bound Session Credentials) session.
class NET_EXPORT Session {
public:
using Id = base::StrongAlias<class IdTag, std::string>;
using Id = SessionKey::Id;
using KeyIdOrError =
unexportable_keys::ServiceErrorOr<unexportable_keys::UnexportableKeyId>;

3
net/device_bound_sessions/session_key.cc

@ -7,8 +7,7 @@
namespace net::device_bound_sessions {
SessionKey::SessionKey() = default;
SessionKey::SessionKey(SchemefulSite site, Session::Id id)
: site(site), id(id) {}
SessionKey::SessionKey(SchemefulSite site, Id id) : site(site), id(id) {}
SessionKey::~SessionKey() = default;
SessionKey::SessionKey(const SessionKey&) = default;

8
net/device_bound_sessions/session_key.h

@ -5,15 +5,17 @@
#ifndef NET_DEVICE_BOUND_SESSIONS_SESSION_KEY_H_
#define NET_DEVICE_BOUND_SESSIONS_SESSION_KEY_H_
#include "base/types/strong_alias.h"
#include "net/base/schemeful_site.h"
#include "net/device_bound_sessions/session.h"
namespace net::device_bound_sessions {
// Unique identifier for a `Session`.
struct NET_EXPORT SessionKey {
using Id = base::StrongAlias<class IdTag, std::string>;
SessionKey();
SessionKey(SchemefulSite site, Session::Id id);
SessionKey(SchemefulSite site, Id id);
~SessionKey();
SessionKey(const SessionKey&);
@ -23,7 +25,7 @@ struct NET_EXPORT SessionKey {
SessionKey& operator=(SessionKey&&);
SchemefulSite site;
Session::Id id;
Id id;
};
} // namespace net::device_bound_sessions

4
net/device_bound_sessions/session_service.cc

@ -17,6 +17,7 @@ namespace net::device_bound_sessions {
std::unique_ptr<SessionService> SessionService::Create(
const URLRequestContext* request_context) {
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
unexportable_keys::UnexportableKeyService* service =
UnexportableKeyServiceFactory::GetInstance()->GetShared();
if (!service) {
@ -29,6 +30,9 @@ std::unique_ptr<SessionService> SessionService::Create(
// Loads saved sessions if `session_store` is not null.
session_service->LoadSessionsAsync();
return session_service;
#else
return nullptr;
#endif
}
} // namespace net::device_bound_sessions

12
net/url_request/url_request_context.h

@ -61,12 +61,10 @@ class PersistentReportingAndNelStore;
class ReportingService;
#endif // BUILDFLAG(ENABLE_REPORTING)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
namespace device_bound_sessions {
class SessionService;
class SessionStore;
}
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
// Class that provides application-specific context for URLRequest
// instances. May only be created by URLRequestContextBuilder.
@ -214,16 +212,22 @@ class NET_EXPORT URLRequestContext final {
}
#endif // BUILDFLAG(ENABLE_REPORTING)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
// May return nullptr if the feature is disabled.
device_bound_sessions::SessionStore* device_bound_session_store() const {
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
return device_bound_session_store_.get();
#else
return nullptr;
#endif
}
// May return nullptr if the feature is disabled.
device_bound_sessions::SessionService* device_bound_session_service() const {
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
return device_bound_session_service_.get();
#else
return nullptr;
#endif
}
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
bool enable_brotli() const { return enable_brotli_; }

10
net/url_request/url_request_context_builder.h

@ -370,16 +370,24 @@ class NET_EXPORT URLRequestContextBuilder {
void set_device_bound_session_service(
std::unique_ptr<device_bound_sessions::SessionService>
device_bound_session_service);
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
void set_has_device_bound_session_service(bool enable) {
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
has_device_bound_session_service_ = enable;
#else
NOTREACHED();
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
}
void set_device_bound_sessions_file_path(
const base::FilePath& device_bound_sessions_file_path) {
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
device_bound_sessions_file_path_ = device_bound_sessions_file_path;
}
#else
NOTREACHED();
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
}
// Binds the context to `network`. All requests scheduled through the context
// built by this builder will be sent using `network`. Requests will fail if

9
services/network/BUILD.gn

@ -39,6 +39,8 @@ component("network_service") {
"data_pipe_element_reader.h",
"data_remover_util.cc",
"data_remover_util.h",
"device_bound_session_manager.cc",
"device_bound_session_manager.h",
"disk_cache/mojo_backend_file_operations.cc",
"disk_cache/mojo_backend_file_operations.h",
"disk_cache/mojo_backend_file_operations_factory.cc",
@ -302,13 +304,6 @@ component("network_service") {
]
}
if (enable_device_bound_sessions) {
sources += [
"device_bound_session_manager.cc",
"device_bound_session_manager.h",
]
}
configs += [ "//build/config/compiler:wexit_time_destructors" ]
deps = [

10
services/network/device_bound_session_manager.cc

@ -8,6 +8,16 @@
namespace network {
// static
std::unique_ptr<DeviceBoundSessionManager> DeviceBoundSessionManager::Create(
net::device_bound_sessions::SessionService* service) {
if (!service) {
return nullptr;
}
return base::WrapUnique(new DeviceBoundSessionManager(service));
}
DeviceBoundSessionManager::DeviceBoundSessionManager(
net::device_bound_sessions::SessionService* service)
: service_(service) {}

6
services/network/device_bound_session_manager.h

@ -17,8 +17,9 @@ namespace network {
class DeviceBoundSessionManager : public mojom::DeviceBoundSessionManager {
public:
explicit DeviceBoundSessionManager(
static std::unique_ptr<DeviceBoundSessionManager> Create(
net::device_bound_sessions::SessionService* service);
~DeviceBoundSessionManager() override;
void AddReceiver(
@ -30,6 +31,9 @@ class DeviceBoundSessionManager : public mojom::DeviceBoundSessionManager {
const net::device_bound_sessions::SessionKey& session_key) override;
private:
explicit DeviceBoundSessionManager(
net::device_bound_sessions::SessionService* service);
raw_ptr<net::device_bound_sessions::SessionService> service_;
mojo::ReceiverSet<network::mojom::DeviceBoundSessionManager> receivers_;
};

21
services/network/network_context.cc

@ -76,6 +76,7 @@
#include "net/cookies/cookie_constants.h"
#include "net/cookies/cookie_monster.h"
#include "net/cookies/cookie_setting_override.h"
#include "net/device_bound_sessions/session_service.h"
#include "net/dns/host_cache.h"
#include "net/dns/mapped_host_resolver.h"
#include "net/extras/sqlite/cookie_crypto_delegate.h"
@ -104,6 +105,7 @@
#include "services/network/brokered_client_socket_factory.h"
#include "services/network/cookie_manager.h"
#include "services/network/data_remover_util.h"
#include "services/network/device_bound_session_manager.h"
#include "services/network/disk_cache/mojo_backend_file_operations_factory.h"
#include "services/network/host_resolver.h"
#include "services/network/http_auth_cache_copier.h"
@ -196,11 +198,6 @@
#include "base/android/application_status_listener.h"
#endif // BUILDFLAG(IS_ANDROID)
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "net/device_bound_sessions/session_service.h"
#include "services/network/device_bound_session_manager.h"
#endif // BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
namespace network {
namespace {
@ -815,10 +812,8 @@ NetworkContext::NetworkContext(
InitializePrefetchURLLoaderFactory();
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
device_bound_session_manager_ = std::make_unique<DeviceBoundSessionManager>(
device_bound_session_manager_ = DeviceBoundSessionManager::Create(
url_request_context_->device_bound_session_service());
#endif
}
NetworkContext::NetworkContext(
@ -2925,7 +2920,6 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
builder.set_cookie_deprecation_label(*params_->cookie_deprecation_label);
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
if (params_->device_bound_sessions_enabled) {
builder.set_has_device_bound_session_service(true);
@ -2943,7 +2937,6 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
}
}
}
#endif
if (on_url_request_context_builder_configured) {
std::move(on_url_request_context_builder_configured).Run(&builder);
@ -3408,14 +3401,14 @@ void NetworkContext::GetBoundNetworkForTesting(
std::move(callback).Run(url_request_context()->bound_network());
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
void NetworkContext::GetDeviceBoundSessionManager(
mojo::PendingReceiver<network::mojom::DeviceBoundSessionManager>
device_bound_session_manager) {
device_bound_session_manager_->AddReceiver(
std::move(device_bound_session_manager));
if (device_bound_session_manager_) {
device_bound_session_manager_->AddReceiver(
std::move(device_bound_session_manager));
}
}
#endif
bool NetworkContext::IsNetworkForNonceAndUrlAllowed(
const base::UnguessableToken& nonce,

9
services/network/network_context.h

@ -132,13 +132,10 @@ class SessionCleanupCookieStore;
class SharedDictionaryManager;
class WebSocketFactory;
class WebTransport;
class DeviceBoundSessionManager;
struct ResourceRequest;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
class DeviceBoundSessionManager;
#endif
// A NetworkContext creates and manages access to a URLRequestContext.
//
// When the network service is enabled, NetworkContexts are created through
@ -562,11 +559,9 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
void GetBoundNetworkForTesting(
GetBoundNetworkForTestingCallback callback) override;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
void GetDeviceBoundSessionManager(
mojo::PendingReceiver<network::mojom::DeviceBoundSessionManager>
device_bound_session_manager) override;
#endif
// Destroys |request| when a proxy lookup completes.
void OnProxyLookupComplete(ProxyLookupRequest* proxy_lookup_request);
@ -1052,10 +1047,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
// The URLLoaderFactory to use for prefetches. Created on first use.
mojo::Remote<mojom::URLLoaderFactory> prefetch_url_loader_factory_remote_;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
// Manager for device bound sessions.
std::unique_ptr<DeviceBoundSessionManager> device_bound_session_manager_;
#endif
SEQUENCE_CHECKER(sequence_checker_);

7
services/network/public/cpp/resource_request.h

@ -31,6 +31,7 @@
#include "services/network/public/mojom/client_security_state.mojom.h"
#include "services/network/public/mojom/cookie_access_observer.mojom-forward.h"
#include "services/network/public/mojom/cors.mojom-shared.h"
#include "services/network/public/mojom/device_bound_sessions.mojom-forward.h"
#include "services/network/public/mojom/devtools_observer.mojom-forward.h"
#include "services/network/public/mojom/fetch_api.mojom-shared.h"
#include "services/network/public/mojom/ip_address_space.mojom-shared.h"
@ -44,10 +45,6 @@
#include "url/gurl.h"
#include "url/origin.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom-forward.h"
#endif
namespace network {
// Typemapped to network.mojom.URLRequest in url_request.mojom.
@ -83,10 +80,8 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest {
mojo::PendingRemote<mojom::URLLoaderNetworkServiceObserver>
url_loader_network_observer;
mojo::PendingRemote<mojom::DevToolsObserver> devtools_observer;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer;
#endif
mojom::ClientSecurityStatePtr client_security_state;
mojo::PendingRemote<mojom::AcceptCHFrameObserver> accept_ch_frame_observer;
mojo::PendingRemote<mojom::SharedDictionaryAccessObserver>

7
services/network/public/cpp/url_request_mojom_traits.cc

@ -23,6 +23,7 @@
#include "services/network/public/cpp/url_request_param_mojom_traits.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/data_pipe_getter.mojom.h"
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#include "services/network/public/mojom/devtools_observer.mojom.h"
#include "services/network/public/mojom/ip_address_space.mojom.h"
#include "services/network/public/mojom/trust_token_access_observer.mojom.h"
@ -33,10 +34,6 @@
#include "url/mojom/origin_mojom_traits.h"
#include "url/mojom/url_gurl_mojom_traits.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#endif
namespace mojo {
network::mojom::SourceType
@ -106,10 +103,8 @@ bool StructTraits<network::mojom::TrustedUrlRequestParamsDataView,
mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver>>();
out->devtools_observer = data.TakeDevtoolsObserver<
mojo::PendingRemote<network::mojom::DevToolsObserver>>();
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
out->device_bound_session_observer = data.TakeDeviceBoundSessionObserver<
mojo::PendingRemote<network::mojom::DeviceBoundSessionAccessObserver>>();
#endif
if (!data.ReadClientSecurityState(&out->client_security_state)) {
return false;
}

7
services/network/public/cpp/url_request_mojom_traits.h

@ -32,6 +32,7 @@
#include "services/network/public/mojom/client_security_state.mojom-forward.h"
#include "services/network/public/mojom/cookie_access_observer.mojom-forward.h"
#include "services/network/public/mojom/data_pipe_getter.mojom.h"
#include "services/network/public/mojom/device_bound_sessions.mojom-forward.h"
#include "services/network/public/mojom/devtools_observer.mojom-forward.h"
#include "services/network/public/mojom/ip_address_space.mojom-forward.h"
#include "services/network/public/mojom/trust_token_access_observer.mojom-forward.h"
@ -42,10 +43,6 @@
#include "services/network/public/mojom/web_bundle_handle.mojom-forward.h"
#include "url/mojom/url_gurl_mojom_traits.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom-forward.h"
#endif
namespace mojo {
template <>
@ -120,7 +117,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE)
const_cast<network::ResourceRequest::TrustedParams&>(trusted_params)
.devtools_observer);
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
static mojo::PendingRemote<network::mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer(
const network::ResourceRequest::TrustedParams& trusted_params) {
@ -131,7 +127,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE)
const_cast<network::ResourceRequest::TrustedParams&>(trusted_params)
.device_bound_session_observer);
}
#endif
static const network::mojom::ClientSecurityStatePtr& client_security_state(
const network::ResourceRequest::TrustedParams& trusted_params) {
return trusted_params.client_security_state;

5
services/network/public/cpp/url_request_mojom_traits_unittest.cc

@ -24,6 +24,7 @@
#include "services/network/public/mojom/chunked_data_pipe_getter.mojom.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/data_pipe_getter.mojom.h"
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#include "services/network/public/mojom/devtools_observer.mojom.h"
#include "services/network/public/mojom/trust_token_access_observer.mojom.h"
#include "services/network/public/mojom/url_loader.mojom.h"
@ -32,10 +33,6 @@
#include "url/mojom/origin_mojom_traits.h"
#include "url/mojom/url_gurl_mojom_traits.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#endif
namespace network {
namespace {

51
services/network/public/mojom/BUILD.gn

@ -479,6 +479,7 @@ mojom("url_loader_base") {
"cross_origin_embedder_policy.mojom",
"cross_origin_opener_policy.mojom",
"data_pipe_getter.mojom",
"device_bound_sessions.mojom",
"devtools_observer.mojom",
"document_isolation_policy.mojom",
"early_hints.mojom",
@ -548,10 +549,6 @@ mojom("url_loader_base") {
enabled_features += [ "use_network_interface_change_listener" ]
}
if (enable_device_bound_sessions) {
enabled_features += [ "enable_device_bound_sessions" ]
}
if (!is_ios) {
export_class_attribute_blink = "BLINK_PLATFORM_EXPORT"
export_define_blink = "BLINK_PLATFORM_IMPLEMENTATION=1"
@ -681,11 +678,8 @@ mojom("url_loader_base") {
"//services/network/public/mojom/devtools_observer.mojom.h",
"//services/network/public/mojom/cookie_access_observer.mojom.h",
"//services/network/public/mojom/trust_token_access_observer.mojom.h",
"//services/network/public/mojom/device_bound_sessions.mojom.h",
]
if (enable_device_bound_sessions) {
traits_private_headers +=
[ "//services/network/public/mojom/device_bound_sessions.mojom.h" ]
}
traits_public_deps = [
":mojom_network_isolation_key",
"//base",
@ -831,6 +825,21 @@ mojom("url_loader_base") {
[ "//services/network/public/cpp/load_timing_info_mojom_traits.h" ]
traits_public_deps = [ "//net" ]
},
{
types = [
{
mojom = "network.mojom.DeviceBoundSessionKey"
cpp = "::net::device_bound_sessions::SessionKey"
},
]
traits_headers = [
"//services/network/public/cpp/device_bound_sessions_mojom_traits.h",
]
traits_sources = [
"//services/network/public/cpp/device_bound_sessions_mojom_traits.cc",
]
traits_public_deps = [ "//net" ]
},
]
if (is_linux) {
@ -855,28 +864,6 @@ mojom("url_loader_base") {
]
}
if (enable_device_bound_sessions) {
sources += [ "device_bound_sessions.mojom" ]
cpp_typemaps += [
{
types = [
{
mojom = "network.mojom.DeviceBoundSessionKey"
cpp = "::net::device_bound_sessions::SessionKey"
},
]
traits_headers = [
"//services/network/public/cpp/device_bound_sessions_mojom_traits.h",
]
traits_sources = [
"//services/network/public/cpp/device_bound_sessions_mojom_traits.cc",
]
traits_public_deps = [ "//net" ]
},
]
}
cpp_typemaps += shared_typemaps
blink_cpp_typemaps = shared_typemaps
@ -1578,10 +1565,6 @@ mojom("mojom") {
enabled_features += [ "use_network_interface_change_listener" ]
}
if (enable_device_bound_sessions) {
enabled_features += [ "enable_device_bound_sessions" ]
}
# Typemaps which apply to both Blink and non-Blink bindings.
shared_cpp_typemaps = []

197
services/network/public/mojom/network_context.mojom

@ -4,14 +4,13 @@
module network.mojom;
import "components/ip_protection/mojom/core.mojom";
import "mojo/public/mojom/base/file_path.mojom";
import "mojo/public/mojom/base/time.mojom";
import "mojo/public/mojom/base/unguessable_token.mojom";
import "mojo/public/mojom/base/values.mojom";
import "components/ip_protection/mojom/core.mojom";
import "sandbox/policy/mojom/context.mojom";
import "services/network/public/mojom/address_list.mojom";
import "services/network/public/mojom/url_loader_network_service_observer.mojom";
import "services/network/public/mojom/cert_verifier_service.mojom";
import "services/network/public/mojom/clear_data_filter.mojom";
import "services/network/public/mojom/client_security_state.mojom";
@ -22,26 +21,26 @@ import "services/network/public/mojom/cookie_setting_overrides.mojom";
import "services/network/public/mojom/cors_origin_pattern.mojom";
import "services/network/public/mojom/cross_origin_embedder_policy.mojom";
import "services/network/public/mojom/default_credentials.mojom";
import "services/network/public/mojom/device_bound_sessions.mojom";
import "services/network/public/mojom/devtools_observer.mojom";
import "services/network/public/mojom/restricted_udp_socket.mojom";
import "services/network/public/mojom/fetch_api.mojom";
import "services/network/public/mojom/first_party_sets_access_delegate.mojom";
import "services/network/public/mojom/hash_value.mojom";
import "services/network/public/mojom/host_resolver.mojom";
import "services/network/public/mojom/http_cache_backend_file_operations.mojom";
import "services/network/public/mojom/http_request_headers.mojom";
import "services/network/public/mojom/ip_address.mojom";
import "services/network/public/mojom/ip_endpoint.mojom";
import "services/network/public/mojom/ip_address_space.mojom";
import "services/network/public/mojom/ip_endpoint.mojom";
import "services/network/public/mojom/isolation_info.mojom";
import "services/network/public/mojom/mdns_responder.mojom";
import "services/network/public/mojom/mutable_network_traffic_annotation_tag.mojom";
import "services/network/public/mojom/net_log.mojom";
import "services/network/public/mojom/network_isolation_key.mojom";
import "services/network/public/mojom/network_anonymization_key.mojom";
import "services/network/public/mojom/oblivious_http_request.mojom";
import "services/network/public/mojom/hash_value.mojom";
import "services/network/public/mojom/isolation_info.mojom";
import "services/network/public/mojom/network_context_client.mojom";
import "services/network/public/mojom/network_isolation_key.mojom";
import "services/network/public/mojom/network_param.mojom";
import "services/network/public/mojom/oblivious_http_request.mojom";
import "services/network/public/mojom/parsed_headers.mojom";
import "services/network/public/mojom/proxy_config.mojom";
import "services/network/public/mojom/proxy_config_with_annotation.mojom";
@ -49,6 +48,7 @@ import "services/network/public/mojom/proxy_lookup_client.mojom";
import "services/network/public/mojom/proxy_resolving_socket.mojom";
import "services/network/public/mojom/reporting_service.mojom";
import "services/network/public/mojom/restricted_cookie_manager.mojom";
import "services/network/public/mojom/restricted_udp_socket.mojom";
import "services/network/public/mojom/shared_dictionary_access_observer.mojom";
import "services/network/public/mojom/shared_dictionary_isolation_key.mojom";
import "services/network/public/mojom/shared_dictionary_usage_info.mojom";
@ -58,15 +58,16 @@ import "services/network/public/mojom/ssl_config.mojom";
import "services/network/public/mojom/storage_access_api.mojom";
import "services/network/public/mojom/tcp_socket.mojom";
import "services/network/public/mojom/transferable_directory.mojom";
import "services/network/public/mojom/trust_tokens.mojom";
import "services/network/public/mojom/trust_token_access_observer.mojom";
import "services/network/public/mojom/trust_tokens.mojom";
import "services/network/public/mojom/udp_socket.mojom";
import "services/network/public/mojom/url_loader.mojom";
import "services/network/public/mojom/url_loader_factory.mojom";
import "services/network/public/mojom/url_loader_network_service_observer.mojom";
import "services/network/public/mojom/url_request.mojom";
import "services/network/public/mojom/url_response_head.mojom";
import "services/network/public/mojom/websocket.mojom";
import "services/network/public/mojom/web_transport.mojom";
import "services/network/public/mojom/websocket.mojom";
import "services/proxy_resolver/public/mojom/proxy_resolver.mojom";
import "url/mojom/origin.mojom";
import "url/mojom/url.mojom";
@ -83,13 +84,12 @@ import "services/network/public/mojom/p2p_trusted.mojom";
[EnableIf=is_win]
import "services/proxy_resolver_win/public/mojom/proxy_resolver_win.mojom";
[EnableIf=enable_device_bound_sessions]
import "services/network/public/mojom/device_bound_sessions.mojom";
const uint32 kWebSocketOptionNone = 0;
// Disallow the request from sending cookies. Disallow the response from writing
// cookies.
const uint32 kWebSocketOptionBlockAllCookies = 1;
// Similar to |kWebSocketOptionBlockAllCookies|, but only for third party
// cookies.
const uint32 kWebSocketOptionBlockThirdPartyCookies = 2;
@ -129,10 +129,9 @@ interface CustomProxyConnectionObserver {
// Called when the response headers for the proxy tunnel request have been
// received.
OnTunnelHeadersReceived(
ProxyChain proxy_chain,
uint64 chain_index,
HttpResponseHeaders response_headers);
OnTunnelHeadersReceived(ProxyChain proxy_chain,
uint64 chain_index,
HttpResponseHeaders response_headers);
};
// Includes a pipe to a CertVerifierService for usage by the
@ -144,7 +143,7 @@ struct CertVerifierServiceRemoteParams {
// Receives notifications of changes to the CertVerifier.
pending_receiver<cert_verifier.mojom.CertVerifierServiceClient>?
cert_verifier_service_client_receiver;
cert_verifier_service_client_receiver;
};
// Client to update the custom proxy config.
@ -155,8 +154,8 @@ interface CustomProxyConfigClient {
// Sent by TrustedURLLoaderHeaderClient to perform modifications for a request.
interface TrustedHeaderClient {
// Allows modifying request headers before the request is sent.
OnBeforeSendHeaders(HttpRequestHeaders headers) =>
(int32 result, HttpRequestHeaders? headers);
OnBeforeSendHeaders(HttpRequestHeaders headers)
=> (int32 result, HttpRequestHeaders? headers);
// Allows modifying response headers, including sensitive headers such as
// set-cookie. This should only be used from a trusted process.
@ -167,10 +166,10 @@ interface TrustedHeaderClient {
// used. If |preserve_fragment_on_redirect_url| is populated, and the
// request is redirected to exactly that URL, then the fragment of the
// original URL will not be copied to the redirect target URL.
OnHeadersReceived(string headers, IPEndPoint remote_endpoint) =>
(int32 result,
string? headers,
url.mojom.Url? preserve_fragment_on_redirect_url);
OnHeadersReceived(string headers, IPEndPoint remote_endpoint)
=> (int32 result,
string? headers,
url.mojom.Url? preserve_fragment_on_redirect_url);
};
// Interface to allow modifying the full request and response headers. This
@ -179,8 +178,8 @@ interface TrustedHeaderClient {
interface TrustedURLLoaderHeaderClient {
// When a new URLLoader is created, this will be called to pass a
// corresponding |header_client|.
OnLoaderCreated(int32 request_id,
pending_receiver<TrustedHeaderClient> header_client);
OnLoaderCreated(
int32 request_id, pending_receiver<TrustedHeaderClient> header_client);
// When a new URLLoader is created for a CORS preflight request, this will
// be called to pass a corresponding |header_client|.
@ -192,8 +191,8 @@ interface TrustedURLLoaderHeaderClient {
struct HttpAuthStaticNetworkContextParams {
// Whether authentication APIs that support fallback to the default account
// on the system can be used without specifying an account.
DefaultCredentials allow_default_credentials
= DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS;
DefaultCredentials allow_default_credentials =
DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS;
};
[EnableIf=is_ct_supported]
@ -307,7 +306,6 @@ struct SocketBrokerRemotes {
pending_remote<SocketBroker> server;
};
// Parameters for constructing a network context.
struct NetworkContextParams {
// The user agent string.
@ -654,7 +652,8 @@ struct NetworkConditions {
};
// Represents a shared dictionary.
// Spec: https://datatracker.ietf.org/doc/draft-ietf-httpbis-compression-dictionary/
// Spec:
// https://datatracker.ietf.org/doc/draft-ietf-httpbis-compression-dictionary/
struct SharedDictionaryInfo {
// The "match" value of the Use-As-Dictionary header.
string match;
@ -698,6 +697,7 @@ struct SignedExchangeReport {
};
const int32 kBrowserProcessId = 0;
const int32 kInvalidProcessId = -1;
// URLLoaderFactory made by the network service consists of two layers of
@ -873,28 +873,28 @@ struct URLLoaderFactoryParams {
pending_remote<DevToolsObserver>? devtools_observer;
// Used to notify about usages of device bound sessions.
[EnableIf=enable_device_bound_sessions]
pending_remote<DeviceBoundSessionAccessObserver>? device_bound_session_observer;
pending_remote<DeviceBoundSessionAccessObserver>?
device_bound_session_observer;
// If this equals kForbid, the context to which this loader is bound does not
// allow Trust Tokens (https://github.com/wicg/trust-token-api) issuance
// operation.
//
// TODO(crbug.com/40126948): Once Permissions Policy headers are available from
// a trusted source, it would be good to set this depending on the headers'
// values, too.
TrustTokenOperationPolicyVerdict
trust_token_issuance_policy = kPotentiallyPermit;
// TODO(crbug.com/40126948): Once Permissions Policy headers are available
// from a trusted source, it would be good to set this depending on the
// headers' values, too.
TrustTokenOperationPolicyVerdict trust_token_issuance_policy =
kPotentiallyPermit;
// If this equals kForbid, the context to which this loader is bound does not
// allow any Trust Tokens (https://github.com/wicg/trust-token-api)
// redemption or signing operations.
//
// TODO(crbug.com/40126948): Once Permissions Policy headers are available from
// a trusted source, it would be good to set this depending on the headers'
// values, too.
TrustTokenOperationPolicyVerdict
trust_token_redemption_policy = kPotentiallyPermit;
// TODO(crbug.com/40126948): Once Permissions Policy headers are available
// from a trusted source, it would be good to set this depending on the
// headers' values, too.
TrustTokenOperationPolicyVerdict trust_token_redemption_policy =
kPotentiallyPermit;
// TODO(lukasza): https://crbug.com/1151008: Consider removing this
// diagnostic aid once the bug is understood.
@ -925,8 +925,9 @@ interface NetworkContext {
SetClient(pending_remote<NetworkContextClient> client);
// Creates a new URLLoaderFactory with the given |params|.
CreateURLLoaderFactory(pending_receiver<URLLoaderFactory> url_loader_factory,
URLLoaderFactoryParams params);
CreateURLLoaderFactory(
pending_receiver<URLLoaderFactory> url_loader_factory,
URLLoaderFactoryParams params);
// Destroys all URLLoaderFactory bindings, which should then be regenerated.
// This should be called if there is a change to the proxies which should be
@ -997,13 +998,12 @@ interface NetworkContext {
ClearTrustTokenSessionOnlyData() => (bool any_data_deleted);
// Returns the number of signed-but-not-spent Trust Tokens.
GetStoredTrustTokenCounts()
=> (array<StoredTrustTokensForIssuer> tokens);
GetStoredTrustTokenCounts() => (array<StoredTrustTokensForIssuer> tokens);
// Returns map of issuer to list of toplevel/last redemption pairs.
GetPrivateStateTokenRedemptionRecords()
=> (map<url.mojom.Origin, array<ToplevelRedemptionRecord>>
issuer_redemption_record_map);
issuer_redemption_record_map);
// Deletes all Trust Tokens issued by |issuer|.
//
@ -1022,8 +1022,8 @@ interface NetworkContext {
// currently only covers server properties and transport security state.
//
// The callback will be invoked once the data has been deleted.
ClearNetworkingHistoryBetween(mojo_base.mojom.Time start_time,
mojo_base.mojom.Time end_time) => ();
ClearNetworkingHistoryBetween(
mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time) => ();
// Clears content from the HTTP cache. A specific range of time can be
// specified with `start_time` and `end_time`. This supports unbounded deletes
@ -1045,8 +1045,8 @@ interface NetworkContext {
//
// |size_or_error|, if non-negative, is the result in bytes; and a net error
// code if negative.
ComputeHttpCacheSize(mojo_base.mojom.Time start_time,
mojo_base.mojom.Time end_time)
ComputeHttpCacheSize(
mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time)
=> (bool is_upper_bound, int64 size_or_error);
// Notifies the HttpCache of a renderer-level cache hit with `url`
@ -1057,7 +1057,8 @@ interface NetworkContext {
//
// This is being proxied by the browser because the renderer is unable to
// directly interact with NetworkContext.
NotifyExternalCacheHit(url.mojom.Url url, string http_method,
NotifyExternalCacheHit(url.mojom.Url url,
string http_method,
NetworkIsolationKey key,
bool include_credentials);
@ -1113,10 +1114,14 @@ interface NetworkContext {
ClearNetworkErrorLogging(ClearDataFilter? filter) => ();
// Mirror of domain_reliability::DomainReliabilityClearMode.
enum DomainReliabilityClearMode {CLEAR_CONTEXTS, CLEAR_BEACONS};
enum DomainReliabilityClearMode {
CLEAR_CONTEXTS,
CLEAR_BEACONS,
};
// Clears Domain Reliability entries, specified by |mode|.
ClearDomainReliability(ClearDataFilter? filter,
DomainReliabilityClearMode mode) => ();
ClearDomainReliability(
ClearDataFilter? filter, DomainReliabilityClearMode mode) => ();
// Clears dictionaries from the shared dictionary cache. A specific range of
// time can be specified with `start_time` and `end_time`. This supports
@ -1149,15 +1154,15 @@ interface NetworkContext {
// Spec: https://w3c.github.io/reporting/#header
SetDocumentReportingEndpoints(
mojo_base.mojom.UnguessableToken reporting_source,
url.mojom.Origin origin, IsolationInfo isolation_info,
map<string,string> endpoints);
url.mojom.Origin origin,
IsolationInfo isolation_info,
map<string, string> endpoints);
// Configures reporting endpoints set by the ReportingEndpoints enterprise
// policy.
// `endpoints` is a mapping of endpoint name to URL (URLs will be rejected if
// they fail to parse or are not secure).
SetEnterpriseReportingEndpoints(
map<string,url.mojom.Url> endpoints);
SetEnterpriseReportingEndpoints(map<string, url.mojom.Url> endpoints);
// Queues any outstanding reports for a single |reporting_source| (which
// must not be empty), and removes the reporting endpoint configuration for
@ -1196,9 +1201,9 @@ interface NetworkContext {
mojo_base.mojom.DictionaryValue body);
QueueEnterpriseReport(string type,
string group,
url.mojom.Url url,
mojo_base.mojom.DictionaryValue body);
string group,
url.mojom.Url url,
mojo_base.mojom.DictionaryValue body);
// Queues a signed exchange report.
//
@ -1401,7 +1406,8 @@ interface NetworkContext {
uint32 options,
MutableNetworkTrafficAnnotationTag traffic_annotation,
pending_remote<WebSocketHandshakeClient> handshake_client,
pending_remote<URLLoaderNetworkServiceObserver>? url_loader_network_observer,
pending_remote<URLLoaderNetworkServiceObserver>?
url_loader_network_observer,
pending_remote<WebSocketAuthenticationHandler>? auth_handler,
pending_remote<TrustedHeaderClient>? header_client,
mojo_base.mojom.UnguessableToken? throttling_profile_id);
@ -1414,11 +1420,11 @@ interface NetworkContext {
//
// It is recommended to detect mojo connection errors on |handshake_client|.
CreateWebTransport(
url.mojom.Url url,
url.mojom.Origin origin,
NetworkAnonymizationKey network_anonymization_key,
array<WebTransportCertificateFingerprint> fingerprints,
pending_remote<WebTransportHandshakeClient> handshake_client);
url.mojom.Url url,
url.mojom.Origin origin,
NetworkAnonymizationKey network_anonymization_key,
array<WebTransportCertificateFingerprint> fingerprints,
pending_remote<WebTransportHandshakeClient> handshake_client);
// Create a NetLogExporter, which helps export NetLog to an existing file.
// Note that the log is generally global, including all NetworkContexts
@ -1483,9 +1489,10 @@ interface NetworkContext {
// HostResolvers will be cancelled. Such requests will receive ERR_FAILED via
// |response_client|.
//
// TODO(crbug.com/41375980): If necessary as usage and functionality is added to
// the contained ResolveHost method, consider adding the ability for this to
// be a restricted resolver with some functionality disabled (eg maybe MDNS).
// TODO(crbug.com/41375980): If necessary as usage and functionality is added
// to the contained ResolveHost method, consider adding the ability for this
// to be a restricted resolver with some functionality disabled (eg maybe
// MDNS).
CreateHostResolver(DnsConfigOverrides? config_overrides,
pending_receiver<HostResolver> host_resolver);
@ -1494,14 +1501,13 @@ interface NetworkContext {
VerifyCertForSignedExchange(X509Certificate certificate,
url.mojom.Url url,
string ocsp_response,
string sct_list) => (int32 error_code,
CertVerifyResult cv_result,
bool pkp_bypassed);
string sct_list)
=> (int32 error_code, CertVerifyResult cv_result, bool pkp_bypassed);
// Adds explicitly-specified data as if it was processed from an
// HSTS header. Used by tests and implementation of chrome://net-internals.
AddHSTS(string host, mojo_base.mojom.Time expiry,
bool include_subdomains) => ();
AddHSTS(string host, mojo_base.mojom.Time expiry, bool include_subdomains)
=> ();
// Returns true if it is known that |host| has requested to always be
// accessed via HTTPS.
@ -1509,8 +1515,7 @@ interface NetworkContext {
// Retrieve values from the HSTS state from the associated contexts
// transport security state.
GetHSTSState(string domain)
=> (mojo_base.mojom.DictionaryValue state);
GetHSTSState(string domain) => (mojo_base.mojom.DictionaryValue state);
// Sets allowed and blocked origins respectively for the URLLoaderFactory
// consumers to access beyond the same-origin policy. The list is managed per
@ -1521,9 +1526,10 @@ interface NetworkContext {
// TODO(crbug.com/40094155): Eventually, we want to stop using per-context
// access lists, and use only per-factory access lists, or stop managing the
// list in the NetworkService completely.
SetCorsOriginAccessListsForOrigin(
url.mojom.Origin source_origin, array<CorsOriginPattern> allow_patterns,
array<CorsOriginPattern> block_patterns) => ();
SetCorsOriginAccessListsForOrigin(url.mojom.Origin source_origin,
array<CorsOriginPattern> allow_patterns,
array<CorsOriginPattern> block_patterns)
=> ();
// Deletes any dynamic data stored for |host| from the transport
// security state. Returns true iff an entry was deleted.
@ -1573,8 +1579,8 @@ interface NetworkContext {
// |url|. Only supports basic auth scheme. Only looks up server (not proxy)
// auth credentials, and only those that are usable in the scope of
// |network_anonymization_key|.
LookupServerBasicAuthCredentials(url.mojom.Url url,
NetworkAnonymizationKey network_anonymization_key)
LookupServerBasicAuthCredentials(
url.mojom.Url url, NetworkAnonymizationKey network_anonymization_key)
=> (AuthCredentials? credentials);
// Looks up the proxy authentication credentials associated with
@ -1583,12 +1589,12 @@ interface NetworkContext {
// specified as a case-insensitive string. Unlike server credentials, proxy
// credentials are not keyed on NetworkAnonymizationKey.
[EnableIf=is_chromeos_ash]
LookupProxyAuthCredentials(ProxyServer proxy_server,
string auth_scheme, string realm)
LookupProxyAuthCredentials(
ProxyServer proxy_server, string auth_scheme, string realm)
=> (AuthCredentials? credentials);
[Sync]
// Enables the checking of static PKP records.
[Sync]
EnableStaticKeyPinningForTesting() => ();
// Verifies the given certificate using the context's CertVerifier.
@ -1597,14 +1603,14 @@ interface NetworkContext {
string ocsp_response,
string sct_list) => (int32 error_code);
[Sync]
// Adds a Domain Reliability Context.
AddDomainReliabilityContextForTesting(
url.mojom.Origin origin, url.mojom.Url upload_url) => ();
[Sync]
AddDomainReliabilityContextForTesting(
url.mojom.Origin origin, url.mojom.Url upload_url) => ();
// Forces all pending Domain Reliability uploads to run now, even if their
// minimum delay has not yet passed.
[Sync]
ForceDomainReliabilityUploadsForTesting() => ();
// Set the SCT auditing mode for this NetworkContext.
@ -1626,8 +1632,8 @@ interface NetworkContext {
// Get a list of origins where shared dictionaries are registered. A specific
// range of time can be specified with `start_time` and `end_time`.
GetSharedDictionaryOriginsBetween(mojo_base.mojom.Time start_time,
mojo_base.mojom.Time end_time)
GetSharedDictionaryOriginsBetween(
mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time)
=> (array<url.mojom.Origin> origins);
// Sets maximum size of the shared dictionary cache.
@ -1637,6 +1643,7 @@ interface NetworkContext {
PreloadSharedDictionaryInfoForDocument(
array<url.mojom.Url> urls,
pending_receiver<PreloadedSharedDictionaryInfoHandle> preload_handle);
// Check if there is a preloaded shared dictionary info.
HasPreloadedSharedDictionaryInfoForTesting() => (bool value);
@ -1647,7 +1654,8 @@ interface NetworkContext {
// Will flush cached client certificate for `host` if `certificate`
// doesn't match the corresponding cached certificate.
FlushCachedClientCertIfNeeded(HostPortPair host, X509Certificate certificate);
FlushCachedClientCertIfNeeded(
HostPortPair host, X509Certificate certificate);
// Flushes a cached client certificate preference if `certificate` matches
// the cached certificate.
@ -1709,8 +1717,7 @@ interface NetworkContext {
// Gets the DeviceBoundSessionManager associated with this network context.
//
// This must only be passed to trusted processes.
[EnableIf=enable_device_bound_sessions,
AllowedContext=sandbox.mojom.Context.kBrowser]
[AllowedContext=sandbox.mojom.Context.kBrowser]
GetDeviceBoundSessionManager(
pending_receiver<DeviceBoundSessionManager> device_bound_session_manager);
};

23
services/network/public/mojom/url_request.mojom

@ -8,14 +8,15 @@ import "mojo/public/mojom/base/big_buffer.mojom";
import "mojo/public/mojom/base/file_path.mojom";
import "mojo/public/mojom/base/time.mojom";
import "mojo/public/mojom/base/unguessable_token.mojom";
import "services/network/public/mojom/accept_ch_frame_observer.mojom";
import "services/network/public/mojom/attribution.mojom";
import "services/network/public/mojom/url_loader_network_service_observer.mojom";
import "services/network/public/mojom/chunked_data_pipe_getter.mojom";
import "services/network/public/mojom/client_security_state.mojom";
import "services/network/public/mojom/cors.mojom";
import "services/network/public/mojom/cookie_access_observer.mojom";
import "services/network/public/mojom/cookie_manager.mojom";
import "services/network/public/mojom/chunked_data_pipe_getter.mojom";
import "services/network/public/mojom/cors.mojom";
import "services/network/public/mojom/data_pipe_getter.mojom";
import "services/network/public/mojom/device_bound_sessions.mojom";
import "services/network/public/mojom/devtools_observer.mojom";
import "services/network/public/mojom/fetch_api.mojom";
import "services/network/public/mojom/http_raw_headers.mojom";
@ -28,17 +29,14 @@ import "services/network/public/mojom/request_priority.mojom";
import "services/network/public/mojom/shared_dictionary_access_observer.mojom";
import "services/network/public/mojom/site_for_cookies.mojom";
import "services/network/public/mojom/storage_access_api.mojom";
import "services/network/public/mojom/trust_tokens.mojom";
import "services/network/public/mojom/trust_token_access_observer.mojom";
import "services/network/public/mojom/trust_tokens.mojom";
import "services/network/public/mojom/url_loader_network_service_observer.mojom";
import "services/network/public/mojom/url_response_head.mojom";
import "services/network/public/mojom/web_bundle_handle.mojom";
import "services/network/public/mojom/accept_ch_frame_observer.mojom";
import "url/mojom/origin.mojom";
import "url/mojom/url.mojom";
[EnableIf=enable_device_bound_sessions]
import "services/network/public/mojom/device_bound_sessions.mojom";
// This enums corresponds to net::SourceStream::SourceType.
enum SourceType {
kBrotli,
@ -105,8 +103,8 @@ struct TrustedUrlRequestParams {
// access of a device bound session. This include registration or
// deferral. If this is set to non-null, the observer passed in
// URLLoaderFactoryParams will be ignored.
[EnableIf=enable_device_bound_sessions]
pending_remote<DeviceBoundSessionAccessObserver>? device_bound_session_observer;
pending_remote<DeviceBoundSessionAccessObserver>?
device_bound_session_observer;
// Specifies the security state of the client, for cases when the
// URLLoaderFactory is shared among multiple clients.
@ -531,14 +529,14 @@ struct URLRequest {
// ok.
StorageAccessApiStatus storage_access_api_status;
// Indicates whether web or OS-level Attribution Reporting is supported.
// Indicates whether web or OS-level Attribution Reporting is supported.
AttributionSupport attribution_reporting_support;
// Indicates the value of the request's `Attribution-Reporting-Eligible`
// header; how this header is interpreted depends on the context in which
// the request is made.
AttributionReportingEligibility attribution_reporting_eligibility =
AttributionReportingEligibility.kUnset;
AttributionReportingEligibility.kUnset;
// When applicable, indicates the token of an Attribution Reporting API
// eligible navigation request to which the current request is associated.
@ -619,6 +617,7 @@ union DataElement {
struct SocketTag {
[EnableIf=is_android]
uint32 uid;
[EnableIf=is_android]
int32 tag;
};

5
services/network/test/test_network_context.h

@ -42,10 +42,7 @@
#include "services/network/public/mojom/web_transport.mojom.h"
#include "services/network/public/mojom/websocket.mojom.h"
#include "url/origin.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#endif
namespace net {
class NetworkAnonymizationKey;
@ -377,11 +374,9 @@ class TestNetworkContext : public mojom::NetworkContext {
traffic_annotation) override {}
void GetBoundNetworkForTesting(
GetBoundNetworkForTestingCallback callback) override {}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
void GetDeviceBoundSessionManager(
mojo::PendingReceiver<network::mojom::DeviceBoundSessionManager>
device_bound_session_manager) override {}
#endif
};
} // namespace network

2
services/network/test/url_loader_context_for_tests.cc

@ -42,12 +42,10 @@ mojom::DevToolsObserver* URLLoaderContextForTests::GetDevToolsObserver() const {
return nullptr;
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojom::DeviceBoundSessionAccessObserver*
URLLoaderContextForTests::GetDeviceBoundSessionAccessObserver() const {
return nullptr;
}
#endif
mojom::NetworkContextClient* URLLoaderContextForTests::GetNetworkContextClient()
const {

2
services/network/test/url_loader_context_for_tests.h

@ -51,10 +51,8 @@ class URLLoaderContextForTests : public URLLoaderContext {
mojom::TrustTokenAccessObserver* GetTrustTokenAccessObserver() const override;
mojom::CrossOriginEmbedderPolicyReporter* GetCoepReporter() const override;
mojom::DevToolsObserver* GetDevToolsObserver() const override;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojom::DeviceBoundSessionAccessObserver* GetDeviceBoundSessionAccessObserver()
const override;
#endif
mojom::NetworkContextClient* GetNetworkContextClient() const override;
mojom::TrustedURLLoaderHeaderClient* GetUrlLoaderHeaderClient()
const override;

8
services/network/url_loader.cc

@ -523,14 +523,12 @@ bool IncludesValidLoadField(const net::HttpResponseHeaders* headers) {
return item->item.is_token() && item->item.GetString() == "load";
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::SharedRemote<mojom::DeviceBoundSessionAccessObserver> Clone(
mojom::DeviceBoundSessionAccessObserver& observer) {
mojo::SharedRemote<mojom::DeviceBoundSessionAccessObserver> new_observer;
observer.Clone(new_observer.BindNewPipeAndPassReceiver());
return new_observer;
}
#endif
} // namespace
@ -586,10 +584,8 @@ URLLoader::URLLoader(
mojo::PendingRemote<mojom::URLLoaderNetworkServiceObserver>
url_loader_network_observer,
mojo::PendingRemote<mojom::DevToolsObserver> devtools_observer,
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer,
#endif
mojo::PendingRemote<mojom::AcceptCHFrameObserver> accept_ch_frame_observer,
std::unique_ptr<AttributionRequestHelper> attribution_request_helper,
bool shared_storage_writable_eligible)
@ -651,13 +647,11 @@ URLLoader::URLLoader(
devtools_observer_remote_(std::move(devtools_observer)),
devtools_observer_(PtrOrFallback(devtools_observer_remote_,
context.GetDevToolsObserver())),
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
device_bound_session_observer_remote_(
std::move(device_bound_session_observer)),
device_bound_session_observer_(
PtrOrFallback(device_bound_session_observer_remote_,
context.GetDeviceBoundSessionAccessObserver())),
#endif
shared_storage_request_helper_(
std::make_unique<SharedStorageRequestHelper>(
shared_storage_writable_eligible,
@ -914,7 +908,6 @@ void URLLoader::ConfigureRequest(
url_request_->set_socket_tag(std::move(socket_tag));
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
// Device bound session access can happen asynchronously as a result
// of this URLRequest. So create a separate Remote that will outlive
// this.
@ -923,7 +916,6 @@ void URLLoader::ConfigureRequest(
&mojom::DeviceBoundSessionAccessObserver::OnDeviceBoundSessionAccessed,
Clone(*device_bound_session_observer_)));
}
#endif
}
// This class is used to manage the queue of pending file upload operations

9
services/network/url_loader.h

@ -47,6 +47,7 @@
#include "services/network/public/mojom/accept_ch_frame_observer.mojom.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/cross_origin_embedder_policy.mojom-forward.h"
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#include "services/network/public/mojom/devtools_observer.mojom.h"
#include "services/network/public/mojom/fetch_api.mojom.h"
#include "services/network/public/mojom/ip_address_space.mojom-forward.h"
@ -66,10 +67,6 @@
#include "services/network/upload_progress_tracker.h"
#include "services/network/url_loader_context.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#endif
namespace net {
class HttpResponseHeaders;
class IOBufferWithSize;
@ -198,10 +195,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
mojo::PendingRemote<mojom::URLLoaderNetworkServiceObserver>
url_loader_network_observer,
mojo::PendingRemote<mojom::DevToolsObserver> devtools_observer,
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_access_observer,
#endif
mojo::PendingRemote<mojom::AcceptCHFrameObserver>
accept_ch_frame_observer,
std::unique_ptr<AttributionRequestHelper> attribution_request_helper,
@ -842,12 +837,10 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
url_loader_network_observer_ = nullptr;
const mojo::Remote<mojom::DevToolsObserver> devtools_observer_remote_;
const raw_ptr<mojom::DevToolsObserver> devtools_observer_ = nullptr;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
const mojo::Remote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer_remote_;
const raw_ptr<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer_ = nullptr;
#endif
// Request helper responsible for processing Shared Storage headers
// (https://github.com/WICG/shared-storage#from-response-headers).

2
services/network/url_loader_context.h

@ -54,10 +54,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoaderContext {
const = 0;
virtual orb::PerFactoryState& GetMutableOrbState() = 0;
virtual bool DataUseUpdatesEnabled() = 0;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
virtual mojom::DeviceBoundSessionAccessObserver*
GetDeviceBoundSessionAccessObserver() const = 0;
#endif
protected:
// `protected` destructor = can only destruct via concrete implementations

17
services/network/url_loader_factory.cc

@ -87,13 +87,9 @@ URLLoaderFactory::URLLoaderFactory(
cors_url_loader_factory_(cors_url_loader_factory),
cookie_observer_(std::move(params_->cookie_observer)),
trust_token_observer_(std::move(params_->trust_token_observer)),
devtools_observer_(std::move(params_->devtools_observer))
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
,
devtools_observer_(std::move(params_->devtools_observer)),
device_bound_session_observer_(
std::move(params_->device_bound_session_observer))
#endif
{
std::move(params_->device_bound_session_observer)) {
DCHECK(context);
DCHECK_NE(mojom::kInvalidProcessId, params_->process_id);
DCHECK(!params_->factory_override);
@ -359,7 +355,6 @@ void URLLoaderFactory::CreateLoaderAndStartWithSyncClient(
resource_request.trusted_params->devtools_observer));
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer;
if (resource_request.trusted_params &&
@ -369,7 +364,6 @@ void URLLoaderFactory::CreateLoaderAndStartWithSyncClient(
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>&>(
resource_request.trusted_params->device_bound_session_observer));
}
#endif
mojo::PendingRemote<mojom::AcceptCHFrameObserver> accept_ch_frame_observer;
if (resource_request.trusted_params &&
@ -395,10 +389,7 @@ void URLLoaderFactory::CreateLoaderAndStartWithSyncClient(
context_->GetSharedDictionaryManager(),
std::move(shared_dictionary_checker), std::move(cookie_observer),
std::move(trust_token_observer), std::move(url_loader_network_observer),
std::move(devtools_observer),
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
std::move(device_bound_session_observer),
#endif
std::move(devtools_observer), std::move(device_bound_session_observer),
std::move(accept_ch_frame_observer),
std::move(attribution_request_helper),
resource_request.shared_storage_writable_eligible);
@ -418,7 +409,6 @@ mojom::DevToolsObserver* URLLoaderFactory::GetDevToolsObserver() const {
return nullptr;
}
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojom::DeviceBoundSessionAccessObserver*
URLLoaderFactory::GetDeviceBoundSessionAccessObserver() const {
if (device_bound_session_observer_) {
@ -426,7 +416,6 @@ URLLoaderFactory::GetDeviceBoundSessionAccessObserver() const {
}
return nullptr;
}
#endif
mojom::CookieAccessObserver* URLLoaderFactory::GetCookieAccessObserver() const {
if (cookie_observer_) {

9
services/network/url_loader_factory.h

@ -14,6 +14,7 @@
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "services/network/public/cpp/orb/orb_api.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#include "services/network/public/mojom/devtools_observer.mojom.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/trust_token_access_observer.mojom.h"
@ -21,10 +22,6 @@
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
#include "services/network/url_loader_context.h"
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#endif
namespace network {
class NetworkContext;
@ -93,10 +90,8 @@ class URLLoaderFactory : public mojom::URLLoaderFactory,
const override;
orb::PerFactoryState& GetMutableOrbState() override;
bool DataUseUpdatesEnabled() override;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojom::DeviceBoundSessionAccessObserver* GetDeviceBoundSessionAccessObserver()
const override;
#endif
// Allows starting a URLLoader with a synchronous URLLoaderClient as an
// optimization.
@ -155,10 +150,8 @@ class URLLoaderFactory : public mojom::URLLoaderFactory,
mojo::Remote<mojom::CookieAccessObserver> cookie_observer_;
mojo::Remote<mojom::TrustTokenAccessObserver> trust_token_observer_;
mojo::Remote<mojom::DevToolsObserver> devtools_observer_;
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::Remote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer_;
#endif
base::OneShotTimer update_load_info_timer_;
bool waiting_on_load_state_ack_ = false;

7
services/network/url_loader_unittest.cc

@ -653,10 +653,7 @@ struct URLLoaderOptions {
std::move(shared_dictionary_manager),
std::move(shared_dictionary_checker), std::move(cookie_observer),
std::move(trust_token_observer), std::move(url_loader_network_observer),
std::move(devtools_observer),
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
std::move(device_bound_session_observer),
#endif
std::move(devtools_observer), std::move(device_bound_session_observer),
std::move(accept_ch_frame_observer),
std::move(attribution_request_helper),
shared_storage_writable_eligible);
@ -681,10 +678,8 @@ struct URLLoaderOptions {
url_loader_network_observer = mojo::NullRemote();
mojo::PendingRemote<mojom::DevToolsObserver> devtools_observer =
mojo::NullRemote();
#if BUILDFLAG(ENABLE_DEVICE_BOUND_SESSIONS)
mojo::PendingRemote<mojom::DeviceBoundSessionAccessObserver>
device_bound_session_observer = mojo::NullRemote();
#endif
mojo::PendingRemote<mojom::AcceptCHFrameObserver> accept_ch_frame_observer =
mojo::NullRemote();
bool shared_storage_writable_eligible = false;