0
Go to file
Chris Thompson dfd934f967 Add UseCounter for potential PNA 2.0 breakage
For our new approach to Private Network Access (PNA) restrictions, we
plan to trigger a permission prompt for requests from public sites to
private network endpoints. For HTTP subresources, the permission prompt
only works if we can _a priori_ know that the request is to a private
endpoint (so we can trigger the prompt _before_ it gets blocked as mixed
content). This CL adds a new UseCounter to track cases where:

- The request was from a non-secure context,
- The request was to a URL that is not potentially trustworthy,
- The request is to a less-public address space than the client making
  the request,
- The request, once connected, was determined to be to a private or
  local address space, and
- The request was not known a priori to be private/local.

We "a priori" know that a request is private/local if the
targetAddressSpace fetch param is specified, if the request is to a
`.local` domain, or if the request is to a private/local IP address
literal (or `localhost`).

(We restrict this breakage count to requests from non-secure contexts
only because (1) such requests from secure contexts would already be
blocked as mixed content today, but (2) PNA 2.0 will require that these
sites migrate to HTTPS in order to request permission.)

This logging is collected via `network::URLLoader::OnConnected()`
triggering a new `OnUrlLoaderConnectedToPrivateNetwork()` mojo API on
the `URLLoaderNetworkServiceObserver` (following the pattern of the
existing `OnWebSocketConnectedToPrivateNetwork()` API), which lets the
browser log the UseCounter.

Bug: 396085727
Change-Id: I9091e1d3902a4b92e6927b6cdb577d8c492c51c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6259197
Reviewed-by: Joe Downing <joedow@chromium.org>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Hubert Chao <hchao@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Chris Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1420322}
2025-02-13 22:34:57 -08:00
2025-02-13 15:06:17 -08:00
2025-02-13 20:54:36 -08:00
2025-02-13 21:14:01 -08:00
2025-02-12 08:11:17 -08:00
2025-01-29 15:00:06 -08:00
2025-02-10 05:52:50 -08:00

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.

Description
Chromium是一个开源浏览器项目,提供了一种安全、快速、稳定的方法来体验Web。该浏览器可以在多个平台上下载,包括Mac、Windows、Linux和ChromiumOS。项目原始地址: https://chromium.googlesource.com/chromium/src.git
https://www.mobibrw.com/gitea-mirrors/chromium/src.git
Readme BSD-3-Clause 89 GiB
Languages
C++ 74.4%
Java 8.2%
Objective-C++ 4.6%
TypeScript 4%
Python 2.5%
Other 6.1%