From 03478cd68d874f5953e071405a3e2d821a419bad Mon Sep 17 00:00:00 2001 From: Linh Kikuchi Date: Thu, 20 Jan 2022 15:33:59 +0900 Subject: [PATCH 1/5] Replace crlsets with redirector --- browser/net/brave_network_audit_allowed_lists.h | 2 +- .../brave_static_redirect_network_delegate_helper.cc | 8 ++++---- ...atic_redirect_network_delegate_helper_unittest.cc | 12 ++++++------ .../input_file_parsers.cc | 1 - ...llchecker-spellcheck_hunspell_dictionary.cc.patch | 2 +- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/browser/net/brave_network_audit_allowed_lists.h b/browser/net/brave_network_audit_allowed_lists.h index eda8bd055b8a..0f43ff9f6aa9 100644 --- a/browser/net/brave_network_audit_allowed_lists.h +++ b/browser/net/brave_network_audit_allowed_lists.h @@ -19,7 +19,7 @@ constexpr const char* kAllowedUrlProtocols[] = { constexpr const char* kAllowedUrlPrefixes[] = { // allowed because it 307's to https://componentupdater.brave.com "https://componentupdater.brave.com/service/update2", - "https://crlsets.brave.com/", + "https://redirector.brave.com/", "https://crxdownload.brave.com/crx/blobs/", // Omaha/Sparkle diff --git a/browser/net/brave_static_redirect_network_delegate_helper.cc b/browser/net/brave_static_redirect_network_delegate_helper.cc index b39ced0498a4..a71f4da6dfa1 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper.cc @@ -129,28 +129,28 @@ int OnBeforeURLRequest_StaticRedirectWorkForGURL( if (crlSet_pattern1.MatchesURL(request_url)) { replacements.SetSchemeStr("https"); - replacements.SetHostStr("crlsets.brave.com"); + replacements.SetHostStr("redirector.brave.com"); *new_url = request_url.ReplaceComponents(replacements); return net::OK; } if (crlSet_pattern2.MatchesURL(request_url)) { replacements.SetSchemeStr("https"); - replacements.SetHostStr("crlsets.brave.com"); + replacements.SetHostStr("redirector.brave.com"); *new_url = request_url.ReplaceComponents(replacements); return net::OK; } if (crlSet_pattern3.MatchesURL(request_url)) { replacements.SetSchemeStr("https"); - replacements.SetHostStr("crlsets.brave.com"); + replacements.SetHostStr("redirector.brave.com"); *new_url = request_url.ReplaceComponents(replacements); return net::OK; } if (crlSet_pattern4.MatchesURL(request_url)) { replacements.SetSchemeStr("https"); - replacements.SetHostStr("crlsets.brave.com"); + replacements.SetHostStr("redirector.brave.com"); *new_url = request_url.ReplaceComponents(replacements); return net::OK; } diff --git a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc index 45b3f20f34d2..b15865717b39 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc @@ -44,7 +44,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet1) { "https://dl.google.com/release2/chrome_component/AJ4r388iQSJq_4819/" "4819_all_crl-set-5934829738003798040.data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/release2/chrome_component/" + "https://redirector.brave.com/release2/chrome_component/" "AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); auto request_info = std::make_shared(url); @@ -60,7 +60,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet2) { "chrome_component/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040" ".data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/edgedl/release2/chrome_compone" + "https://redirector.brave.com/edgedl/release2/chrome_compone" "nt/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); auto request_info = std::make_shared(url); @@ -75,7 +75,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet3) { "https://www.google.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" + "https://redirector.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); auto request_info = std::make_shared(url); @@ -113,7 +113,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet1_http) { "http://dl.google.com/release2/chrome_component/AJ4r388iQSJq_4819/" "4819_all_crl-set-5934829738003798040.data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/release2/chrome_component/" + "https://redirector.brave.com/release2/chrome_component/" "AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); auto request_info = std::make_shared(url); @@ -129,7 +129,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet2_http) { "chrome_component/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040" ".data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/edgedl/release2/chrome_compone" + "https://redirector.brave.com/edgedl/release2/chrome_compone" "nt/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); auto request_info = std::make_shared(url); @@ -144,7 +144,7 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet3_http) { "http://www.google.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); const GURL expected_url( - "https://crlsets.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" + "https://redirector.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); auto request_info = std::make_shared(url); diff --git a/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc index 9756adeabc66..cc22341e680b 100644 --- a/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc +++ b/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc @@ -417,7 +417,6 @@ bool ParseJSON(base::StringPiece json, { "name": "brave-today-cdn.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "clients4.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "componentupdater.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, - { "name": "crlsets.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "crxdownload.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "devtools.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "extensionupdater.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, diff --git a/patches/chrome-browser-spellchecker-spellcheck_hunspell_dictionary.cc.patch b/patches/chrome-browser-spellchecker-spellcheck_hunspell_dictionary.cc.patch index c1761ce58c11..06f279b0db74 100644 --- a/patches/chrome-browser-spellchecker-spellcheck_hunspell_dictionary.cc.patch +++ b/patches/chrome-browser-spellchecker-spellcheck_hunspell_dictionary.cc.patch @@ -7,7 +7,7 @@ index 51c061d3bd117c926b74a10deab37d3a694e808b..1ba88c9ae7b4b027b9d63277b2685b1d static const char kDownloadServerUrl[] = - "https://redirector.gvt1.com/edgedl/chrome/dict/"; -+ "https://crlsets.brave.com/edgedl/chrome/dict/"; ++ "https://dict.brave.com/edgedl/chrome/dict/"; return GURL(std::string(kDownloadServerUrl) + base::ToLowerASCII(bdict_file)); From 4b1996c54c6eaef8be0f7f8cdcd7dd347fdf80ce Mon Sep 17 00:00:00 2001 From: Linh Kikuchi Date: Thu, 20 Jan 2022 15:35:51 +0900 Subject: [PATCH 2/5] Replace crlsets with redirector --- browser/net/brave_network_audit_allowed_lists.h | 1 - 1 file changed, 1 deletion(-) diff --git a/browser/net/brave_network_audit_allowed_lists.h b/browser/net/brave_network_audit_allowed_lists.h index 0f43ff9f6aa9..feaec603771c 100644 --- a/browser/net/brave_network_audit_allowed_lists.h +++ b/browser/net/brave_network_audit_allowed_lists.h @@ -19,7 +19,6 @@ constexpr const char* kAllowedUrlProtocols[] = { constexpr const char* kAllowedUrlPrefixes[] = { // allowed because it 307's to https://componentupdater.brave.com "https://componentupdater.brave.com/service/update2", - "https://redirector.brave.com/", "https://crxdownload.brave.com/crx/blobs/", // Omaha/Sparkle From befc43b563492983915832fbb44675d0d0ae1fd6 Mon Sep 17 00:00:00 2001 From: Linh Kikuchi Date: Thu, 20 Jan 2022 20:06:51 +0900 Subject: [PATCH 3/5] Fix lint and network audit for dict --- browser/net/brave_network_audit_allowed_lists.h | 1 + ...rave_static_redirect_network_delegate_helper_unittest.cc | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/browser/net/brave_network_audit_allowed_lists.h b/browser/net/brave_network_audit_allowed_lists.h index feaec603771c..f6dc701d6035 100644 --- a/browser/net/brave_network_audit_allowed_lists.h +++ b/browser/net/brave_network_audit_allowed_lists.h @@ -67,6 +67,7 @@ constexpr const char* kAllowedUrlPrefixes[] = { // Other "https://brave-core-ext.s3.brave.com/", + "https://dict.brave.com/", "https://go-updater.brave.com/", "https://p3a.brave.com/", "https://p3a-json.brave.com/", diff --git a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc index b15865717b39..2c7db0c32cb3 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc @@ -72,10 +72,12 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet2) { TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet3) { const GURL url( - "https://www.google.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" + "https://www.google.com/dl/release2/chrome_component/" + "LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); const GURL expected_url( - "https://redirector.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" + "https://redirector.brave.com/dl/release2/chrome_component/" + "LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); auto request_info = std::make_shared(url); From 2ec112585a6fadd46fd957a4d016735471da232f Mon Sep 17 00:00:00 2001 From: Linh Kikuchi Date: Thu, 20 Jan 2022 20:28:39 +0900 Subject: [PATCH 4/5] Fix lint and network audit for dict --- .../brave_static_redirect_network_delegate_helper_unittest.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc index 2c7db0c32cb3..d224e92d0740 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc @@ -146,7 +146,8 @@ TEST(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet3_http) { "http://www.google.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); const GURL expected_url( - "https://redirector.brave.com/dl/release2/chrome_component/LLjIBPPmveI_4988/" + "https://redirector.brave.com/dl/release2/chrome_component/" + "LLjIBPPmveI_4988/" "4988_all_crl-set-6296993568184466307.data.crx3"); auto request_info = std::make_shared(url); From 9af9f90c2f715269888537ce1ac56e38f3097adc Mon Sep 17 00:00:00 2001 From: Linh Kikuchi Date: Thu, 20 Jan 2022 21:28:56 +0900 Subject: [PATCH 5/5] replace crlsets dict with dict endpoint --- .../transport_security_state_generator/input_file_parsers.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc index cc22341e680b..9b74dfc09bd1 100644 --- a/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc +++ b/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc @@ -419,6 +419,7 @@ bool ParseJSON(base::StringPiece json, { "name": "componentupdater.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "crxdownload.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "devtools.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, + { "name": "dict.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "extensionupdater.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "gaia.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, { "name": "go-updater.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"},