-
Notifications
You must be signed in to change notification settings - Fork 900
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Brave News: Do not use APIRequestHelper for binary data #12857
Conversation
364ba7b
to
b088c3b
Compare
b088c3b
to
033cdc3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@petemill This doesn't look like it removes any of the (somewhat) identifying request headers (e.g. Accept-Language
, User-Agent
) when sending a request to the private CDN. Is that header removal done somewhere else? Or did we end up not implementing it? I can't remember.
@fmarier The header removal is done here https://github.com/brave/brave-core/pull/12857/files#diff-f5dc813d6939b2fdab7d89947a9657e8d6583d004b2d74c4839017647ca637f4R50 |
I pushed a refactor earlier today and didn't have a chance to build which is why there's CI errors, which I'll address now |
net::NetworkTrafficAnnotationTag annotation_tag, | ||
scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory) | ||
: annotation_tag_(annotation_tag), | ||
url_loader_factory_(url_loader_factory) {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std::move(url_loader_factory)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed, and noting that this is it's being done in the code I copied it from 😄 https://github.com/brave/brave-core/blob/master/components/api_request_helper/api_request_helper.cc#L45
request->credentials_mode = network::mojom::CredentialsMode::kOmit; | ||
request->method = net::HttpRequestHeaders::kGetMethod; | ||
// Don't send any identifying information, such as language or user agent | ||
for (auto entry : brave::private_cdn_headers) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const auto& entry
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
} | ||
} | ||
url_loaders_.erase(iter); | ||
std::move(callback).Run(response_code, *response_body); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
response_body
can be nullptr
if a network error has occurred [1]. It's better just check response_body
before dereferencing in case some other corner case will appear in SimpleURLLoader
.
- See
SetAllowPartialResults
and this code:
https://github.com/chromium/chromium/blob/4c7435484856fc171e16fa84d9c244fbadd6fa4a/services/network/public/cpp/simple_url_loader.cc#L1541-L1543
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
base::StringPiece body_payload(body.data(), body.size()); | ||
if (response_code < 200 || response_code >= 300 || | ||
(is_padded && | ||
!brave::PrivateCdnHelper::GetInstance()->RemovePadding( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RemovePadding
can be static.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would prefer to change in a follow-up. This is not introduced in this PR, and would prefer to limit this PR to fix the regression and not refactor.
&body_payload))) { | ||
// Byte padding removal failed | ||
absl::optional<std::vector<uint8_t>> args; | ||
std::move(callback).Run(std::move(args)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
absl::nullopt
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
bool auto_retry_on_network_change /* = true */, | ||
size_t max_body_size /* = 5 * 1024 * 1024 */) { | ||
// Do not allow unbounded max body | ||
DCHECK(max_body_size != = -1u); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
!= =
? 😏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for spotting - fixed
request->credentials_mode = network::mojom::CredentialsMode::kOmit; | ||
request->method = net::HttpRequestHeaders::kGetMethod; | ||
// Don't send any identifying information, such as language or user agent | ||
for (auto entry : brave::private_cdn_headers) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
brave::private_cdn_headers
should be a base::NoDestructor
instance accessible (and constructible) via some getter like brave::GetPrivateCDNHeaders()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would prefer to change in a follow-up. This is not introduced in this PR, and would prefer to limit this PR to fix the regression and not refactor
033cdc3
to
f67bf99
Compare
Create PrivateCDNRequestHelper to help ensure requests are anonymous. APIRequestHelper was no longer appropriate as it requires response to be JSON format.
f67bf99
to
ed65156
Compare
APIRequestHelper has recently changed to validate that the response is valid JSON.
Resolves brave/brave-browser#22024
Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
,npm run lint
,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan: