Avoid CNAME uncloaking if a proxy is configured

[antonok-edm]

Resolves brave/brave-browser#16011

Caveats about the previous implementation (since updated)

Disclaimer: this doesn't seem like the right solution, but I'm opening this now to get discussion going on how it should best be done, and possibly to get it merged as a short-term fix. In particular:

• The semantics of ProxyConfigDictionary are not quite what we're looking for. It'd be preferable to learn whether or not the proxy is in SingleProxy mode, but that's a private part of UrlRequestContext which I don't even see how to get here.
• This is difficult to test appropriately. I've only been able to test it so far by manually adding LOG statements and checking whether or not the correct if-branch is selected when the NordVPN extension is installed (on Linux).

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

• Install the NordVPN extension.
• Sign in to the extension via the menu in the plugin area at the top-right of the browser (NordVPN credentials are available in 1Password).
• In the extension UI, connect to the VPN. Use a location that is distinctly different from your actual location.
• Visit http://browserleaks.com/dns and begin the test.
• Once the test is complete, verify that the "Your DNS Servers" section does not show your actual location.

[diracdeltas]

not an expert here but this general approach sgtm

[iefremov]

I would extract this block to a separate function

[antonok-edm]

fixed!

[antonok-edm]

AdBlockServiceTest.CnameCloakedRequestsGetBlocked and AdBlockServiceTest.CnameCloakedRequestsCanBeExcepted are failing on Windows with this approach; something must be causing ProxySettingsAllowUncloaking to return false (possibly the CONFIG_PENDING branch?). I'm pushing some extra logging statements to investigate further since I don't have a Windows machine to test on locally.

[antonok-edm]

According to CI, this gets triggered on Windows without any additional configuration. It's unclear whether or not that's the case every time the proxy service is created, in which case we'll never have CNAME uncloaking on Windows with this approach, or if it will permanently be resolved after a short time on browser startup, in which case this is probably an acceptable fix.

Any thoughts @iefremov @darkdh?