-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Desktop] Review non-registered components #11544
Comments
This is used by Safe Browsing and is a dependency of #6267. |
Wiki in progress: https://github.com/brave/brave-browser/wiki/Brave-Components |
Reached out to Andrew Whalley to check if Safety Tips and Certificate Error Assistant are still being maintained. |
@jumde In the wiki, are you sure Legacy TLS Deprecation Configuration should be unsupported? See #10607 (comment). |
Just to mention here that this is related to my PR brave/brave-core#7164. In short: I think Brave currently relies on a bug to not install unwanted components. My PR would fix this bug. So any solution to this issue should probably not rely on the bug being there. @jumde pointed out that the correct way to prevent a component from being installed is to not register it in the first place. Eg. by overriding functions like |
Also linking #8709 here because I think it is very closely related. |
Our fix isn't particularly obvious, but basically we replaced Chrome's list of exceptions with an empty list. So we disable TLS 1.0 and 1.1 for all sites, no exceptions. Therefore there is no need to load the component which updates Chrome's list. |
Do you mean the component should not be updated, or it should not be present in Brave at all? Or does it not matter? |
The component is not needed at all in Brave. It doesn't need to be updated or even be present. |
Got it, thank you. Who can tell us which components exactly should and shouldn't be in Brave? |
@mherrmann - I think just installing the components with a non-zero (0.0.0.0) version number on start (in nightly) makes sense. You can enable Crowd Deny as well to resolve #10280. |
Thank you @jumde. Do you mean that the answer to my question "which components should not be installed" is "those components that show up with version 0.0.0.0 when Brave is installed from scratch"? |
Issues to track enabling:
|
All components have been reviewed and issues have been filed. |
@bsclifton found that the root cause for #10607 (comment) is that we don't register a necessary component.
It would be good to review the list of components we don't install to make sure there's nothing we should enable:
Going forward, is there a way we can detect new ones and file issues for deciding what to do with them?
The text was updated successfully, but these errors were encountered: