From 773fd9443b35c5c7b419ad57d95a42fedf15cd7f Mon Sep 17 00:00:00 2001 From: Pranjal Date: Tue, 13 Nov 2018 13:27:50 -0800 Subject: [PATCH] Issue 518: Enabling CRLSets Revoked certificates don't show certificate error on all platforms. This PR enables CRLSets, a component managed by Google to show certificate errors for domains with revoked certificates. Since, CRLSets is maintained by Google we will be proxying requests for CRLSets through crlsets[n].brave.com, crxdownload.brave.com (resources) and componentupdater.brave.com (component updates) auditors: @bbondy, @bsclifton, @diracdeltas --- ...static_redirect_network_delegate_helper.cc | 110 +++++++++++++----- ...direct_network_delegate_helper_unittest.cc | 93 +++++++++++++-- .../crl_set_component_installer.cc | 27 +++++ common/extensions/extension_constants.cc | 13 ++- common/extensions/extension_constants.h | 11 +- common/network_constants.cc | 31 +++-- common/network_constants.h | 5 + 7 files changed, 238 insertions(+), 52 deletions(-) create mode 100644 chromium_src/chrome/browser/component_updater/crl_set_component_installer.cc diff --git a/browser/net/brave_static_redirect_network_delegate_helper.cc b/browser/net/brave_static_redirect_network_delegate_helper.cc index 34a75e0c1bc0..6275c1aceef6 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper.cc @@ -1,9 +1,10 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ +// Copyright (c) 2019 The Brave Authors. All rights reserved. #include "brave/browser/net/brave_static_redirect_network_delegate_helper.h" +#include +#include + #include "brave/common/network_constants.h" #include "extensions/common/url_pattern.h" @@ -13,8 +14,16 @@ int OnBeforeURLRequest_StaticRedirectWork( const ResponseCallback& next_callback, std::shared_ptr ctx) { GURL::Replacements replacements; - static URLPattern geo_pattern(URLPattern::SCHEME_HTTPS, kGeoLocationsPattern); - static URLPattern safeBrowsing_pattern(URLPattern::SCHEME_HTTPS, kSafeBrowsingPrefix); + static URLPattern geo_pattern(URLPattern::SCHEME_HTTPS, + kGeoLocationsPattern); + static URLPattern safeBrowsing_pattern(URLPattern::SCHEME_HTTPS, + kSafeBrowsingPrefix); + static URLPattern crlSet_pattern1(URLPattern::SCHEME_HTTP | + URLPattern::SCHEME_HTTPS, kCRLSetPrefix1); + static URLPattern crlSet_pattern2(URLPattern::SCHEME_HTTP | + URLPattern::SCHEME_HTTPS, kCRLSetPrefix2); + static URLPattern crxDownload_pattern(URLPattern::SCHEME_HTTP | + URLPattern::SCHEME_HTTPS, kCRXDownloadPrefix); if (geo_pattern.MatchesURL(ctx->request_url)) { ctx->new_url_spec = GURL(GOOGLEAPIS_ENDPOINT GOOGLEAPIS_API_KEY).spec(); @@ -27,6 +36,27 @@ int OnBeforeURLRequest_StaticRedirectWork( return net::OK; } + if (crxDownload_pattern.MatchesHost(ctx->request_url)) { + replacements.SetSchemeStr("https"); + replacements.SetHostStr("crxdownload.brave.com"); + ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec(); + return net::OK; + } + + if (crlSet_pattern1.MatchesHost(ctx->request_url)) { + replacements.SetSchemeStr("https"); + replacements.SetHostStr("crlsets1.brave.com"); + ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec(); + return net::OK; + } + + if (crlSet_pattern2.MatchesHost(ctx->request_url)) { + replacements.SetSchemeStr("https"); + replacements.SetHostStr("crlsets2.brave.com"); + ctx->new_url_spec = ctx->request_url.ReplaceComponents(replacements).spec(); + return net::OK; + } + #if !defined(NDEBUG) GURL gurl = ctx->request_url; static std::vector allowed_patterns({ @@ -34,37 +64,61 @@ int OnBeforeURLRequest_StaticRedirectWork( URLPattern(URLPattern::SCHEME_HTTPS, "https://go-updater.brave.com/*"), // Brave promo referrals, production and staging (laptop-updates // proxies to promo-services) - // TODO: In the future, we may want to specify the value of the + // TODO(@emerick): In the future, we may want to specify the value of the // BRAVE_REFERRALS_SERVER environment variable rather than // hardcoding the server name here URLPattern(URLPattern::SCHEME_HTTPS, "https://laptop-updates.brave.com/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://laptop-updates-staging.herokuapp.com/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://laptop-updates-staging.herokuapp.com/*"), // CRX file download - URLPattern(URLPattern::SCHEME_HTTPS, "https://brave-core-ext.s3.brave.com/release/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://brave-core-ext.s3.brave.com/release/*"), // Safe Browsing and other files URLPattern(URLPattern::SCHEME_HTTPS, "https://static.brave.com/*"), - // We do allow redirects to the Google update server for extensions we don't support - URLPattern(URLPattern::SCHEME_HTTPS, "https://update.googleapis.com/service/update2"), + // We do allow redirects to the Google update server for extensions we don't + // support + URLPattern(URLPattern::SCHEME_HTTPS, + "https://update.googleapis.com/service/update2"), // Rewards URLs - URLPattern(URLPattern::SCHEME_HTTPS, "https://ledger.mercury.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://balance.mercury.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://publishers.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://publishers-distro.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://ledger-staging.mercury.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://balance-staging.mercury.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://publishers-staging.basicattentiontoken.org/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://publishers-staging-distro.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://ledger.mercury.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://balance.mercury.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://publishers.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://publishers-distro.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://ledger-staging.mercury.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://balance-staging.mercury.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://publishers-staging.basicattentiontoken.org/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://publishers-staging-distro.basicattentiontoken.org/*"), // Safe browsing - URLPattern(URLPattern::SCHEME_HTTPS, "https://safebrowsing.brave.com/v4/*"), - URLPattern(URLPattern::SCHEME_HTTPS, "https://ssl.gstatic.com/safebrowsing/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://safebrowsing.brave.com/v4/*"), + URLPattern(URLPattern::SCHEME_HTTPS, + "https://ssl.gstatic.com/safebrowsing/*"), + + // CRLSets + URLPattern(URLPattern::SCHEME_HTTPS, "https://crlsets1.brave.com/*"), + URLPattern(URLPattern::SCHEME_HTTPS, "https://crlsets2.brave.com/*"), - // Will be removed when https://github.com/brave/brave-browser/issues/663 is fixed + URLPattern(URLPattern::SCHEME_HTTPS, "https://crxdownload.brave.com/*"), + + // Will be removed when https://github.com/brave/brave-browser/issues/663 + // is fixed URLPattern(URLPattern::SCHEME_HTTPS, "https://www.gstatic.com/*"), }); - // Check to make sure the URL being requested matches at least one of the allowed patterns - bool is_url_allowed = std::any_of(allowed_patterns.begin(), allowed_patterns.end(), + + // Check to make sure the URL being requested matches at least one of the + // allowed patterns + bool is_url_allowed = std::any_of(allowed_patterns.begin(), + allowed_patterns.end(), [&gurl](URLPattern pattern) { if (pattern.MatchesURL(gurl)) { return true; @@ -74,11 +128,13 @@ int OnBeforeURLRequest_StaticRedirectWork( if (!is_url_allowed) { LOG(ERROR) << "URL not allowed from system network delegate: " << gurl; } - // TODO: Before we can turn this into DCHECK we have to find a way to allow these, I think they are for Chrome Cast + // TODO(@bbondy): Before we can turn this into DCHECK we have to find a way to + // allow these, I think they are for Chrome Cast // http://192.168.0.13:8008/ssdp/device-desc.xml - // http://192.168.0.27:60000/upnp/dev/e16bf493-ed87-5798-ffff-ffffeb4f1c34/desc - // And also I don't know where they're from, but there's always 3 requests similar to this: - // http://vijscbncpv/ + // http://192.168.0.27:60000/upnp/dev/e16bf493-ed87-5798-ffff-ffffeb4f1c34 + // /desc + // And also I don't know where they're from, but there's always 3 requests + // similar to this: http://vijscbncpv/ #endif return net::OK; diff --git a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc index 433a2d4bda37..d514c3eea827 100644 --- a/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc +++ b/browser/net/brave_static_redirect_network_delegate_helper_unittest.cc @@ -1,9 +1,9 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ +// Copyright (c) 2019 The Brave Authors. All rights reserved. #include "brave/browser/net/brave_static_redirect_network_delegate_helper.h" +#include + #include "brave/browser/net/url_context.h" #include "brave/common/network_constants.h" #include "chrome/test/base/chrome_render_view_host_test_harness.h" @@ -13,7 +13,6 @@ #include "url/gurl.h" #include "url/url_constants.h" - namespace { class BraveStaticRedirectNetworkDelegateHelperTest: public testing::Test { @@ -41,7 +40,8 @@ TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, NoModifyTypicalURL) { TRAFFIC_ANNOTATION_FOR_TESTS); std::shared_ptr before_url_context(new brave::BraveRequestInfo()); - brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); brave::ResponseCallback callback; int ret = OnBeforeURLRequest_StaticRedirectWork(callback, @@ -58,7 +58,8 @@ TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyGeoURL) { TRAFFIC_ANNOTATION_FOR_TESTS); std::shared_ptr before_url_context(new brave::BraveRequestInfo()); - brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); brave::ResponseCallback callback; GURL expected_url(GOOGLEAPIS_ENDPOINT GOOGLEAPIS_API_KEY); int ret = @@ -68,15 +69,85 @@ TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyGeoURL) { EXPECT_EQ(ret, net::OK); } +TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet1) { + net::TestDelegate test_delegate; + GURL url("https://dl.google.com/release2/chrome_component/AJ4r388iQSJq_4819/" + "4819_all_crl-set-5934829738003798040.data.crx3"); + std::unique_ptr request = + context()->CreateRequest(url, net::IDLE, &test_delegate, + TRAFFIC_ANNOTATION_FOR_TESTS); + std::shared_ptr + before_url_context(new brave::BraveRequestInfo()); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); + brave::ResponseCallback callback; + GURL expected_url("https://crlsets1.brave.com/release2/chrome_component/" + "AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); + int ret = + OnBeforeURLRequest_StaticRedirectWork(callback, + before_url_context); + EXPECT_EQ(before_url_context->new_url_spec, expected_url); + EXPECT_EQ(ret, net::OK); +} + +TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRLSet2) { + net::TestDelegate test_delegate; + GURL url("https://r2---sn-8xgp1vo-qxoe.gvt1.com/edgedl/release2/" + "chrome_component/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040" + ".data.crx3"); + std::unique_ptr request = + context()->CreateRequest(url, net::IDLE, &test_delegate, + TRAFFIC_ANNOTATION_FOR_TESTS); + std::shared_ptr + before_url_context(new brave::BraveRequestInfo()); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); + brave::ResponseCallback callback; + GURL expected_url("https://crlsets2.brave.com/edgedl/release2/chrome_compone" + "nt/AJ4r388iQSJq_4819/4819_all_crl-set-5934829738003798040.data.crx3"); + int ret = + OnBeforeURLRequest_StaticRedirectWork(callback, + before_url_context); + EXPECT_EQ(before_url_context->new_url_spec, expected_url); + EXPECT_EQ(ret, net::OK); +} + +TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifyCRXDownload) { + net::TestDelegate test_delegate; + GURL url("https://clients2.googleusercontent.com/crx/blobs/QgAAAC6zw0qH2DJtn" + "Xe8Z7rUJP1RM6lX7kVcwkQ56ujmG3AWYOAkxoNnIdnEBUz_3z4keVhjzzAF10srsaL7lrntfB" + "IflcYIrTziwX3SUS9i_P-CAMZSmuV5tdQl-Roo6cnVC_GRzKsnZSKm1Q/extension_2_0_67" + "3_0.crx"); + std::unique_ptr request = + context()->CreateRequest(url, net::IDLE, &test_delegate, + TRAFFIC_ANNOTATION_FOR_TESTS); + std::shared_ptr + before_url_context(new brave::BraveRequestInfo()); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); + brave::ResponseCallback callback; + GURL expected_url("https://crxdownload.brave.com/crx/blobs/QgAAAC6" + "zw0qH2DJtnXe8Z7rUJP1RM6lX7kVcwkQ56ujmG3AWYOAkxoNnIdnEBUz_3z4keVhjzzAF10sr" + "saL7lrntfBIflcYIrTziwX3SUS9i_P-CAMZSmuV5tdQl-Roo6cnVC_GRzKsnZSKm1Q/extens" + "ion_2_0_673_0.crx"); + int ret = + OnBeforeURLRequest_StaticRedirectWork(callback, + before_url_context); + EXPECT_EQ(before_url_context->new_url_spec, expected_url); + EXPECT_EQ(ret, net::OK); +} + TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifySafeBrowsingURLV4) { net::TestDelegate test_delegate; - GURL url("https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=ChkKCGNocm9taXVtEg02Ni"); + GURL url("https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$" + "req=ChkKCGNocm9taXVtEg02Ni"); std::unique_ptr request = context()->CreateRequest(url, net::IDLE, &test_delegate, TRAFFIC_ANNOTATION_FOR_TESTS); std::shared_ptr before_url_context(new brave::BraveRequestInfo()); - brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); brave::ResponseCallback callback; GURL::Replacements replacements; replacements.SetHostStr(SAFEBROWSING_ENDPOINT); @@ -90,13 +161,15 @@ TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifySafeBrowsingURLV4) { TEST_F(BraveStaticRedirectNetworkDelegateHelperTest, ModifySafeBrowsingURLV5) { net::TestDelegate test_delegate; - GURL url("https://safebrowsing.googleapis.com/v5/threatListUpdates:fetch?$req=ChkKCGNocm9taXVtEg02Ni"); + GURL url("https://safebrowsing.googleapis.com/v5/threatListUpdates:fetch?$" + "req=ChkKCGNocm9taXVtEg02Ni"); std::unique_ptr request = context()->CreateRequest(url, net::IDLE, &test_delegate, TRAFFIC_ANNOTATION_FOR_TESTS); std::shared_ptr before_url_context(new brave::BraveRequestInfo()); - brave::BraveRequestInfo::FillCTXFromRequest(request.get(), before_url_context); + brave::BraveRequestInfo::FillCTXFromRequest(request.get(), + before_url_context); brave::ResponseCallback callback; GURL::Replacements replacements; replacements.SetHostStr(SAFEBROWSING_ENDPOINT); diff --git a/chromium_src/chrome/browser/component_updater/crl_set_component_installer.cc b/chromium_src/chrome/browser/component_updater/crl_set_component_installer.cc new file mode 100644 index 000000000000..531bd97b6615 --- /dev/null +++ b/chromium_src/chrome/browser/component_updater/crl_set_component_installer.cc @@ -0,0 +1,27 @@ +// Copyright (c) 2019 The Brave Authors. All rights reserved. + +#define RegisterCRLSetComponent RegisterCRLSetComponent_ChromiumImpl +#include "../../../../../chrome/browser/component_updater/crl_set_component_installer.cc" // NOLINT +#undef RegisterCRLSetComponent + +#include "brave/browser/extensions/brave_component_extension.h" +#include "brave/common/extensions/extension_constants.h" +#include "chrome/browser/browser_process.h" + +namespace component_updater { + +void OnCRLSetRegistered() { + ComponentsUI demand_updater; + demand_updater.OnDemandUpdate(g_browser_process->component_updater(), + crl_set_extension_id); +} + +void RegisterCRLSetComponent(ComponentUpdateService* cus, + const base::FilePath& user_data_dir) { + auto installer = base::MakeRefCounted( + std::make_unique()); + installer->Register(g_browser_process->component_updater(), + base::Bind(&OnCRLSetRegistered)); +} + +} // namespace component_updater diff --git a/common/extensions/extension_constants.cc b/common/extensions/extension_constants.cc index 39a478f1dec1..9fd15d277665 100644 --- a/common/extensions/extension_constants.cc +++ b/common/extensions/extension_constants.cc @@ -1,6 +1,4 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ +// Copyright (c) 2019 The Brave Authors. All rights reserved. #include "brave/common/extensions/extension_constants.h" @@ -10,8 +8,13 @@ const char brave_webtorrent_extension_id[] = "lgjmpdmojkpocjcopdikifhejkkjglho"; const char hangouts_extension_id[] = "nkeimhogjdpnpccoofpliimaahmaaome"; const char widevine_extension_id[] = "oimompecagnajdejgnnjijobebaeigek"; const char brave_sync_extension_id[] = "nomlkjnggnifocmealianaaiobmebgil"; +const char crl_set_extension_id[] = "hfnkpimlhhgieaddgfemjhofmfblmnib"; const char pdfjs_extension_id[] = "oemmndcbldboiebfnladdacbdfmadadm"; const char pdfjs_extension_name[] = "PDF Viewer (PDF.js)"; -const char pdfjs_extension_public_key[] = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb5PIb8ayK6vHvEIY1nJKRSCDE8iJ1T43qFN+5dvCVQrmyEkgqB9ZuZNT24Lwot96HV51VoITHKRNIVKI2Nrbfn0M49t7qtaP34g/GXJ7mAIbSzsY4+i+Wsz8EL2SNEIw6uH8RmXG7nZ29NJ7sk7jn17QmMsO2UJ01UT8hfOOOEQIDAQAB"; -const char pdfjs_extension_origin[] = "chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/"; +const char pdfjs_extension_public_key[] = + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb5PIb8ayK6vHvEIY1nJKRSCDE8iJ1T43qFN" + "+5dvCVQrmyEkgqB9ZuZNT24Lwot96HV51VoITHKRNIVKI2Nrbfn0M49t7qtaP34g/GXJ7mAIbS" + "zsY4+i+Wsz8EL2SNEIw6uH8RmXG7nZ29NJ7sk7jn17QmMsO2UJ01UT8hfOOOEQIDAQAB"; +const char pdfjs_extension_origin[] = + "chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/"; diff --git a/common/extensions/extension_constants.h b/common/extensions/extension_constants.h index 84516439f44a..3ae5bf44ffcf 100644 --- a/common/extensions/extension_constants.h +++ b/common/extensions/extension_constants.h @@ -1,6 +1,8 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ +// Copyright (c) 2019 The Brave Authors. All rights reserved. + +#ifndef BRAVE_COMMON_EXTENSIONS_EXTENSION_CONSTANTS_H_ +#define BRAVE_COMMON_EXTENSIONS_EXTENSION_CONSTANTS_H_ + extern const char brave_extension_id[]; extern const char brave_rewards_extension_id[]; @@ -8,8 +10,11 @@ extern const char brave_webtorrent_extension_id[]; extern const char hangouts_extension_id[]; extern const char widevine_extension_id[]; extern const char brave_sync_extension_id[]; +extern const char crl_set_extension_id[]; extern const char pdfjs_extension_id[]; extern const char pdfjs_extension_name[]; extern const char pdfjs_extension_public_key[]; extern const char pdfjs_extension_origin[]; + +#endif // BRAVE_COMMON_EXTENSIONS_EXTENSION_CONSTANTS_H_ diff --git a/common/network_constants.cc b/common/network_constants.cc index 6d97ad7ee2e1..823694ba1c88 100644 --- a/common/network_constants.cc +++ b/common/network_constants.cc @@ -1,23 +1,40 @@ +// Copyright (c) 2019 The Brave Authors. All rights reserved. + #include "brave/common/network_constants.h" -const char kBraveUpdatesExtensionsEndpoint[] = "https://go-updater.brave.com/extensions"; +const char kBraveUpdatesExtensionsEndpoint[] = + "https://go-updater.brave.com/extensions"; // For debgugging: -// const char kBraveUpdatesExtensionsEndpoint[] = "http://localhost:8192/extensions"; +// const char kBraveUpdatesExtensionsEndpoint[] = +// "http://localhost:8192/extensions"; const char kBraveReferralsServer[] = "laptop-updates.brave.com"; const char kBraveReferralsHeadersPath[] = "/promo/custom-headers"; const char kBraveReferralsInitPath[] = "/promo/initialize/nonua"; const char kBraveReferralsActivityPath[] = "/promo/activity"; +const char kCRXDownloadPrefix[] = + "https://clients2.googleusercontent.com/crx/blobs/*crx*"; const char kEmptyDataURI[] = "data:text/plain,"; -const char kEmptyImageDataURI[] = "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"; +const char kEmptyImageDataURI[] = + "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIB" + "RAA7"; const char kJSDataURLPrefix[] = "data:application/javascript;base64,"; -const char kGeoLocationsPattern[] = "https://www.googleapis.com/geolocation/v1/geolocate?key=*"; +const char kGeoLocationsPattern[] = + "https://www.googleapis.com/geolocation/v1/geolocate?key=*"; const char kSafeBrowsingPrefix[] = "https://safebrowsing.googleapis.com/"; -const char kGoogleTagManagerPattern[] = "https://www.googletagmanager.com/gtm.js"; -const char kGoogleTagServicesPattern[] = "https://www.googletagservices.com/tag/js/gpt.js"; +const char kCRLSetPrefix1[] = + "https://dl.google.com/release2/chrome_component/*crl-set*"; +const char kCRLSetPrefix2[] = + "https://*.gvt1.com/edgedl/release2/chrome_component/*crl-set*"; +const char kGoogleTagManagerPattern[] = + "https://www.googletagmanager.com/gtm.js"; +const char kGoogleTagServicesPattern[] = + "https://www.googletagservices.com/tag/js/gpt.js"; const char kForbesPattern[] = "https://www.forbes.com/*"; -const char kForbesExtraCookies[] = "forbes_ab=true; welcomeAd=true; adblock_session=Off; dailyWelcomeCookie=true"; +const char kForbesExtraCookies[] = + "forbes_ab=true; welcomeAd=true; adblock_session=Off;" + "dailyWelcomeCookie=true"; const char kTwitterPattern[] = "https://*.twitter.com/*"; const char kTwitterReferrer[] = "https://twitter.com/*"; const char kTwitterRedirectURL[] = "https://mobile.twitter.com/i/nojs_router*"; diff --git a/common/network_constants.h b/common/network_constants.h index b3205f9fb43a..2795fba0a67d 100644 --- a/common/network_constants.h +++ b/common/network_constants.h @@ -1,3 +1,5 @@ +// Copyright (c) 2019 The Brave Authors. All rights reserved. + #ifndef BRAVE_COMMON_NETWORK_CONSTANTS_H_ #define BRAVE_COMMON_NETWORK_CONSTANTS_H_ @@ -8,6 +10,7 @@ extern const char kBraveReferralsHeadersPath[]; extern const char kBraveReferralsInitPath[]; extern const char kBraveReferralsActivityPath[]; +extern const char kCRXDownloadPrefix[]; extern const char kEmptyDataURI[]; extern const char kEmptyImageDataURI[]; extern const char kJSDataURLPrefix[]; @@ -17,6 +20,8 @@ extern const char kGoogleTagServicesPattern[]; extern const char kForbesPattern[]; extern const char kForbesExtraCookies[]; extern const char kSafeBrowsingPrefix[]; +extern const char kCRLSetPrefix1[]; +extern const char kCRLSetPrefix2[]; extern const char kTwitterPattern[]; extern const char kTwitterReferrer[]; extern const char kTwitterRedirectURL[];