New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 807399 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug
Proj-Servicification



Sign in to add a comment

Support using SafeBrowsing URLLoaderThrottle subclasses to do URL checks in pre-network-service world

Project Member Reported by yzshen@chromium.org, Jan 30 2018

Issue description

Currently, without network service SB URL checks are done by ResourceThrottle subclasses. This bug tracks the progress of replacing them with safe_browsing::{Browser,Renderer}URLLoaderThrottle.
 
Cc: vakh@chromium.org jam@chromium.org
Components: Services>Safebrowsing
A detailed design doc that could be used for the Finch experiment process:
https://docs.google.com/document/d/1zaEDPHxJBjirRIdImfrBn55aDJU4Hs5Ri_BzIDr6HTY/edit?usp=sharing
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 5 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/07e9631149979156349349a01760ff53e27a1df5

commit 07e9631149979156349349a01760ff53e27a1df5
Author: Yuzhu Shen <yzshen@chromium.org>
Date: Mon Feb 05 23:20:29 2018

URLLoaderThrottle: add support to cancel with an application-defined reason.

This CL uses mojo interface custom disconnect reason to send this cancellation
reason to the impl side of network::mojom::URLLoader.

Why we need this change?
Currently the Android WebView SafeBrowsing ResourceThrottle sets a flag in the
user data of net::URLRequest to indicate the request is cancelled by
SafeBrowsing, and later this cancellation reason is conveyed to the Android
WebView embedder. When switching to URLLoaderThrottle, we cannot directly access
net::URLRequest, so we need this application-defined reason on
URLLoaderThrottle::Delegate to notify the impl side of
network::mojom::URLLoader.

Bug: 807399
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Ib4e4cc0e5e346562aef4f03f6e9bacf7da0716c5
Reviewed-on: https://chromium-review.googlesource.com/897734
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Yuzhu Shen <yzshen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#534529}
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/components/safe_browsing/browser/base_parallel_resource_throttle.cc
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/browser/loader/mojo_async_resource_handler.cc
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/browser/loader/mojo_async_resource_handler.h
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/browser/loader/resource_request_info_impl.cc
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/browser/loader/resource_request_info_impl.h
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/common/throttling_url_loader.cc
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/common/throttling_url_loader.h
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/public/browser/resource_request_info.h
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/content/public/common/url_loader_throttle.h
[modify] https://crrev.com/07e9631149979156349349a01760ff53e27a1df5/services/network/public/interfaces/url_loader.mojom

Project Member

Comment 3 by bugdroid1@chromium.org, Feb 8 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb3011f67a9594f61c853fd25e7d9a34d286d21b

commit cb3011f67a9594f61c853fd25e7d9a34d286d21b
Author: Yuzhu Shen <yzshen@chromium.org>
Date: Thu Feb 08 02:51:50 2018

Introduce feature flag S13nSafeBrowsingCheckByURLLoaderThrottle.

If enabled in pre-network-service world, SafeBrowsing URL checks are done by
applying SafeBrowsing's URLLoaderThrottle subclasses to ThrottlingURLLoader.
It affects:
  - subresource loading from renderers;
  - frame resource loading from the browser, if
    content::IsNavigationMojoResponseEnabled() returns true.

This flag has no effect if network service is enabled. With network service,
SafeBrowsing URL checks are always done by SafeBrowsing's URLLoaderThrottle
subclasses.

On Android Chrome, we may use data reduction proxy to handle requests. In
that case, SafeBrowsing URL checks should be skipped. This CL makes sure
this behavior is preserved when the feature flag is enabled.

This CL only deals with the Chrome-side changes. Changes to Android WebView
to use this feature flag will be in a follow-up CL.

Bug: 807399
Change-Id: I227d1652fb61926840f4cb7bdd683f37633e0e14
Reviewed-on: https://chromium-review.googlesource.com/894364
Commit-Queue: Yuzhu Shen <yzshen@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535280}
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/android_webview/browser/aw_content_browser_client.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/android_webview/browser/aw_content_browser_client.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/android_webview/browser/aw_url_checker_delegate_impl.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/android_webview/browser/aw_url_checker_delegate_impl.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/BUILD.gn
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/chrome_content_browser_client.h
[add] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/data_reduction_proxy_util.cc
[add] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/data_reduction_proxy_util.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/loader/chrome_resource_dispatcher_host_delegate.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/loader/data_reduction_proxy_resource_throttle_android.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/safe_browsing/url_checker_delegate_impl.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/browser/safe_browsing/url_checker_delegate_impl.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/renderer/DEPS
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/chrome/renderer/url_loader_throttle_provider_impl.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/browser/base_parallel_resource_throttle_unittest.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/browser/mojo_safe_browsing_impl.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/browser/mojo_safe_browsing_impl.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/browser/url_checker_delegate.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/features.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/components/safe_browsing/features.h
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/content/browser/loader/navigation_url_loader_network_service.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/cb3011f67a9594f61c853fd25e7d9a34d286d21b/content/public/browser/content_browser_client.h

Project Member

Comment 4 by bugdroid1@chromium.org, Feb 8 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4e88babf73a2671c5066c9e2bb143c6fcf731b03

commit 4e88babf73a2671c5066c9e2bb143c6fcf731b03
Author: Kinuko Yasuda <kinuko@chromium.org>
Date: Thu Feb 08 05:27:29 2018

Discard body for prefetch tag

The resource loaded into Blink/MemoryCache for prefetch tag cannot be
really reused as the resource type is not correctly set, and also
is not expected to be used in the current navigation either.

This patch tries to just discard payload body for the resource
loaded for a prefetch tag. (If this doesn't break anything we plan
to have a follow-up change to stop sending body data to the renderer
at all)

Bug: 807399
Change-Id: Ib5e09a4796815fe37bf62b6b525b5ffc6a07f7ee
Reviewed-on: https://chromium-review.googlesource.com/906088
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535311}
[modify] https://crrev.com/4e88babf73a2671c5066c9e2bb143c6fcf731b03/content/renderer/loader/web_url_loader_impl.cc

Oops, sorry #4 had a wrong bug number... please ignore.
Project Member

Comment 6 by bugdroid1@chromium.org, Feb 8 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9508fc718b6ac47648bb66eebca253ce275afee0

commit 9508fc718b6ac47648bb66eebca253ce275afee0
Author: Yuzhu Shen <yzshen@chromium.org>
Date: Thu Feb 08 23:18:59 2018

Android WebView: support feature flag S13nSafeBrowsingCheckByURLLoaderThrottle.

Bug: 807399
Change-Id: I622690df526d76ac0a9b5896c1b6bccbdc36b1aa
Reviewed-on: https://chromium-review.googlesource.com/903376
Commit-Queue: Yuzhu Shen <yzshen@chromium.org>
Reviewed-by: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535567}
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/aw_content_browser_client.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/aw_content_browser_client.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/aw_safe_browsing_resource_throttle.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/aw_url_checker_delegate_impl.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/aw_url_checker_delegate_impl.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/browser/renderer_host/aw_resource_dispatcher_host_delegate.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/renderer/DEPS
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/android_webview/renderer/aw_url_loader_throttle_provider.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/chrome/browser/safe_browsing/url_checker_delegate_impl.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/chrome/browser/safe_browsing/url_checker_delegate_impl.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/browser/base_parallel_resource_throttle_unittest.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/browser/browser_url_loader_throttle.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/browser/mojo_safe_browsing_impl.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/browser/mojo_safe_browsing_impl.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/browser/url_checker_delegate.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/common/safe_browsing.mojom
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/common/safebrowsing_constants.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/common/safebrowsing_constants.h
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/renderer/renderer_url_loader_throttle.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/renderer/websocket_sb_handshake_throttle.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/components/safe_browsing/renderer/websocket_sb_handshake_throttle_unittest.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/content/browser/loader/navigation_url_loader_network_service.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/9508fc718b6ac47648bb66eebca253ce275afee0/content/public/browser/content_browser_client.h

Comment 7 by vakh@chromium.org, Feb 9 2018

Labels: SafeBrowsing-Triaged

Comment 8 by yzshen@chromium.org, Feb 15 2018

Cc: -jam@chromium.org yzshen@chromium.org
Owner: jam@chromium.org
Please find a new owner to conduct the Finch experiment.


All code changes needed for the flag S13nSafeBrowsingCheckByURLLoaderThrottle is done. Please see the design doc in comment #1 for more details. That document can be used when requesting a Finch experiment, too.


Comment 9 by dxie@chromium.org, May 22 2018

this is not block canary.

Comment 10 by dxie@chromium.org, May 22 2018

Labels: Hotlist-KnownIssue
Blockedon: 863318
Blockedon: -863318
Cc: carlosil@chromium.org
Project Member

Comment 14 by bugdroid1@chromium.org, Nov 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c3639baabf0af95d5eb4eff138c9cff56c8e9120

commit c3639baabf0af95d5eb4eff138c9cff56c8e9120
Author: Carlos IL <carlosil@chromium.org>
Date: Fri Nov 16 16:34:32 2018

Added URLLoaderThrottleSafeBrowsingChecks to testing config

Bug: 807399
Change-Id: I7ec3529451a8cd1690a210411ae7120e7223bf9e
Reviewed-on: https://chromium-review.googlesource.com/c/1338234
Reviewed-by: Robert Kaplow <rkaplow@chromium.org>
Commit-Queue: Carlos IL <carlosil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608797}
[modify] https://crrev.com/c3639baabf0af95d5eb4eff138c9cff56c8e9120/testing/variations/fieldtrial_testing_config.json

Cc: jam@chromium.org
Owner: carlosil@chromium.org

Sign in to add a comment