-
Notifications
You must be signed in to change notification settings - Fork 895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid CNAME uncloaking if a proxy is configured #8957
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not an expert here but this general approach sgtm
fec927b
to
801cadc
Compare
801cadc
to
7803660
Compare
@@ -245,6 +252,41 @@ void OnBeforeURLRequestAdBlockTP(const ResponseCallback& next_callback, | |||
brave_shields::features::kBraveAdblockCnameUncloaking) && | |||
ctx->browser_context && !ctx->browser_context->IsTor(); | |||
|
|||
// Also, skip CNAME uncloaking if there is currently a configured proxy. | |||
if (ctx->browser_context) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would extract this block to a separate function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed!
|
} else if (availability == | ||
net::ProxyConfigService::ConfigAvailability::CONFIG_PENDING) { | ||
// Fallback to not CNAME uncloaking if the proxy configuration cannot be | ||
// determined. | ||
LOG(ERROR) << "CONFIG_PENDING"; | ||
can_uncloak = false; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to CI, this gets triggered on Windows without any additional configuration. It's unclear whether or not that's the case every time the proxy service is created, in which case we'll never have CNAME uncloaking on Windows with this approach, or if it will permanently be resolved after a short time on browser startup, in which case this is probably an acceptable fix.
Resolves brave/brave-browser#16011
Caveats about the previous implementation (since updated)
Disclaimer: this doesn't seem like the right solution, but I'm opening this now to get discussion going on how it should best be done, and possibly to get it merged as a short-term fix. In particular:
ProxyConfigDictionary
are not quite what we're looking for. It'd be preferable to learn whether or not the proxy is inSingleProxy
mode, but that's a private part ofUrlRequestContext
which I don't even see how to get here.LOG
statements and checking whether or not the correct if-branch is selected when the NordVPN extension is installed (on Linux).Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
,npm run lint
,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan: