diff --git a/browser/net/BUILD.gn b/browser/net/BUILD.gn index 23fd8c5be7ce..5e2772fee93e 100644 --- a/browser/net/BUILD.gn +++ b/browser/net/BUILD.gn @@ -63,6 +63,7 @@ source_set("net") { "//brave/extensions:common", "//components/content_settings/core/browser", "//components/prefs", + "//components/proxy_config", "//components/user_prefs", "//content/public/browser", "//content/public/common", diff --git a/browser/net/brave_ad_block_tp_network_delegate_helper.cc b/browser/net/brave_ad_block_tp_network_delegate_helper.cc index 76d2253a7b06..33464a966b77 100644 --- a/browser/net/brave_ad_block_tp_network_delegate_helper.cc +++ b/browser/net/brave_ad_block_tp_network_delegate_helper.cc @@ -22,8 +22,12 @@ #include "brave/components/brave_shields/common/brave_shield_constants.h" #include "brave/components/brave_shields/common/features.h" #include "brave/grit/brave_generated_resources.h" +#include "chrome/browser/net/proxy_service_factory.h" #include "chrome/browser/net/secure_dns_config.h" #include "chrome/browser/net/system_network_context_manager.h" +#include "chrome/browser/profiles/profile.h" +#include "components/prefs/pref_service.h" +#include "components/proxy_config/pref_proxy_config_tracker.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/render_frame_host.h" @@ -32,6 +36,9 @@ #include "content/public/common/url_constants.h" #include "extensions/common/url_pattern.h" #include "mojo/public/cpp/bindings/remote.h" +#include "net/proxy_resolution/proxy_config.h" +#include "net/proxy_resolution/proxy_config_service.h" +#include "net/proxy_resolution/proxy_config_with_annotation.h" #include "services/network/host_resolver.h" #include "services/network/network_context.h" #include "ui/base/resource/resource_bundle.h" @@ -228,6 +235,41 @@ void UseCnameResult(scoped_refptr task_runner, } } +// If only particular types of network traffic are being proxied, or if no +// proxy is configured, it should be safe to continue making unproxied DNS +// queries. However, in SingleProxy mode all types of network traffic should go +// through the proxy, so additional DNS queries should be avoided. +bool ProxySettingsAllowUncloaking(content::BrowserContext* browser_context) { + DCHECK(browser_context); + + bool can_uncloak = true; + + Profile* profile = Profile::FromBrowserContext(browser_context); + + std::unique_ptr config_tracker = + ProxyServiceFactory::CreatePrefProxyConfigTrackerOfProfile( + profile->GetPrefs(), nullptr); + std::unique_ptr proxy_config_service = + ProxyServiceFactory::CreateProxyConfigService(config_tracker.get()); + + net::ProxyConfigWithAnnotation config; + net::ProxyConfigService::ConfigAvailability availability = + proxy_config_service->GetLatestProxyConfig(&config); + + if (availability == + net::ProxyConfigService::ConfigAvailability::CONFIG_VALID) { + // PROXY_LIST corresponds to SingleProxy mode. + if (config.value().proxy_rules().type == + net::ProxyConfig::ProxyRules::Type::PROXY_LIST) { + can_uncloak = false; + } + } + + config_tracker->DetachFromPrefService(); + + return can_uncloak; +} + void OnBeforeURLRequestAdBlockTP(const ResponseCallback& next_callback, std::shared_ptr ctx) { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); @@ -240,10 +282,12 @@ void OnBeforeURLRequestAdBlockTP(const ResponseCallback& next_callback, // DoH or standard DNS queries won't be routed through Tor, so we need to // skip it. + // Also, skip CNAME uncloaking if there is currently a configured proxy. bool should_check_uncloaked = base::FeatureList::IsEnabled( brave_shields::features::kBraveAdblockCnameUncloaking) && - ctx->browser_context && !ctx->browser_context->IsTor(); + ctx->browser_context && !ctx->browser_context->IsTor() && + ProxySettingsAllowUncloaking(ctx->browser_context); task_runner->PostTaskAndReplyWithResult( FROM_HERE,