1 // Copyright 2018 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "services/network/public/cpp/features.h" 6 7 #include "build/build_config.h" 8 #include "build/chromeos_buildflags.h" 9 10 namespace network { 11 namespace features { 12 13 // Enables Expect CT reporting, which sends reports for opted-in sites 14 // that don't serve sufficient Certificate Transparency information. 15 const base::Feature kExpectCTReporting{"ExpectCTReporting", 16 base::FEATURE_ENABLED_BY_DEFAULT}; 17 18 const base::Feature kNetworkErrorLogging{"NetworkErrorLogging", 19 base::FEATURE_ENABLED_BY_DEFAULT}; 20 // Enables the network service. 21 const base::Feature kNetworkService { 22 #if defined(OS_ANDROID) 23 "NetworkService", 24 #else 25 "NetworkServiceNotSupported", 26 #endif 27 base::FEATURE_ENABLED_BY_DEFAULT 28 }; 29 30 const base::Feature kReporting{"Reporting", base::FEATURE_ENABLED_BY_DEFAULT}; 31 32 // Based on the field trial parameters, this feature will override the value of 33 // the maximum number of delayable requests allowed in flight. The number of 34 // delayable requests allowed in flight will be based on the network's 35 // effective connection type ranges and the 36 // corresponding number of delayable requests in flight specified in the 37 // experiment configuration. Based on field trial parameters, this experiment 38 // may also throttle delayable requests based on the number of non-delayable 39 // requests in-flight times a weighting factor. 40 const base::Feature kThrottleDelayable{"ThrottleDelayable", 41 base::FEATURE_ENABLED_BY_DEFAULT}; 42 43 // When kPriorityRequestsDelayableOnSlowConnections is enabled, HTTP 44 // requests fetched from a SPDY/QUIC/H2 proxies can be delayed by the 45 // ResourceScheduler just as HTTP/1.1 resources are. However, requests from such 46 // servers are not subject to kMaxNumDelayableRequestsPerHostPerClient limit. 47 const base::Feature kDelayRequestsOnMultiplexedConnections{ 48 "DelayRequestsOnMultiplexedConnections", base::FEATURE_ENABLED_BY_DEFAULT}; 49 50 // When kPauseBrowserInitiatedHeavyTrafficForP2P is enabled, then a subset of 51 // the browser initiated traffic may be paused if there is at least one active 52 // P2P connection and the network is estimated to be congested. This feature is 53 // intended to throttle only the browser initiated traffic that is expected to 54 // be heavy (has large request/response sizes) when real time content might be 55 // streaming over an active P2P connection. 56 const base::Feature kPauseBrowserInitiatedHeavyTrafficForP2P{ 57 "PauseBrowserInitiatedHeavyTrafficForP2P", 58 base::FEATURE_ENABLED_BY_DEFAULT}; 59 60 // When kCORBProtectionSniffing is enabled CORB sniffs additional same-origin 61 // resources if they look sensitive. 62 const base::Feature kCORBProtectionSniffing{"CORBProtectionSniffing", 63 base::FEATURE_ENABLED_BY_DEFAULT}; 64 65 // When kProactivelyThrottleLowPriorityRequests is enabled, 66 // resource scheduler proactively throttles low priority requests to avoid 67 // network contention with high priority requests that may arrive soon. 68 const base::Feature kProactivelyThrottleLowPriorityRequests{ 69 "ProactivelyThrottleLowPriorityRequests", 70 base::FEATURE_DISABLED_BY_DEFAULT}; 71 72 // Enables Cross-Origin Opener Policy (COOP). 73 // https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e 74 // https://html.spec.whatwg.org/#cross-origin-opener-policy 75 // Currently this feature is enabled for all platforms except WebView. 76 const base::Feature kCrossOriginOpenerPolicy{"CrossOriginOpenerPolicy", 77 base::FEATURE_ENABLED_BY_DEFAULT}; 78 79 // Enables Cross-Origin-Opener-Policy reporting API origin trial. It will be 80 // used as a kill switch during the experiment. 81 const base::Feature kCrossOriginOpenerPolicyReportingOriginTrial{ 82 "CrossOriginOpenerPolicyReportingOriginTrial", 83 base::FEATURE_ENABLED_BY_DEFAULT}; 84 85 // Enables Cross-Origin Opener Policy (COOP) reporting. 86 // https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e 87 const base::Feature kCrossOriginOpenerPolicyReporting{ 88 "CrossOriginOpenerPolicyReporting", base::FEATURE_DISABLED_BY_DEFAULT}; 89 90 // Enables Cross-Origin Opener Policy (COOP) access reporting. 91 // https://github.com/camillelamy/explainers/blob/master/coop_reporting.md#report-blocked-accesses-to-other-windows 92 const base::Feature kCrossOriginOpenerPolicyAccessReporting{ 93 "CrossOriginOpenerPolicyAccessReporting", base::FEATURE_ENABLED_BY_DEFAULT}; 94 95 // Shift's COOP's default from `unsafe-none` to `same-origin-allow-popups`. 96 // https://github.com/mikewest/coop-by-default/ 97 const base::Feature kCrossOriginOpenerPolicyByDefault{ 98 "CrossOriginOpenerPolicyByDefault", base::FEATURE_DISABLED_BY_DEFAULT}; 99 100 // Enables Cross-Origin Embedder Policy (COEP). 101 // https://html.spec.whatwg.org/#coep 102 // Currently this feature is enabled for all platforms (including webview). 103 // TODO(https://crbug.com/1140432): Remove this flag after M88 Stable + 1 week = 104 // 2021-02-01. 105 const base::Feature kCrossOriginEmbedderPolicy{ 106 "CrossOriginEmbedderPolicy", base::FEATURE_ENABLED_BY_DEFAULT}; 107 108 // Enables the most recent developments on the crossOriginIsolated property. 109 // https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/crossOriginIsolated 110 const base::Feature kCrossOriginIsolated{"CrossOriginIsolated", 111 base::FEATURE_ENABLED_BY_DEFAULT}; 112 113 // Enables or defaults splittup up server (not proxy) entries in the 114 // HttpAuthCache. 115 const base::Feature kSplitAuthCacheByNetworkIsolationKey{ 116 "SplitAuthCacheByNetworkIsolationKey", base::FEATURE_DISABLED_BY_DEFAULT}; 117 118 // Enable usage of hardcoded DoH upgrade mapping for use in automatic mode. 119 const base::Feature kDnsOverHttpsUpgrade { 120 "DnsOverHttpsUpgrade", 121 #if BUILDFLAG(IS_ASH) || defined(OS_MAC) || defined(OS_ANDROID) || \ 122 defined(OS_WIN) 123 base::FEATURE_ENABLED_BY_DEFAULT 124 #else 125 base::FEATURE_DISABLED_BY_DEFAULT 126 #endif 127 }; 128 129 // If this feature is enabled, the mDNS responder service responds to queries 130 // for TXT records associated with 131 // "Generated-Names._mdns_name_generator._udp.local" with a list of generated 132 // mDNS names (random UUIDs) in the TXT record data. 133 const base::Feature kMdnsResponderGeneratedNameListing{ 134 "MdnsResponderGeneratedNameListing", base::FEATURE_DISABLED_BY_DEFAULT}; 135 136 // Provides a mechanism to disable DoH upgrades for some subset of the hardcoded 137 // upgrade mapping. Separate multiple provider ids with commas. See the 138 // mapping in net/dns/dns_util.cc for provider ids. 139 const base::FeatureParam<std::string> 140 kDnsOverHttpsUpgradeDisabledProvidersParam{&kDnsOverHttpsUpgrade, 141 "DisabledProviders", ""}; 142 143 // Disable special treatment on requests with keepalive set (see 144 // https://fetch.spec.whatwg.org/#request-keepalive-flag). This is introduced 145 // for investigation on the memory usage, and should not be enabled widely. 146 const base::Feature kDisableKeepaliveFetch{"DisableKeepaliveFetch", 147 base::FEATURE_DISABLED_BY_DEFAULT}; 148 149 // Attach the origin of the destination URL to the "origin" header 150 const base::Feature 151 kDeriveOriginFromUrlForNeitherGetNorHeadRequestWhenHavingSpecialAccess{ 152 "DeriveOriginFromUrlForNeitherGetNorHeadRequestWhenHavingSpecialAccess", 153 base::FEATURE_DISABLED_BY_DEFAULT}; 154 155 // Controls whether a |request_initiator| that mismatches 156 // |request_initiator_origin_lock| leads to 1) failing the HTTP request and 2) 157 // calling mojo::ReportBadMessage (on desktop platforms, where NetworkService 158 // is hosted outside of the Browser process, this leads to DumpWithoutCrashing 159 // and does *not* lead to a renderer kill). 160 // 161 // See also https://crbug.com/920634 162 const base::Feature kRequestInitiatorSiteLockEnfocement = { 163 "RequestInitiatorSiteLockEnfocement", 164 #if defined(OS_ANDROID) 165 base::FEATURE_DISABLED_BY_DEFAULT}; 166 #else 167 base::FEATURE_ENABLED_BY_DEFAULT}; 168 #endif 169 170 // When the CertVerifierService is enabled, certificate verification will not be 171 // performed in the network service, but will instead be brokered to a separate 172 // cert verification service potentially running in a different process. 173 const base::Feature kCertVerifierService{"CertVerifierService", 174 base::FEATURE_DISABLED_BY_DEFAULT}; 175 176 // Enables preprocessing requests with the Trust Tokens API Fetch flags set, 177 // and handling their responses, according to the protocol. 178 // (See https://github.com/WICG/trust-token-api.) 179 const base::Feature kTrustTokens{"TrustTokens", 180 base::FEATURE_DISABLED_BY_DEFAULT}; 181 182 // Determines which Trust Tokens operations require the TrustTokens origin trial 183 // active in order to be used. This is runtime-configurable so that the Trust 184 // Tokens operations of issuance, redemption, and signing are compatible with 185 // both standard origin trials and third-party origin trials: 186 // 187 // - For standard origin trials, set kOnlyIssuanceRequiresOriginTrial. In Blink, 188 // all of the interface will be enabled (so long as the base::Feature is!), and 189 // issuance operations will check at runtime if the origin trial is enabled, 190 // returning an error if it is not. 191 // - For third-party origin trials, set kAllOperationsRequireOriginTrial. In 192 // Blink, the interface will be enabled exactly when the origin trial is present 193 // in the executing context (so long as the base::Feature is present). 194 // 195 // For testing, set kOriginTrialNotRequired. With this option, although all 196 // operations will still only be available if the base::Feature is enabled, none 197 // will additionally require that the origin trial be active. 198 const base::FeatureParam<TrustTokenOriginTrialSpec>::Option 199 kTrustTokenOriginTrialParamOptions[] = { 200 {TrustTokenOriginTrialSpec::kOriginTrialNotRequired, 201 "origin-trial-not-required"}, 202 {TrustTokenOriginTrialSpec::kAllOperationsRequireOriginTrial, 203 "all-operations-require-origin-trial"}, 204 {TrustTokenOriginTrialSpec::kOnlyIssuanceRequiresOriginTrial, 205 "only-issuance-requires-origin-trial"}}; 206 const base::FeatureParam<TrustTokenOriginTrialSpec> 207 kTrustTokenOperationsRequiringOriginTrial{ 208 &kTrustTokens, "TrustTokenOperationsRequiringOriginTrial", 209 TrustTokenOriginTrialSpec::kOriginTrialNotRequired, 210 &kTrustTokenOriginTrialParamOptions}; 211 212 // Determines whether Trust Tokens issuance requests should be diverted, at the 213 // corresponding issuers' request, to the operating system instead of sent 214 // to the issuers' servers. 215 const base::FeatureParam<bool> kPlatformProvidedTrustTokenIssuance{ 216 &kTrustTokens, "PlatformProvidedTrustTokenIssuance", false}; 217 218 // Enables the Content Security Policy Embedded Enforcement check out of blink 219 const base::Feature kOutOfBlinkCSPEE{"OutOfBlinkCSPEE", 220 base::FEATURE_ENABLED_BY_DEFAULT}; 221 222 const base::Feature kWebSocketReassembleShortMessages{ 223 "WebSocketReassembleShortMessages", base::FEATURE_ENABLED_BY_DEFAULT}; 224 225 // Enables usage of First Party Sets to determine cookie availability. 226 constexpr base::Feature kFirstPartySets{"FirstPartySets", 227 base::FEATURE_DISABLED_BY_DEFAULT}; 228 229 } // namespace features 230 } // namespace network 231