Google Git
Sign in
chromium / chromium / src / 0589408e6eb8c755cbbc249c89685cdac8ffa36b
commit0589408e6eb8c755cbbc249c89685cdac8ffa36b[log] [tgz]
authorTsuyoshi Horo <horo@chromium.org>Fri Mar 28 01:26:28 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Mar 28 01:26:28 2025
treef316c4767eb3902293f0a0e76cd66d69f96e77f6
parentf5f18d7bc403c34e4a41847901ffc84fddb59096 [diff]
RendererSideContentDecoding: Ensure network service decodes SXGs

Signed Exchanges (SXG) must be parsed within the browser process. This
requires the network service to always decode the SXG first, handling
any `Content-Encoding` (like gzip) specified in the response headers
before forwarding the data.

The `URLRequest::client_side_content_decoding_enabled` flag allows
clients (like renderer process) to perform decoding themselves,
typically meaning the network service should skip decoding. This created
a conflict for SXG, where the network service might incorrectly skip
decoding if the flag was enabled.

This CL resolves the conflict by modifying the stream setup logic in
`URLRequestHttpJob::SetUpSourceStream`:
1. It now checks the `Content-Type` of the response.
2. If the type is `application/signed-exchange`, network-level decoding
   (via `FilterSourceStream`) is applied regardless of the
   `client_side_content_decoding_enabled` flag.
3. For all other content types, the
   `client_side_content_decoding_enabled` flag continues to determine
   whether the network service decodes or passes the encoded stream to
   the client.

To correctly inform clients about *which* encodings (if any) they need
to handle, this CL also introduces
`URLRequest::GetClientSideContentDecodingTypes`. This method reports the
list of encodings that were *actually* skipped by the network service
(i.e., only for non-SXG responses when the flag was enabled).
`URLLoader` is updated to use this method to populate
`URLResponseHead::client_side_content_decoding_types`.

A browser test (`SignedExchangeRequestHandlerBrowserTest.Compressed`)
is added using a compressed SXG (`.sxg.gz`) to ensure the network
service correctly decodes SXG payloads served with `Content-Encoding`.

Bug: 406313013, 391950057
Change-Id: Ic6efb534c540e6075ebe76b42b369a294f34ab76
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6399234
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1439153}
11 files changed
tree: f316c4767eb3902293f0a0e76cd66d69f96e77f6
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. crypto/
  16. dbus/
  17. device/
  18. docs/
  19. extensions/
  20. fuchsia_web/
  21. gin/
  22. google_apis/
  23. gpu/
  24. headless/
  25. infra/
  26. ios/
  27. ipc/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. native_client
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.