Google Git
Sign in
chromium / chromium / src / 7ecb032f5cfd6a90a99782f4f2f8ddb10ced57f8
commit7ecb032f5cfd6a90a99782f4f2f8ddb10ced57f8[log] [tgz]
authorDan McArdle <dmcardle@chromium.org>Wed Nov 18 08:55:33 2020
committerCommit Bot <commit-bot@chromium.org>Wed Nov 18 08:55:33 2020
treed85c9e28ecfd36f60d46537aa609bf2d7dcc8e6e
parentaf29e96d50a95e6619df074590202e78c72cb07e [diff]
Explicitly set "accept-encoding: identity" header for DoH URL requests.

Currently, DnsHTTPAttempt does not set the accept-encoding header.
URLRequestHttpJob::AddExtraHeaders() has been stepping in, typically
choosing "gzip, deflate, br".

If the DoH provider honored this request for compression, it would
effectively strip padding from the DNS response, which is a privacy
leak.

To be clear, I have not observed any DoH providers compressing their
response. It just seems prudent not to request compression that we do
not want.

Bug: 1051615
Change-Id: I0cad558f76298b7ed58de70b70b1954cd42b88f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2546476
Reviewed-by: Eric Orth <ericorth@chromium.org>
Commit-Queue: Dan McArdle <dmcardle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#828645}
1 file changed
tree: d85c9e28ecfd36f60d46537aa609bf2d7dcc8e6e
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. codelabs/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. weblayer/
  53. .clang-format
  54. .clang-tidy
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. .vpython
  61. .vpython3
  62. .yapfignore
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. ENG_REVIEW_OWNERS
  70. LICENSE
  71. LICENSE.chromium_os
  72. OWNERS
  73. PRESUBMIT.py
  74. PRESUBMIT_test.py
  75. PRESUBMIT_test_mocks.py
  76. README.md
  77. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.