LeOSium_webview/LeOS/patches/00Disable-remote-altsvc-for...

66 lines
3.0 KiB
Diff
Raw Permalink Normal View History

2023-11-18 11:46:19 +01:00
From: uazo <uazo@users.noreply.github.com>
Date: Tue, 1 Aug 2023 13:56:42 +0000
Subject: Disable remote altsvc for h3 connections
and only sets the use of port 443
License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
---
net/http/http_server_properties_manager.cc | 2 +-
net/http/http_stream_factory_job_controller.cc | 9 ++-------
net/quic/quic_context.h | 2 +-
3 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/net/http/http_server_properties_manager.cc b/net/http/http_server_properties_manager.cc
--- a/net/http/http_server_properties_manager.cc
+++ b/net/http/http_server_properties_manager.cc
@@ -38,7 +38,7 @@ const int kMissingVersion = 0;
const int kVersionNumber = 5;
// Persist at most 200 currently-broken alternative services to disk.
-const int kMaxBrokenAlternativeServicesToPersist = 200;
+const int kMaxBrokenAlternativeServicesToPersist = 0;
const char kServerKey[] = "server";
const char kQuicServerIdKey[] = "server_id";
diff --git a/net/http/http_stream_factory_job_controller.cc b/net/http/http_stream_factory_job_controller.cc
--- a/net/http/http_stream_factory_job_controller.cc
+++ b/net/http/http_stream_factory_job_controller.cc
@@ -1233,11 +1233,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal(
// single user on a multi-user system to hijack the alternate protocol.
// These systems also enforce ports <1024 as restricted ports. So don't
// allow protocol upgrades to user-controllable ports.
- const int kUnrestrictedPort = 1024;
- if (!session_->params().enable_user_alternate_protocol_ports &&
- (alternative_service_info.alternative_service().port >=
- kUnrestrictedPort &&
- original_url.EffectiveIntPort() < kUnrestrictedPort))
+ if (alternative_service_info.alternative_service().port != 443)
continue;
if (alternative_service_info.protocol() == kProtoHTTP2) {
@@ -1274,8 +1270,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal(
GURL destination = CreateAltSvcUrl(
original_url, alternative_service_info.host_port_pair());
- if (session_key.host() != destination.host_piece() &&
- !session_->context().quic_context->params()->allow_remote_alt_svc) {
+ if (session_key.host() != destination.host_piece()) {
continue;
}
RewriteUrlWithHostMappingRules(destination);
diff --git a/net/quic/quic_context.h b/net/quic/quic_context.h
--- a/net/quic/quic_context.h
+++ b/net/quic/quic_context.h
@@ -179,7 +179,7 @@ struct NET_EXPORT QuicParams {
bool allow_server_migration = false;
// If true, allows QUIC to use alternative services with a different
// hostname from the origin.
- bool allow_remote_alt_svc = true;
+ bool allow_remote_alt_svc = false; // Disabled by default
// If true, estimate the initial RTT for QUIC connections based on network.
bool estimate_initial_rtt = false;
// The initial rtt that will be used in crypto handshake if no cached
--
2.25.1