66 lines
3.0 KiB
Diff
66 lines
3.0 KiB
Diff
|
From: uazo <uazo@users.noreply.github.com>
|
||
|
Date: Tue, 1 Aug 2023 13:56:42 +0000
|
||
|
Subject: Disable remote altsvc for h3 connections
|
||
|
|
||
|
and only sets the use of port 443
|
||
|
|
||
|
License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
|
||
|
---
|
||
|
net/http/http_server_properties_manager.cc | 2 +-
|
||
|
net/http/http_stream_factory_job_controller.cc | 9 ++-------
|
||
|
net/quic/quic_context.h | 2 +-
|
||
|
3 files changed, 4 insertions(+), 9 deletions(-)
|
||
|
|
||
|
diff --git a/net/http/http_server_properties_manager.cc b/net/http/http_server_properties_manager.cc
|
||
|
--- a/net/http/http_server_properties_manager.cc
|
||
|
+++ b/net/http/http_server_properties_manager.cc
|
||
|
@@ -38,7 +38,7 @@ const int kMissingVersion = 0;
|
||
|
const int kVersionNumber = 5;
|
||
|
|
||
|
// Persist at most 200 currently-broken alternative services to disk.
|
||
|
-const int kMaxBrokenAlternativeServicesToPersist = 200;
|
||
|
+const int kMaxBrokenAlternativeServicesToPersist = 0;
|
||
|
|
||
|
const char kServerKey[] = "server";
|
||
|
const char kQuicServerIdKey[] = "server_id";
|
||
|
diff --git a/net/http/http_stream_factory_job_controller.cc b/net/http/http_stream_factory_job_controller.cc
|
||
|
--- a/net/http/http_stream_factory_job_controller.cc
|
||
|
+++ b/net/http/http_stream_factory_job_controller.cc
|
||
|
@@ -1233,11 +1233,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal(
|
||
|
// single user on a multi-user system to hijack the alternate protocol.
|
||
|
// These systems also enforce ports <1024 as restricted ports. So don't
|
||
|
// allow protocol upgrades to user-controllable ports.
|
||
|
- const int kUnrestrictedPort = 1024;
|
||
|
- if (!session_->params().enable_user_alternate_protocol_ports &&
|
||
|
- (alternative_service_info.alternative_service().port >=
|
||
|
- kUnrestrictedPort &&
|
||
|
- original_url.EffectiveIntPort() < kUnrestrictedPort))
|
||
|
+ if (alternative_service_info.alternative_service().port != 443)
|
||
|
continue;
|
||
|
|
||
|
if (alternative_service_info.protocol() == kProtoHTTP2) {
|
||
|
@@ -1274,8 +1270,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal(
|
||
|
|
||
|
GURL destination = CreateAltSvcUrl(
|
||
|
original_url, alternative_service_info.host_port_pair());
|
||
|
- if (session_key.host() != destination.host_piece() &&
|
||
|
- !session_->context().quic_context->params()->allow_remote_alt_svc) {
|
||
|
+ if (session_key.host() != destination.host_piece()) {
|
||
|
continue;
|
||
|
}
|
||
|
RewriteUrlWithHostMappingRules(destination);
|
||
|
diff --git a/net/quic/quic_context.h b/net/quic/quic_context.h
|
||
|
--- a/net/quic/quic_context.h
|
||
|
+++ b/net/quic/quic_context.h
|
||
|
@@ -179,7 +179,7 @@ struct NET_EXPORT QuicParams {
|
||
|
bool allow_server_migration = false;
|
||
|
// If true, allows QUIC to use alternative services with a different
|
||
|
// hostname from the origin.
|
||
|
- bool allow_remote_alt_svc = true;
|
||
|
+ bool allow_remote_alt_svc = false; // Disabled by default
|
||
|
// If true, estimate the initial RTT for QUIC connections based on network.
|
||
|
bool estimate_initial_rtt = false;
|
||
|
// The initial rtt that will be used in crypto handshake if no cached
|
||
|
--
|
||
|
2.25.1
|