From: uazo <uazo@users.noreply.github.com>
Date: Mon, 26 Apr 2021 15:04:11 +0000
Subject: Add IsCleartextPermitted flag

Original License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
---
 chrome/browser/about_flags.cc           | 4 ++++
 chrome/browser/flag_descriptions.cc     | 4 ++++
 chrome/browser/flag_descriptions.h      | 3 +++
 net/base/features.cc                    | 4 ++++
 net/base/features.h                     | 2 ++
 net/url_request/url_request_http_job.cc | 4 ++++
 6 files changed, 21 insertions(+)

diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -9867,6 +9867,10 @@ const FeatureEntry kFeatureEntries[] = {
      flag_descriptions::kForceOffTextAutosizingName,
      flag_descriptions::kForceOffTextAutosizingDescription, kOsAndroid,
      FEATURE_VALUE_TYPE(features::kForceOffTextAutosizing)},
+    {"cleartext-permitted",
+     flag_descriptions::kIsCleartextPermittedName,
+     flag_descriptions::kIsCleartextPermittedDescription, kOsAndroid,
+     FEATURE_VALUE_TYPE(net::features::kIsCleartextPermitted)},
 #endif
 
 #if BUILDFLAG(IS_ANDROID)
diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc
@@ -2001,6 +2001,10 @@ const char kHttpsUpgradesDescription[] =
     "Enable automatically upgrading all top-level navigations to HTTPS with "
     "fast fallback to HTTP.";
 
+const char kIsCleartextPermittedName[] = "Allow cleartext traffic";
+const char kIsCleartextPermittedDescription[] =
+    "Allow insecure connections over HTTP";
+
 const char kIgnoreGpuBlocklistName[] = "Override software rendering list";
 const char kIgnoreGpuBlocklistDescription[] =
     "Overrides the built-in software rendering list and enables "
diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
--- a/chrome/browser/flag_descriptions.h
+++ b/chrome/browser/flag_descriptions.h
@@ -1123,6 +1123,9 @@ extern const char kStorageBucketsDescription[];
 extern const char kHideIncognitoMediaMetadataName[];
 extern const char kHideIncognitoMediaMetadataDescription[];
 
+extern const char kIsCleartextPermittedName[];
+extern const char kIsCleartextPermittedDescription[];
+
 extern const char kHttpsFirstModeV2Name[];
 extern const char kHttpsFirstModeV2Description[];
 
diff --git a/net/base/features.cc b/net/base/features.cc
--- a/net/base/features.cc
+++ b/net/base/features.cc
@@ -146,6 +146,10 @@ BASE_FEATURE(kHttpCacheKeyingExperimentControlGroup,
              "HttpCacheKeyingExperimentControlGroup",
              base::FEATURE_DISABLED_BY_DEFAULT);
 
+BASE_FEATURE(kIsCleartextPermitted,
+             "IsCleartextPermitted",
+             base::FEATURE_ENABLED_BY_DEFAULT);
+
 BASE_FEATURE(kTLS13KeyUpdate,
              "TLS13KeyUpdate",
              base::FEATURE_DISABLED_BY_DEFAULT);
diff --git a/net/base/features.h b/net/base/features.h
--- a/net/base/features.h
+++ b/net/base/features.h
@@ -30,6 +30,8 @@ NET_EXPORT BASE_DECLARE_FEATURE(kAvoidH2Reprioritization);
 // origin requests are restricted to contain at most the source origin.
 NET_EXPORT BASE_DECLARE_FEATURE(kCapReferrerToOriginOnCrossOrigin);
 
+NET_EXPORT BASE_DECLARE_FEATURE(kIsCleartextPermitted);
+
 // Support for altering the parameters used for DNS transaction timeout. See
 // ResolveContext::SecureTransactionTimeout().
 NET_EXPORT BASE_DECLARE_FEATURE(kDnsTransactionDynamicTimeouts);
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -233,6 +233,10 @@ std::unique_ptr<URLRequestJob> URLRequestHttpJob::Create(URLRequest* request) {
     }
 
 #if BUILDFLAG(IS_ANDROID)
+    if (base::FeatureList::IsEnabled(net::features::kIsCleartextPermitted) == false) {
+      return std::make_unique<URLRequestErrorJob>(request,
+                                                  ERR_CLEARTEXT_NOT_PERMITTED);
+    }
     // Check whether the app allows cleartext traffic to this host, and return
     // ERR_CLEARTEXT_NOT_PERMITTED if not.
     if (request->context()->check_cleartext_permitted() &&
--
2.25.1