Add disable_secure_dns field to URLRequest.

This change will allow URLRequests to bypass DoH during hostname resolution. Change-Id: Ic5a5346d57bf8fc639a82ff8b284f4e11893745d Bug: 1012268 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1842562 Commit-Queue: Katharine Daly <dalyk@google.com> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Eric Orth <ericorth@chromium.org> Cr-Commit-Position: refs/heads/master@{#706093}

Add disable_secure_dns field to URLRequest.
This change will allow URLRequests to bypass DoH during hostname resolution. Change-Id: Ic5a5346d57bf8fc639a82ff8b284f4e11893745d Bug: 1012268 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1842562 Commit-Queue: Katharine Daly <dalyk@google.com> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Eric Orth <ericorth@chromium.org> Cr-Commit-Position: refs/heads/master@{#706093}
7084d3cd · dalyk · Commit Bot · a96eda87 · 7084d3cd · 7084d3cd
Commit 7084d3cd authored Oct 15, 2019 by dalyk Committed by Commit Bot Oct 15, 2019
4 changed files
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -432,6 +432,10 @@ void URLRequest::SetLoadFlags(int flags) {
    SetPriority(MAXIMUM_PRIORITY);
 }
+void URLRequest::SetDisableSecureDns(bool disable_secure_dns) {
+  disable_secure_dns_ = disable_secure_dns;
+}
 // static
 void URLRequest::SetDefaultCookiePolicyToBlock() {
  CHECK(!g_url_requests_started);
@@ -566,6 +570,7 @@ URLRequest::URLRequest(const GURL& url,
      first_party_url_policy_(NEVER_CHANGE_FIRST_PARTY_URL),
      load_flags_(LOAD_NORMAL),
      privacy_mode_(PRIVACY_MODE_ENABLED),
+      disable_secure_dns_(false),
 #if BUILDFLAG(ENABLE_REPORTING)
      reporting_upload_depth_(0),
 #endif

--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -547,6 +547,9 @@ class NET_EXPORT URLRequest : public base::SupportsUserData {
  // the request is redirected.
  PrivacyMode privacy_mode() { return privacy_mode_; }
+  // Returns whether secure DNS should be disabled for the request.
+  bool disable_secure_dns() { return disable_secure_dns_; }
  void set_maybe_sent_cookies(CookieStatusList cookies);
  void set_maybe_stored_cookies(CookieAndLineStatusList cookies);
@@ -574,6 +577,9 @@ class NET_EXPORT URLRequest : public base::SupportsUserData {
  // the priority of this request must already be MAXIMUM_PRIORITY.
  void SetLoadFlags(int flags);
+  // Sets whether secure DNS should be disabled for the request.
+  void SetDisableSecureDns(bool disable_secure_dns);
  // Returns true if the request is "pending" (i.e., if Start() has been called,
  // and the response has not yet been called).
  bool is_pending() const { return is_pending_; }
@@ -859,6 +865,7 @@ class NET_EXPORT URLRequest : public base::SupportsUserData {
  int load_flags_;  // Flags indicating the request type for the load;
                    // expected values are LOAD_* enums above.
  PrivacyMode privacy_mode_;
+  bool disable_secure_dns_;
  CookieStatusList maybe_sent_cookies_;
  CookieAndLineStatusList maybe_stored_cookies_;

--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -337,6 +337,7 @@ void URLRequestHttpJob::Start() {
  request_info_.network_isolation_key = request_->network_isolation_key();
  request_info_.load_flags = request_->load_flags();
+  request_info_.disable_secure_dns = request_->disable_secure_dns();
  request_info_.traffic_annotation =
      net::MutableNetworkTrafficAnnotationTag(request_->traffic_annotation());
  request_info_.socket_tag = request_->socket_tag();

--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -1227,6 +1227,44 @@ TEST_F(URLRequestTest, NetworkDelegateProxyError) {
  EXPECT_EQ(1, network_delegate.completed_requests());
 }
+TEST_F(URLRequestTest, SkipSecureDnsDisabledByDefault) {
+  MockHostResolver host_resolver;
+  TestNetworkDelegate network_delegate;  // Must outlive URLRequest.
+  TestURLRequestContext context(true);
+  context.set_network_delegate(&network_delegate);
+  context.set_host_resolver(&host_resolver);
+  context.Init();
+  TestDelegate d;
+  std::unique_ptr<URLRequest> req(
+      context.CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
+                            TRAFFIC_ANNOTATION_FOR_TESTS));
+  req->Start();
+  d.RunUntilComplete();
+  EXPECT_FALSE(host_resolver.last_secure_dns_mode_override().has_value());
+}
+TEST_F(URLRequestTest, SkipSecureDnsEnabled) {
+  MockHostResolver host_resolver;
+  TestNetworkDelegate network_delegate;  // Must outlive URLRequest.
+  TestURLRequestContext context(true);
+  context.set_network_delegate(&network_delegate);
+  context.set_host_resolver(&host_resolver);
+  context.Init();
+  TestDelegate d;
+  std::unique_ptr<URLRequest> req(
+      context.CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
+                            TRAFFIC_ANNOTATION_FOR_TESTS));
+  req->SetDisableSecureDns(true);
+  req->Start();
+  d.RunUntilComplete();
+  EXPECT_EQ(net::DnsConfig::SecureDnsMode::OFF,
+            host_resolver.last_secure_dns_mode_override().value());
+}
 // Make sure that NetworkDelegate::NotifyCompleted is called if
 // content is empty.
 TEST_F(URLRequestTest, RequestCompletionForEmptyResponse) {