Prepend rather than append the <local> proxy bypass rule on Chrome OS.

This fixes BasicAuthWSConnect.BasicAuthWSConnect. The ordering of proxy bypass rules only mattered until recently, with the addition of the <-loopback> bypass rule (Issue 413511). That rule gives a way to "subtract" the bypass of localhost, and can be used by tests need to proxy localhost (see Issue 901896). Because later rules have priority over earlier rules, we need to move <local> to the front, or it won't be possible for user-provided (explicit) rules to override it. Bug: 902418 Change-Id: I40fb6e23e7b79ba628595cd6724de627bedb5f73 Reviewed-on: https://chromium-review.googlesource.com/c/1321853 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#607267}

Prepend rather than append the <local> proxy bypass rule on Chrome OS.
This fixes BasicAuthWSConnect.BasicAuthWSConnect. The ordering of proxy bypass rules only mattered until recently, with the addition of the <-loopback> bypass rule (Issue 413511). That rule gives a way to "subtract" the bypass of localhost, and can be used by tests need to proxy localhost (see Issue 901896). Because later rules have priority over earlier rules, we need to move <local> to the front, or it won't be possible for user-provided (explicit) rules to override it. Bug: 902418 Change-Id: I40fb6e23e7b79ba628595cd6724de627bedb5f73 Reviewed-on: https://chromium-review.googlesource.com/c/1321853 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#607267}
efdf315b · Eric Roman · Commit Bot · c25c2041 · efdf315b · efdf315b
Commit efdf315b authored Nov 12, 2018 by Eric Roman Committed by Commit Bot Nov 12, 2018
11 changed files
--- a/chrome/browser/chromeos/proxy_config_service_impl_unittest.cc
+++ b/chrome/browser/chromeos/proxy_config_service_impl_unittest.cc
@@ -217,7 +217,7 @@ const struct TestParams {
    net::ProxyRulesExpectation::Single(  // proxy_rules
        "www.google.com:80",             // single proxy
        // bypass_rules
-        "*.google.com,*foo.com:99,1.2.3.4:22,127.0.0.1/8,<local>"),
+        "<local>,*.google.com,*foo.com:99,1.2.3.4:22,127.0.0.1/8"),
  },
 };  // tests

--- a/chrome/browser/net/proxy_browsertest.cc
+++ b/chrome/browser/net/proxy_browsertest.cc
@@ -135,16 +135,10 @@ class ProxyBrowserTest : public InProcessBrowserTest {
  DISALLOW_COPY_AND_ASSIGN(ProxyBrowserTest);
 };
-// We bypass manually installed proxy for localhost on chromeos.
-#if defined(OS_CHROMEOS)
-#define MAYBE_BasicAuthWSConnect DISABLED_BasicAuthWSConnect
-#else
-#define MAYBE_BasicAuthWSConnect BasicAuthWSConnect
-#endif
 // Test that the browser can establish a WebSocket connection via a proxy
 // that requires basic authentication. This test also checks the headers
 // arrive at WebSocket server.
-IN_PROC_BROWSER_TEST_F(ProxyBrowserTest, MAYBE_BasicAuthWSConnect) {
+IN_PROC_BROWSER_TEST_F(ProxyBrowserTest, BasicAuthWSConnect) {
  // Launch WebSocket server.
  net::SpawnedTestServer ws_server(net::SpawnedTestServer::TYPE_WS,
                                   net::GetWebSocketTestDataDirectory());

--- a/chromeos/network/proxy/proxy_config_service_impl.cc
+++ b/chromeos/network/proxy/proxy_config_service_impl.cc
@@ -262,7 +262,7 @@ void ProxyConfigServiceImpl::DetermineEffectiveConfigFromDefaultNetwork() {
  if (effective_config.value().proxy_rules().type !=
      net::ProxyConfig::ProxyRules::Type::EMPTY) {
    net::ProxyConfig proxy_config = effective_config.value();
-    proxy_config.proxy_rules().bypass_rules.AddRuleToBypassLocal();
+    proxy_config.proxy_rules().bypass_rules.PrependRuleToBypassLocal();
    effective_config = net::ProxyConfigWithAnnotation(
        proxy_config, effective_config.traffic_annotation());
  }

--- a/chromeos/test/data/network/proxy_config.json
+++ b/chromeos/test/data/network/proxy_config.json
@@ -47,12 +47,12 @@
        }
      },
      "ExcludeDomains": [
-        "google.com",
+        "<local>",
-        "<local>"
+        "google.com"
      ]
    },
    "ProxyConfig": {
-      "bypass_list":"google.com;\u003Clocal\u003E;",
+      "bypass_list":"\u003Clocal\u003E;google.com;",
      "mode":"fixed_servers",
      "server":"ftp=ftp.example.com:5678;http=http.example.com:1234;socks=socks5://socks.example.com:7890;https=https.example.com:3456"
    }

--- a/chromeos/test/data/network/shill_wifi_proxy.json
+++ b/chromeos/test/data/network/shill_wifi_proxy.json
 {
  "Mode": "managed",
-  "ProxyConfig": "{\"bypass_list\":\"google.com;\\u003Clocal>;\",\"mode\":\"fixed_servers\",\"server\":\"ftp=ftp.example.com:5678;http=http.example.com:1234;socks=socks5://socks.example.com:7890;https=https.example.com:3456\"}",
+  "ProxyConfig": "{\"bypass_list\":\"\\u003Clocal>;google.com;\",\"mode\":\"fixed_servers\",\"server\":\"ftp=ftp.example.com:5678;http=http.example.com:1234;socks=socks5://socks.example.com:7890;https=https.example.com:3456\"}",
  "SecurityClass": "none",
  "Type": "wifi",
 }
--- a/chromeos/test/data/network/toplevel_wifi_wep_proxy.onc
+++ b/chromeos/test/data/network/toplevel_wifi_wep_proxy.onc
@@ -30,8 +30,8 @@
          }
        },
        "ExcludeDomains": [
-          "google.com",
+          "<local>",
-          "<local>"
+          "google.com"
        ]
      }
    }

--- a/chromeos/test/data/network/translation_of_shill_wifi_proxy.onc
+++ b/chromeos/test/data/network/translation_of_shill_wifi_proxy.onc
@@ -21,8 +21,8 @@
      }
    },
    "ExcludeDomains": [
-      "google.com",
+      "<local>",
-      "<local>"
+      "google.com"
    ]
  },
  "Type": "WiFi",

--- a/chromeos/test/data/network/wifi_proxy.onc
+++ b/chromeos/test/data/network/wifi_proxy.onc
@@ -21,8 +21,8 @@
      }
    },
    "ExcludeDomains": [
-      "google.com",
+      "<local>",
-      "<local>"
+      "google.com"
    ]
  },
  "Type": "WiFi",

--- a/net/proxy_resolution/proxy_bypass_rules.cc
+++ b/net/proxy_resolution/proxy_bypass_rules.cc
@@ -382,8 +382,8 @@ bool ProxyBypassRules::AddRuleForHostname(const std::string& optional_scheme,
  return true;
 }
-void ProxyBypassRules::AddRuleToBypassLocal() {
+void ProxyBypassRules::PrependRuleToBypassLocal() {
-  rules_.push_back(std::make_unique<WinLocalRule>());
+  rules_.insert(rules_.begin(), std::make_unique<WinLocalRule>());
 }
 bool ProxyBypassRules::AddRuleFromString(const std::string& raw_untrimmed,

--- a/net/proxy_resolution/proxy_bypass_rules.h
+++ b/net/proxy_resolution/proxy_bypass_rules.h
@@ -122,14 +122,14 @@ class NET_EXPORT ProxyBypassRules {
                          const std::string& hostname_pattern,
                          int optional_port);
-  // Adds a rule that bypasses all "local" hostnames.
+  // Adds a rule to the front of the list that bypasses all "local" hostnames.
  // This matches IE's interpretation of the
  // "Bypass proxy server for local addresses" settings checkbox. Fully
  // qualified domain names or IP addresses are considered non-local,
  // regardless of what they map to (except for the loopback addresses).
  //
  // TODO(https://crbug.com/902579): Fix.
-  void AddRuleToBypassLocal();
+  void PrependRuleToBypassLocal();
  // Adds a rule given by the string |raw|. The format of |raw| can be any of
  // the following:

--- a/net/proxy_resolution/proxy_config_service_mac.cc
+++ b/net/proxy_resolution/proxy_config_service_mac.cc
@@ -153,7 +153,7 @@ void GetCurrentProxyConfig(const NetworkTrafficAnnotationTag traffic_annotation,
  if (GetBoolFromDictionary(config_dict.get(),
                            kSCPropNetProxiesExcludeSimpleHostnames,
                            false)) {
-    proxy_config.proxy_rules().bypass_rules.AddRuleToBypassLocal();
+    proxy_config.proxy_rules().bypass_rules.PrependRuleToBypassLocal();
  }
  *config = ProxyConfigWithAnnotation(proxy_config, traffic_annotation);