Allow configuration of DNS-over-HTTPS

Implement QWebEngineGlobalSettings, a singleton class that contains global web engine settings (currently only for DoH). Allow the user to configure the stub host resolver to enable DNS-over-HTTPS. Fixes: QTBUG-98284 Change-Id: I1b06737c84e1b8d613aa257f4a891f82cac21013 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Yigit Akcay <yigit.akcay@qt.io> 2023-03-14 17:31:11 +0100
committer: Yigit Akcay <yigit.akcay@qt.io> 2023-04-28 00:52:19 +0200
commit: 6b3e7f2baa17a5bff7051949f743f2ec6926ec06 (patch)
tree: 2780164be712708f0018ff61306c872c2c033048 /src/core/net
parent: a2d0bb9ef69bb5d677d177d91dd9ad414b915436 (diff)
2 files changed, 31 insertions, 9 deletions
diff --git a/src/core/net/system_network_context_manager.cpp b/src/core/net/system_network_context_manager.cpp
index 83e122aab..8df65b7a5 100644
--- a/src/core/net/system_network_context_manager.cpp
+++ b/src/core/net/system_network_context_manager.cpp
@@ -29,6 +29,8 @@
 #include "services/network/public/mojom/cert_verifier_service.mojom.h"
 #include "services/network/public/mojom/network_context.mojom.h"
 #include "services/proxy_resolver/public/mojom/proxy_resolver.mojom.h"
+#include "api/qwebengineglobalsettings.h"
+#include "api/qwebengineglobalsettings_p.h"
 
 #if BUILDFLAG(IS_WIN)
 #include "chrome/browser/net/chrome_mojo_proxy_resolver_win.h"
@@ -38,9 +40,6 @@
 
 namespace {
 
-// The global instance of the SystemNetworkContextmanager.
-SystemNetworkContextManager *g_system_network_context_manager = nullptr;
-
 network::mojom::HttpAuthStaticParamsPtr CreateHttpAuthStaticParams()
 {
     network::mojom::HttpAuthStaticParamsPtr auth_static_params =
@@ -65,6 +64,11 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams()
 
 } // namespace
 
+namespace QtWebEngineCore {
+
+// The global instance of the SystemNetworkContextmanager.
+SystemNetworkContextManager *g_system_network_context_manager = nullptr;
+
 // SharedURLLoaderFactory backed by a SystemNetworkContextManager and its
 // network context. Transparently handles crashes.
 class SystemNetworkContextManager::URLLoaderFactoryForSystem : public network::SharedURLLoaderFactory
@@ -255,12 +259,24 @@ void SystemNetworkContextManager::OnNetworkServiceCreated(network::mojom::Networ
 
         network_service->SetExplicitlyAllowedPorts(explicitly_allowed_network_ports);
     }
-    // Configure the stub resolver. This must be done after the system
-    // NetworkContext is created, but before anything has the chance to use it.
-    //    bool stub_resolver_enabled;
-    //    absl::optional<std::vector<network::mojom::DnsOverHttpsServerPtr>> dns_over_https_servers;
-    //    GetStubResolverConfig(local_state_, &stub_resolver_enabled, &dns_over_https_servers);
-    //    content::GetNetworkService()->ConfigureStubHostResolver(stub_resolver_enabled, std::move(dns_over_https_servers));
+
+    // The network service is a singleton that can be reinstantiated for different reasons,
+    // e.g., when the network service crashes. Therefore, we configure the stub host
+    // resolver of the network service here, each time it is instantiated, with our global
+    // DNS-Over-HTTPS settings. This ensures that the global settings don't get lost
+    // on reinstantiation and are in effect upon initial instantiation.
+    QWebEngineGlobalSettings *const globalSettings = QWebEngineGlobalSettings::GetInstance();
+    if (globalSettings->d_ptr->isDnsOverHttpsUserConfigured) {
+        const bool insecureDnsClientEnabled = globalSettings->d_ptr->insecureDnsClientEnabled;
+        const bool additionalInsecureDnsTypesEnabled =
+                globalSettings->d_ptr->additionalInsecureDnsTypesEnabled;
+        const net::SecureDnsMode dnsMode = net::SecureDnsMode(globalSettings->d_ptr->dnsMode);
+        const absl::optional<net::DnsOverHttpsConfig> dnsOverHttpsTemplates =
+                net::DnsOverHttpsConfig::FromString(globalSettings->d_ptr->dnsOverHttpsTemplates);
+        content::GetNetworkService()->ConfigureStubHostResolver(insecureDnsClientEnabled, dnsMode,
+                                                                *dnsOverHttpsTemplates,
+                                                                additionalInsecureDnsTypesEnabled);
+    }
 }
 
 void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(network::mojom::NetworkContextParams *network_context_params)
@@ -320,3 +336,5 @@ network::mojom::NetworkContextParamsPtr SystemNetworkContextManager::CreateNetwo
          content::GetCertVerifierParams(std::move(cert_verifier_creation_params));
     return network_context_params;
 }
+
+} // namespace QtWebEngineCore
diff --git a/src/core/net/system_network_context_manager.h b/src/core/net/system_network_context_manager.h
index fa761cb44..d56bdab78 100644
--- a/src/core/net/system_network_context_manager.h
+++ b/src/core/net/system_network_context_manager.h
@@ -28,6 +28,8 @@ class URLLoaderFactory;
 class SharedURLLoaderFactory;
 } // namespace network
 
+namespace QtWebEngineCore {
+
 // Responsible for creating and managing access to the system NetworkContext.
 // Lives on the UI thread. The NetworkContext this owns is intended for requests
 // not associated with a profile. It stores no data on disk, and has no HTTP
@@ -114,4 +116,6 @@ private:
     ProxyConfigMonitor proxy_config_monitor_;
 };
 
+} // namespace QtWebEngineCore
+
 #endif // SYSTEM_NETWORK_CONTEXT_MANAGER_H_
author	Yigit Akcay <yigit.akcay@qt.io>	2023-03-14 17:31:11 +0100
committer	Yigit Akcay <yigit.akcay@qt.io>	2023-04-28 00:52:19 +0200
commit	6b3e7f2baa17a5bff7051949f743f2ec6926ec06 (patch)
tree	2780164be712708f0018ff61306c872c2c033048 /src/core/net
parent	a2d0bb9ef69bb5d677d177d91dd9ad414b915436 (diff)