diff options
author | Yigit Akcay <yigit.akcay@qt.io> | 2023-03-14 17:31:11 +0100 |
---|---|---|
committer | Yigit Akcay <yigit.akcay@qt.io> | 2023-04-28 00:52:19 +0200 |
commit | 6b3e7f2baa17a5bff7051949f743f2ec6926ec06 (patch) | |
tree | 2780164be712708f0018ff61306c872c2c033048 /src | |
parent | a2d0bb9ef69bb5d677d177d91dd9ad414b915436 (diff) |
Allow configuration of DNS-over-HTTPS
Implement QWebEngineGlobalSettings, a singleton class that contains
global web engine settings (currently only for DoH).
Allow the user to configure the stub host resolver to enable
DNS-over-HTTPS.
Fixes: QTBUG-98284
Change-Id: I1b06737c84e1b8d613aa257f4a891f82cac21013
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/api/CMakeLists.txt | 2 | ||||
-rw-r--r-- | src/core/api/qwebengineglobalsettings.cpp | 92 | ||||
-rw-r--r-- | src/core/api/qwebengineglobalsettings.h | 42 | ||||
-rw-r--r-- | src/core/api/qwebengineglobalsettings_p.h | 43 | ||||
-rw-r--r-- | src/core/net/system_network_context_manager.cpp | 36 | ||||
-rw-r--r-- | src/core/net/system_network_context_manager.h | 4 |
6 files changed, 210 insertions, 9 deletions
diff --git a/src/core/api/CMakeLists.txt b/src/core/api/CMakeLists.txt index ba973fd32..32b3451bd 100644 --- a/src/core/api/CMakeLists.txt +++ b/src/core/api/CMakeLists.txt @@ -38,6 +38,7 @@ qt_internal_add_module(WebEngineCore qwebengineurlrequestjob.cpp qwebengineurlrequestjob.h qwebengineurlscheme.cpp qwebengineurlscheme.h qwebengineurlschemehandler.cpp qwebengineurlschemehandler.h + qwebengineglobalsettings.cpp qwebengineglobalsettings.h qwebengineglobalsettings_p.h DEFINES BUILDING_CHROMIUM NOMINMAX @@ -46,6 +47,7 @@ qt_internal_add_module(WebEngineCore ../../3rdparty/chromium ../../3rdparty/chromium/third_party/abseil-cpp ../../3rdparty/chromium/third_party/perfetto/include + ../../3rdparty/chromium/third_party/boringssl/src/include LIBRARIES Qt::CorePrivate Qt::GuiPrivate diff --git a/src/core/api/qwebengineglobalsettings.cpp b/src/core/api/qwebengineglobalsettings.cpp new file mode 100644 index 000000000..685d9d593 --- /dev/null +++ b/src/core/api/qwebengineglobalsettings.cpp @@ -0,0 +1,92 @@ +// Copyright (C) 2023 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +#include "services/network/network_service.h" +#include "content/public/browser/network_service_instance.h" + +#include "qwebengineglobalsettings.h" +#include "qwebengineglobalsettings_p.h" + +QT_BEGIN_NAMESPACE + +/*! + \class QWebEngineGlobalSettings + \brief The QWebEngineGlobalSettings class configures global properties of the web engine. + \since 6.6 + \inmodule QtWebEngineCore + + The QWebEngineGlobalSettings class is a singleton that configures global properties + of the web engine. + + Invoke configureDnsOverHttps() to configure DNS-over-HTTPS capabilities. + + \sa QWebEngineGlobalSettings::configureDnsOverHttps() +*/ + +QWebEngineGlobalSettings::QWebEngineGlobalSettings(QObject *p) + : QObject(p), d_ptr(new QWebEngineGlobalSettingsPrivate) +{ +} + +QWebEngineGlobalSettings::~QWebEngineGlobalSettings() { } + +/*! + \fn QWebEngineGlobalSettings *QWebEngineGlobalSettings::GetInstance() + + Gets the global instance of QWebEngineGlobalSettings. +*/ +QWebEngineGlobalSettings *QWebEngineGlobalSettings::GetInstance() +{ + static QWebEngineGlobalSettings settings; + return &settings; +} + +/*! + \enum QWebEngineGlobalSettings::DnsMode + + This enum sets the DNS-over-HTTPS mode: + + \value WithFallback Enable DNS-over-HTTPS with fallbacks. If a host + can't be resolved, try the insecure DNS client of Chromium. If that fails as + well, try the system DNS host resolution, which can be secure or insecure. + \value Secure Enable DNS-over-HTTPS and only allow the secure Chromium + DNS client to resolve hosts. +*/ + +/*! + \fn QWebEngineGlobalSettings::configureDnsOverHttps(const DnsMode dnsMode, + const QString &dnsOverHttpsTemplates) + + Configures the Chromium stub host resolver, thus allowing DNS-over-HTTPS functionality. + + Set \a dnsMode to QWebEngineGlobalSettings::DnsMode::WithFallback to enable secure DNS + host resolution with a fallback to insecure DNS host resolution and a final fallback to + the system DNS resolution, which can be secure or insecure. Set it to + QWebEngineGlobalSettings::DnsMode::Secure to only allow secure DNS host resolution via + the Chromium DNS client. + + Independently of \a {dnsMode}, \a dnsOverHttpsTemplates has to be set to one or multiple + valid \l{https://datatracker.ietf.org/doc/html/rfc6570}{URI templates} separated by + whitespace characters. One example URI template is https://dns.google/dns-query{?dns}. +*/ +void QWebEngineGlobalSettings::configureDnsOverHttps(const DnsMode dnsMode, + const QString &dnsOverHttpsTemplates) +{ + Q_D(QWebEngineGlobalSettings); + + d->dnsMode = dnsMode; + d->dnsOverHttpsTemplates = dnsOverHttpsTemplates.toStdString(); + d->isDnsOverHttpsUserConfigured = true; + + // Make sure that DoH settings are in effect immediately if the network service already exists, + // thus allowing to change DoH configuration at any point + network::mojom::NetworkService *networkService = content::GetNetworkService(); + if (networkService) { + networkService->ConfigureStubHostResolver( + d->insecureDnsClientEnabled, net::SecureDnsMode(d->dnsMode), + *net::DnsOverHttpsConfig::FromString(d->dnsOverHttpsTemplates), + d->additionalInsecureDnsTypesEnabled); + } +} + +QT_END_NAMESPACE diff --git a/src/core/api/qwebengineglobalsettings.h b/src/core/api/qwebengineglobalsettings.h new file mode 100644 index 000000000..a65a08359 --- /dev/null +++ b/src/core/api/qwebengineglobalsettings.h @@ -0,0 +1,42 @@ +// Copyright (C) 2023 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +#ifndef QWEBENGINEGLOBALSETTINGS_H +#define QWEBENGINEGLOBALSETTINGS_H + +#include <QtWebEngineCore/qtwebenginecoreglobal.h> +#include <QtCore/QObject> +#include <QtCore/QScopedPointer> + +namespace QtWebEngineCore { +class SystemNetworkContextManager; +} + +QT_BEGIN_NAMESPACE + +class QWebEngineGlobalSettingsPrivate; + +class Q_WEBENGINECORE_EXPORT QWebEngineGlobalSettings : public QObject +{ + Q_OBJECT + Q_DISABLE_COPY(QWebEngineGlobalSettings) +public: + static QWebEngineGlobalSettings *GetInstance(); + + // Mapping net::SecureDnsMode + enum class DnsMode { WithFallback = 1, Secure = 2 }; + + void configureDnsOverHttps(const DnsMode dnsMode, const QString &dnsOverHttpsTemplates); + +private: + QWebEngineGlobalSettings(QObject *p = nullptr); + ~QWebEngineGlobalSettings(); + + friend class QtWebEngineCore::SystemNetworkContextManager; + Q_DECLARE_PRIVATE(QWebEngineGlobalSettings) + QScopedPointer<QWebEngineGlobalSettingsPrivate> d_ptr; +}; + +QT_END_NAMESPACE + +#endif // QWEBENGINEGLOBALSETTINGS_H diff --git a/src/core/api/qwebengineglobalsettings_p.h b/src/core/api/qwebengineglobalsettings_p.h new file mode 100644 index 000000000..4c15f62b0 --- /dev/null +++ b/src/core/api/qwebengineglobalsettings_p.h @@ -0,0 +1,43 @@ +// Copyright (C) 2023 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +#ifndef QWEBENGINEGLOBALSETTINGS_P_H +#define QWEBENGINEGLOBALSETTINGS_P_H + +// +// W A R N I N G +// ------------- +// +// This file is not part of the Qt API. It exists purely as an +// implementation detail. This header file may change from version to +// version without notice, or even be removed. +// +// We mean it. +// + +#include "qtwebenginecoreglobal_p.h" +#include "qwebengineglobalsettings.h" +#include <string> + +QT_BEGIN_NAMESPACE + +class Q_WEBENGINECORE_PRIVATE_EXPORT QWebEngineGlobalSettingsPrivate +{ +public: + QWebEngineGlobalSettingsPrivate() + : dnsMode(QWebEngineGlobalSettings::DnsMode::WithFallback) + , dnsOverHttpsTemplates("") + , insecureDnsClientEnabled(true) + , additionalInsecureDnsTypesEnabled(true) + , isDnsOverHttpsUserConfigured(false){}; + + QWebEngineGlobalSettings::DnsMode dnsMode; + std::string dnsOverHttpsTemplates; + bool insecureDnsClientEnabled; + bool additionalInsecureDnsTypesEnabled; + bool isDnsOverHttpsUserConfigured; +}; + +QT_END_NAMESPACE + +#endif // QWEBENGINEGLOBALSETTINGS_P_H diff --git a/src/core/net/system_network_context_manager.cpp b/src/core/net/system_network_context_manager.cpp index 83e122aab..8df65b7a5 100644 --- a/src/core/net/system_network_context_manager.cpp +++ b/src/core/net/system_network_context_manager.cpp @@ -29,6 +29,8 @@ #include "services/network/public/mojom/cert_verifier_service.mojom.h" #include "services/network/public/mojom/network_context.mojom.h" #include "services/proxy_resolver/public/mojom/proxy_resolver.mojom.h" +#include "api/qwebengineglobalsettings.h" +#include "api/qwebengineglobalsettings_p.h" #if BUILDFLAG(IS_WIN) #include "chrome/browser/net/chrome_mojo_proxy_resolver_win.h" @@ -38,9 +40,6 @@ namespace { -// The global instance of the SystemNetworkContextmanager. -SystemNetworkContextManager *g_system_network_context_manager = nullptr; - network::mojom::HttpAuthStaticParamsPtr CreateHttpAuthStaticParams() { network::mojom::HttpAuthStaticParamsPtr auth_static_params = @@ -65,6 +64,11 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() } // namespace +namespace QtWebEngineCore { + +// The global instance of the SystemNetworkContextmanager. +SystemNetworkContextManager *g_system_network_context_manager = nullptr; + // SharedURLLoaderFactory backed by a SystemNetworkContextManager and its // network context. Transparently handles crashes. class SystemNetworkContextManager::URLLoaderFactoryForSystem : public network::SharedURLLoaderFactory @@ -255,12 +259,24 @@ void SystemNetworkContextManager::OnNetworkServiceCreated(network::mojom::Networ network_service->SetExplicitlyAllowedPorts(explicitly_allowed_network_ports); } - // Configure the stub resolver. This must be done after the system - // NetworkContext is created, but before anything has the chance to use it. - // bool stub_resolver_enabled; - // absl::optional<std::vector<network::mojom::DnsOverHttpsServerPtr>> dns_over_https_servers; - // GetStubResolverConfig(local_state_, &stub_resolver_enabled, &dns_over_https_servers); - // content::GetNetworkService()->ConfigureStubHostResolver(stub_resolver_enabled, std::move(dns_over_https_servers)); + + // The network service is a singleton that can be reinstantiated for different reasons, + // e.g., when the network service crashes. Therefore, we configure the stub host + // resolver of the network service here, each time it is instantiated, with our global + // DNS-Over-HTTPS settings. This ensures that the global settings don't get lost + // on reinstantiation and are in effect upon initial instantiation. + QWebEngineGlobalSettings *const globalSettings = QWebEngineGlobalSettings::GetInstance(); + if (globalSettings->d_ptr->isDnsOverHttpsUserConfigured) { + const bool insecureDnsClientEnabled = globalSettings->d_ptr->insecureDnsClientEnabled; + const bool additionalInsecureDnsTypesEnabled = + globalSettings->d_ptr->additionalInsecureDnsTypesEnabled; + const net::SecureDnsMode dnsMode = net::SecureDnsMode(globalSettings->d_ptr->dnsMode); + const absl::optional<net::DnsOverHttpsConfig> dnsOverHttpsTemplates = + net::DnsOverHttpsConfig::FromString(globalSettings->d_ptr->dnsOverHttpsTemplates); + content::GetNetworkService()->ConfigureStubHostResolver(insecureDnsClientEnabled, dnsMode, + *dnsOverHttpsTemplates, + additionalInsecureDnsTypesEnabled); + } } void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(network::mojom::NetworkContextParams *network_context_params) @@ -320,3 +336,5 @@ network::mojom::NetworkContextParamsPtr SystemNetworkContextManager::CreateNetwo content::GetCertVerifierParams(std::move(cert_verifier_creation_params)); return network_context_params; } + +} // namespace QtWebEngineCore diff --git a/src/core/net/system_network_context_manager.h b/src/core/net/system_network_context_manager.h index fa761cb44..d56bdab78 100644 --- a/src/core/net/system_network_context_manager.h +++ b/src/core/net/system_network_context_manager.h @@ -28,6 +28,8 @@ class URLLoaderFactory; class SharedURLLoaderFactory; } // namespace network +namespace QtWebEngineCore { + // Responsible for creating and managing access to the system NetworkContext. // Lives on the UI thread. The NetworkContext this owns is intended for requests // not associated with a profile. It stores no data on disk, and has no HTTP @@ -114,4 +116,6 @@ private: ProxyConfigMonitor proxy_config_monitor_; }; +} // namespace QtWebEngineCore + #endif // SYSTEM_NETWORK_CONTEXT_MANAGER_H_ |