1 files changed, 78 insertions, 25 deletions
diff --git a/chromium/net/base/features.h b/chromium/net/base/features.h
index b6b2a4cccf7..a6767bfbe57 100644
--- a/chromium/net/base/features.h
+++ b/chromium/net/base/features.h
@@ -5,8 +5,12 @@
 #ifndef NET_BASE_FEATURES_H_
 #define NET_BASE_FEATURES_H_
 
+#include <string>
+
 #include "base/feature_list.h"
 #include "base/metrics/field_trial_params.h"
+#include "base/strings/string_piece.h"
+#include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/net_buildflags.h"
 
@@ -17,6 +21,10 @@ namespace features {
 // https://github.com/WICG/lang-client-hint proposes that we deprecate.
 NET_EXPORT extern const base::Feature kAcceptLanguageHeader;
 
+// When kCapReferrerToOriginOnCrossOrigin is enabled, HTTP referrers on cross-
+// origin requests are restricted to contain at most the source origin.
+NET_EXPORT extern const base::Feature kCapReferrerToOriginOnCrossOrigin;
+
 // Enables TLS 1.3 early data.
 NET_EXPORT extern const base::Feature kEnableTLS13EarlyData;
 
@@ -25,6 +33,9 @@ NET_EXPORT extern const base::Feature kEnableTLS13EarlyData;
 // cause us to upgrade the URL to HTTPS and/or to attempt QUIC.
 NET_EXPORT extern const base::Feature kDnsHttpssvc;
 
+// Disable H2 reprioritization, in order to measure its impact.
+NET_EXPORT extern const base::Feature kAvoidH2Reprioritization;
+
 // Determine which kind of record should be queried: HTTPSSVC or INTEGRITY. No
 // more than one of these feature parameters should be enabled at once. In the
 // event that both are enabled, |kDnsHttpssvcUseIntegrity| takes priority, and
@@ -32,6 +43,10 @@ NET_EXPORT extern const base::Feature kDnsHttpssvc;
 NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseHttpssvc;
 NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseIntegrity;
 
+// Enable HTTPSSVC or INTEGRITY to be queried over insecure DNS.
+NET_EXPORT extern const base::FeatureParam<bool>
+    kDnsHttpssvcEnableQueryOverInsecure;
+
 // If we are still waiting for an HTTPSSVC or INTEGRITY query after all the
 // other queries in a DnsTask have completed, we will compute a timeout for the
 // remaining query. The timeout will be the min of:
@@ -41,6 +56,35 @@ NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseIntegrity;
 NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimeMs;
 NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimePercent;
 
+// These parameters, respectively, are the list of experimental and control
+// domains for which we will query HTTPSSVC or INTEGRITY records. We expect
+// valid INTEGRITY results for experiment domains. We expect no INTEGRITY
+// results for control domains.
+//
+// The format of both parameters is a comma-separated list of domains.
+// Whitespace around domain names is permitted. Trailing comma is optional.
+//
+// See helper functions:
+// |dns_httpssvc_experiment::GetDnsHttpssvcExperimentDomains| and
+// |dns_httpssvc_experiment::GetDnsHttpssvcControlDomains|.
+NET_EXPORT extern const base::FeatureParam<std::string>
+    kDnsHttpssvcExperimentDomains;
+NET_EXPORT extern const base::FeatureParam<std::string>
+    kDnsHttpssvcControlDomains;
+
+// This param controls how we determine whether a domain is an experimental or
+// control domain. When false, domains must be in |kDnsHttpssvcControlDomains|
+// to be considered a control. When true, we ignore |kDnsHttpssvcControlDomains|
+// and any non-experiment domain (not in |kDnsHttpssvcExperimentDomains|) is
+// considered a control domain.
+NET_EXPORT extern const base::FeatureParam<bool>
+    kDnsHttpssvcControlDomainWildcard;
+
+namespace dns_httpssvc_experiment {
+// Get the value of |kDnsHttpssvcExtraTimeMs|.
+NET_EXPORT base::TimeDelta GetExtraTimeAbsolute();
+}  // namespace dns_httpssvc_experiment
+
 // Enables optimizing the network quality estimation algorithms in network
 // quality estimator (NQE).
 NET_EXPORT extern const base::Feature kNetworkQualityEstimator;
@@ -72,6 +116,36 @@ NET_EXPORT extern const base::Feature
 NET_EXPORT extern const base::Feature
     kPartitionSSLSessionsByNetworkIsolationKey;
 
+// Partitions Expect-CT data by NetworkIsolationKey. This only affects the
+// Expect-CT data itself. Regardless of this value, reports will be uploaded
+// using the associated NetworkIsolationKey, when one's available.
+//
+// This feature requires kPartitionConnectionsByNetworkIsolationKey,
+// kPartitionHttpServerPropertiesByNetworkIsolationKey, and
+// kPartitionConnectionsByNetworkIsolationKey to all be enabled to work.
+NET_EXPORT extern const base::Feature
+    kPartitionExpectCTStateByNetworkIsolationKey;
+
+// Enables limiting the size of Expect-CT table.
+NET_EXPORT extern const base::Feature kExpectCTPruning;
+
+// FeatureParams associated with kExpectCTPruning.
+
+// Expect-CT pruning runs when this many entries are hit.
+NET_EXPORT extern const base::FeatureParam<int> kExpectCTPruneMax;
+// The Expect-CT pruning logic attempts to reduce entries to at most this many.
+NET_EXPORT extern const base::FeatureParam<int> kExpectCTPruneMin;
+// Non-transient entries with |enforce| set are safe from being pruned if
+// they're less than this many days old, unless the number of entries exceeds
+// |kExpectCTMaxEntriesPerNik|.
+NET_EXPORT extern const base::FeatureParam<int> kExpectCTSafeFromPruneDays;
+// If, after pruning transient, non-enforced, old Expect-CT entries,
+// kExpectCTPruneMin is still exceeded, then all NetworkIsolationKeys will be
+// capped to this many entries, based on last observation date.
+NET_EXPORT extern const base::FeatureParam<int> kExpectCTMaxEntriesPerNik;
+// Minimum delay between successive prunings of Expect-CT entries, in seconds.
+NET_EXPORT extern const base::FeatureParam<int> kExpectCTPruneDelaySecs;
+
 // Enables sending TLS 1.3 Key Update messages on TLS 1.3 connections in order
 // to ensure that this corner of the spec is exercised. This is currently
 // disabled by default because we discovered incompatibilities with some
@@ -84,25 +158,6 @@ NET_EXPORT extern const base::Feature kPostQuantumCECPQ2;
 // Changes the timeout after which unused sockets idle sockets are cleaned up.
 NET_EXPORT extern const base::Feature kNetUnusedIdleSocketTimeout;
 
-// Enables the built-in resolver requesting ESNI (TLS 1.3 Encrypted
-// Server Name Indication) records alongside IPv4 and IPv6 address records
-// during DNS over HTTPS (DoH) host resolution.
-NET_EXPORT extern const base::Feature kRequestEsniDnsRecords;
-// Returns a TimeDelta of value kEsniDnsMaxAbsoluteAdditionalWaitMilliseconds
-// milliseconds (see immediately below).
-NET_EXPORT base::TimeDelta EsniDnsMaxAbsoluteAdditionalWait();
-// The following two parameters specify the amount of extra time to wait for a
-// long-running ESNI DNS transaction after the successful conclusion of
-// concurrent A and AAAA transactions. This timeout will have value
-// min{kEsniDnsMaxAbsoluteAdditionalWaitMilliseconds,
-//     (100% + kEsniDnsMaxRelativeAdditionalWaitPercent)
-//       * max{time elapsed for the concurrent A query,
-//             time elapsed for the concurrent AAAA query}}.
-NET_EXPORT extern const base::FeatureParam<int>
-    kEsniDnsMaxAbsoluteAdditionalWaitMilliseconds;
-NET_EXPORT extern const base::FeatureParam<int>
-    kEsniDnsMaxRelativeAdditionalWaitPercent;
-
 // When enabled, makes cookies without a SameSite attribute behave like
 // SameSite=Lax cookies by default, and requires SameSite=None to be specified
 // in order to make cookies available in a third-party context. When disabled,
@@ -158,12 +213,6 @@ NET_EXPORT extern const base::Feature
 NET_EXPORT extern const base::FeatureParam<int>
     kRecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds;
 
-// When enabled, blocks external requests coming from non-secure contexts. An
-// external request is a request that crosses a network boundary from a more
-// public address space into a less public address space.
-NET_EXPORT extern const base::Feature
-    kBlockExternalRequestsFromNonSecureInitiators;
-
 #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
 // When enabled, use the builtin cert verifier instead of the platform verifier.
 NET_EXPORT extern const base::Feature kCertVerifierBuiltinFeature;
@@ -192,6 +241,10 @@ NET_EXPORT extern const base::Feature kSchemefulSameSite;
 // those algorithms. If disabled, the algorithms will always be offered.
 NET_EXPORT extern const base::Feature kTLSLegacyCryptoFallbackForMetrics;
 
+// When enabled, DNS_PROBE_FINISHED_NXDOMAIN error pages may show
+// locally-generated suggestions to visit similar domains.
+NET_EXPORT extern const base::Feature kUseLookalikesForNavigationSuggestions;
+
 }  // namespace features
 }  // namespace net