• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2018 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/base/features.h"
6 
7 #include <vector>
8 
9 #include "base/feature_list.h"
10 #include "build/build_config.h"
11 #include "net/net_buildflags.h"
12 
13 namespace net::features {
14 
15 BASE_FEATURE(kAlpsForHttp2, "AlpsForHttp2", base::FEATURE_ENABLED_BY_DEFAULT);
16 
17 BASE_FEATURE(kAvoidH2Reprioritization,
18              "AvoidH2Reprioritization",
19              base::FEATURE_DISABLED_BY_DEFAULT);
20 
21 BASE_FEATURE(kCapReferrerToOriginOnCrossOrigin,
22              "CapReferrerToOriginOnCrossOrigin",
23              base::FEATURE_DISABLED_BY_DEFAULT);
24 
25 BASE_FEATURE(kDnsTransactionDynamicTimeouts,
26              "DnsTransactionDynamicTimeouts",
27              base::FEATURE_DISABLED_BY_DEFAULT);
28 
29 const base::FeatureParam<double> kDnsTransactionTimeoutMultiplier{
30     &kDnsTransactionDynamicTimeouts, "DnsTransactionTimeoutMultiplier", 7.5};
31 
32 const base::FeatureParam<base::TimeDelta> kDnsMinTransactionTimeout{
33     &kDnsTransactionDynamicTimeouts, "DnsMinTransactionTimeout",
34     base::Seconds(12)};
35 
36 BASE_FEATURE(kUseDnsHttpsSvcb,
37              "UseDnsHttpsSvcb",
38              base::FEATURE_ENABLED_BY_DEFAULT);
39 
40 const base::FeatureParam<bool> kUseDnsHttpsSvcbEnforceSecureResponse{
41     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbEnforceSecureResponse", false};
42 
43 const base::FeatureParam<base::TimeDelta> kUseDnsHttpsSvcbInsecureExtraTimeMax{
44     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbInsecureExtraTimeMax",
45     base::Milliseconds(50)};
46 
47 const base::FeatureParam<int> kUseDnsHttpsSvcbInsecureExtraTimePercent{
48     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbInsecureExtraTimePercent", 20};
49 
50 const base::FeatureParam<base::TimeDelta> kUseDnsHttpsSvcbInsecureExtraTimeMin{
51     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbInsecureExtraTimeMin",
52     base::Milliseconds(5)};
53 
54 const base::FeatureParam<base::TimeDelta> kUseDnsHttpsSvcbSecureExtraTimeMax{
55     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbSecureExtraTimeMax",
56     base::Milliseconds(50)};
57 
58 const base::FeatureParam<int> kUseDnsHttpsSvcbSecureExtraTimePercent{
59     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbSecureExtraTimePercent", 20};
60 
61 const base::FeatureParam<base::TimeDelta> kUseDnsHttpsSvcbSecureExtraTimeMin{
62     &kUseDnsHttpsSvcb, "UseDnsHttpsSvcbSecureExtraTimeMin",
63     base::Milliseconds(5)};
64 
65 BASE_FEATURE(kUseDnsHttpsSvcbAlpn,
66              "UseDnsHttpsSvcbAlpn",
67              base::FEATURE_DISABLED_BY_DEFAULT);
68 
69 BASE_FEATURE(kSHA1ServerSignature,
70              "SHA1ServerSignature",
71              base::FEATURE_ENABLED_BY_DEFAULT);
72 
73 BASE_FEATURE(kEnableTLS13EarlyData,
74              "EnableTLS13EarlyData",
75              base::FEATURE_DISABLED_BY_DEFAULT);
76 
77 BASE_FEATURE(kEncryptedClientHello,
78              "EncryptedClientHello",
79              base::FEATURE_DISABLED_BY_DEFAULT);
80 
81 BASE_FEATURE(kEncryptedClientHelloQuic,
82              "EncryptedClientHelloQuic",
83              base::FEATURE_DISABLED_BY_DEFAULT);
84 
85 BASE_FEATURE(kNetworkQualityEstimator,
86              "NetworkQualityEstimator",
87              base::FEATURE_DISABLED_BY_DEFAULT);
88 
89 BASE_FEATURE(kSplitCacheByIncludeCredentials,
90              "SplitCacheByIncludeCredentials",
91              base::FEATURE_DISABLED_BY_DEFAULT);
92 
93 BASE_FEATURE(kSplitCacheByNetworkIsolationKey,
94              "SplitCacheByNetworkIsolationKey",
95              base::FEATURE_DISABLED_BY_DEFAULT);
96 
97 BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey,
98              "SplitCodeCacheByNetworkIsolationKey",
99              base::FEATURE_DISABLED_BY_DEFAULT);
100 
101 BASE_FEATURE(kSplitHostCacheByNetworkIsolationKey,
102              "SplitHostCacheByNetworkIsolationKey",
103              base::FEATURE_DISABLED_BY_DEFAULT);
104 
105 BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey,
106              "PartitionConnectionsByNetworkIsolationKey",
107              base::FEATURE_DISABLED_BY_DEFAULT);
108 
109 BASE_FEATURE(kPartitionHttpServerPropertiesByNetworkIsolationKey,
110              "PartitionHttpServerPropertiesByNetworkIsolationKey",
111              base::FEATURE_DISABLED_BY_DEFAULT);
112 
113 BASE_FEATURE(kPartitionSSLSessionsByNetworkIsolationKey,
114              "PartitionSSLSessionsByNetworkIsolationKey",
115              base::FEATURE_DISABLED_BY_DEFAULT);
116 
117 BASE_FEATURE(kPartitionNelAndReportingByNetworkIsolationKey,
118              "PartitionNelAndReportingByNetworkIsolationKey",
119              base::FEATURE_DISABLED_BY_DEFAULT);
120 
121 BASE_FEATURE(kEnableCrossSiteFlagNetworkIsolationKey,
122              "EnableCrossSiteFlagNetworkIsolationKey",
123              base::FEATURE_DISABLED_BY_DEFAULT);
124 
125 BASE_FEATURE(kTLS13KeyUpdate,
126              "TLS13KeyUpdate",
127              base::FEATURE_DISABLED_BY_DEFAULT);
128 
129 BASE_FEATURE(kPermuteTLSExtensions,
130              "PermuteTLSExtensions",
131              base::FEATURE_ENABLED_BY_DEFAULT);
132 
133 BASE_FEATURE(kPostQuantumKyber,
134              "PostQuantumKyber",
135              base::FEATURE_DISABLED_BY_DEFAULT);
136 
137 BASE_FEATURE(kNetUnusedIdleSocketTimeout,
138              "NetUnusedIdleSocketTimeout",
139              base::FEATURE_DISABLED_BY_DEFAULT);
140 
141 BASE_FEATURE(kShortLaxAllowUnsafeThreshold,
142              "ShortLaxAllowUnsafeThreshold",
143              base::FEATURE_DISABLED_BY_DEFAULT);
144 
145 BASE_FEATURE(kSameSiteDefaultChecksMethodRigorously,
146              "SameSiteDefaultChecksMethodRigorously",
147              base::FEATURE_DISABLED_BY_DEFAULT);
148 
149 #if BUILDFLAG(TRIAL_COMPARISON_CERT_VERIFIER_SUPPORTED)
150 // Enables the dual certificate verification trial feature.
151 // https://crbug.com/649026
152 BASE_FEATURE(kCertDualVerificationTrialFeature,
153              "CertDualVerificationTrial",
154              base::FEATURE_DISABLED_BY_DEFAULT);
155 #endif
156 
157 #if BUILDFLAG(CHROME_ROOT_STORE_OPTIONAL)
158 BASE_FEATURE(kChromeRootStoreUsed,
159              "ChromeRootStoreUsed",
160              base::FEATURE_DISABLED_BY_DEFAULT);
161 #endif  // BUILDFLAG(CHROME_ROOT_STORE_OPTIONAL)
162 
163 #if BUILDFLAG(IS_MAC) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN)
164 BASE_FEATURE(kTrustStoreTrustedLeafSupport,
165              "TrustStoreTrustedLeafSupport",
166              base::FEATURE_ENABLED_BY_DEFAULT);
167 #endif
168 
169 BASE_FEATURE(kTurnOffStreamingMediaCachingOnBattery,
170              "TurnOffStreamingMediaCachingOnBattery",
171              base::FEATURE_DISABLED_BY_DEFAULT);
172 
173 BASE_FEATURE(kTurnOffStreamingMediaCachingAlways,
174              "TurnOffStreamingMediaCachingAlways",
175              base::FEATURE_DISABLED_BY_DEFAULT);
176 
177 BASE_FEATURE(kSchemefulSameSite,
178              "SchemefulSameSite",
179              base::FEATURE_ENABLED_BY_DEFAULT);
180 
181 BASE_FEATURE(kLimitOpenUDPSockets,
182              "LimitOpenUDPSockets",
183              base::FEATURE_ENABLED_BY_DEFAULT);
184 
185 extern const base::FeatureParam<int> kLimitOpenUDPSocketsMax(
186     &kLimitOpenUDPSockets,
187     "LimitOpenUDPSocketsMax",
188     6000);
189 
190 BASE_FEATURE(kTimeoutTcpConnectAttempt,
191              "TimeoutTcpConnectAttempt",
192              base::FEATURE_DISABLED_BY_DEFAULT);
193 
194 extern const base::FeatureParam<double> kTimeoutTcpConnectAttemptRTTMultiplier(
195     &kTimeoutTcpConnectAttempt,
196     "TimeoutTcpConnectAttemptRTTMultiplier",
197     5.0);
198 
199 extern const base::FeatureParam<base::TimeDelta> kTimeoutTcpConnectAttemptMin(
200     &kTimeoutTcpConnectAttempt,
201     "TimeoutTcpConnectAttemptMin",
202     base::Seconds(8));
203 
204 extern const base::FeatureParam<base::TimeDelta> kTimeoutTcpConnectAttemptMax(
205     &kTimeoutTcpConnectAttempt,
206     "TimeoutTcpConnectAttemptMax",
207     base::Seconds(30));
208 
209 #if BUILDFLAG(ENABLE_REPORTING)
210 BASE_FEATURE(kDocumentReporting,
211              "DocumentReporting",
212              base::FEATURE_ENABLED_BY_DEFAULT);
213 #endif  // BUILDFLAG(ENABLE_REPORTING)
214 
215 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
216 BASE_FEATURE(kUdpSocketPosixAlwaysUpdateBytesReceived,
217              "UdpSocketPosixAlwaysUpdateBytesReceived",
218              base::FEATURE_ENABLED_BY_DEFAULT);
219 #endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
220 
221 BASE_FEATURE(kCookieSameSiteConsidersRedirectChain,
222              "CookieSameSiteConsidersRedirectChain",
223              base::FEATURE_DISABLED_BY_DEFAULT);
224 
225 BASE_FEATURE(kSamePartyAttributeEnabled,
226              "SamePartyAttributeEnabled",
227              base::FEATURE_DISABLED_BY_DEFAULT);
228 
229 BASE_FEATURE(kPartitionedCookies,
230              "PartitionedCookies",
231              base::FEATURE_ENABLED_BY_DEFAULT);
232 
233 BASE_FEATURE(kNoncedPartitionedCookies,
234              "NoncedPartitionedCookies",
235              base::FEATURE_ENABLED_BY_DEFAULT);
236 
237 BASE_FEATURE(kClampCookieExpiryTo400Days,
238              "ClampCookieExpiryTo400Days",
239              base::FEATURE_ENABLED_BY_DEFAULT);
240 
241 BASE_FEATURE(kStaticKeyPinningEnforcement,
242              "StaticKeyPinningEnforcement",
243              base::FEATURE_ENABLED_BY_DEFAULT);
244 
245 BASE_FEATURE(kCookieDomainRejectNonASCII,
246              "CookieDomainRejectNonASCII",
247              base::FEATURE_DISABLED_BY_DEFAULT);
248 
249 BASE_FEATURE(kBlockSetCookieHeader,
250              "BlockSetCookieHeader",
251              base::FEATURE_ENABLED_BY_DEFAULT);
252 
253 // Enables partitioning of third party storage (IndexedDB, CacheStorage, etc.)
254 // by the top level site to reduce fingerprinting.
255 BASE_FEATURE(kThirdPartyStoragePartitioning,
256              "ThirdPartyStoragePartitioning",
257              base::FEATURE_DISABLED_BY_DEFAULT);
258 // Whether to use the new code paths needed to support partitioning Blob URLs.
259 // This exists as a kill-switch in case an issue is identified with the Blob
260 // URL implementation that causes breakage.
261 // TODO(https://crbug.com/1407944): Kill-switch activated - investigate cause of
262 // increased renderer hangs.
263 BASE_FEATURE(kSupportPartitionedBlobUrl,
264              "SupportPartitionedBlobUrl",
265              base::FEATURE_DISABLED_BY_DEFAULT);
266 
267 BASE_FEATURE(kAlpsParsing, "AlpsParsing", base::FEATURE_ENABLED_BY_DEFAULT);
268 
269 BASE_FEATURE(kAlpsClientHintParsing,
270              "AlpsClientHintParsing",
271              base::FEATURE_ENABLED_BY_DEFAULT);
272 
273 BASE_FEATURE(kShouldKillSessionOnAcceptChMalformed,
274              "ShouldKillSessionOnAcceptChMalformed",
275              base::FEATURE_DISABLED_BY_DEFAULT);
276 
277 BASE_FEATURE(kCaseInsensitiveCookiePrefix,
278              "CaseInsensitiveCookiePrefix",
279              base::FEATURE_ENABLED_BY_DEFAULT);
280 
281 BASE_FEATURE(kEnableWebsocketsOverHttp3,
282              "EnableWebsocketsOverHttp3",
283              base::FEATURE_DISABLED_BY_DEFAULT);
284 
285 BASE_FEATURE(kUseNAT64ForIPv4Literal,
286              "UseNAT64ForIPv4Literal",
287              base::FEATURE_ENABLED_BY_DEFAULT);
288 
289 BASE_FEATURE(kBlockNewForbiddenHeaders,
290              "BlockNewForbiddenHeaders",
291              base::FEATURE_ENABLED_BY_DEFAULT);
292 
293 #if BUILDFLAG(IS_WIN)
294 BASE_FEATURE(kPlatformKeyProbeSHA256,
295              "PlatformKeyProbeSHA256",
296              base::FEATURE_ENABLED_BY_DEFAULT);
297 #endif
298 
299 // Enable support for HTTP extensible priorities (RFC 9218)
300 BASE_FEATURE(kPriorityIncremental,
301              "PriorityIncremental",
302              base::FEATURE_ENABLED_BY_DEFAULT);
303 
304 // Prefetch to follow normal semantics instead of 5-minute rule
305 // https://crbug.com/1345207
306 BASE_FEATURE(kPrefetchFollowsNormalCacheSemantics,
307              "PrefetchFollowsNormalCacheSemantics",
308              base::FEATURE_DISABLED_BY_DEFAULT);
309 
310 // A flag for new Kerberos feature, that suggests new UI
311 // when Kerberos authentication in browser fails on ChromeOS.
312 // b/260522530
313 #if BUILDFLAG(IS_CHROMEOS)
314 BASE_FEATURE(kKerberosInBrowserRedirect,
315              "KerberosInBrowserRedirect",
316              base::FEATURE_DISABLED_BY_DEFAULT);
317 #endif
318 
319 // A flag to use asynchronous session creation for new QUIC sessions.
320 BASE_FEATURE(kAsyncQuicSession,
321              "AsyncQuicSession",
322              base::FEATURE_DISABLED_BY_DEFAULT);
323 
324 // IP protection experiment configuration settings
325 BASE_FEATURE(kEnableIpProtectionProxy,
326              "EnableIpPrivacyProxy",
327              base::FEATURE_DISABLED_BY_DEFAULT);
328 
329 const base::FeatureParam<std::string> kIpPrivacyProxyServer{
330     &kEnableIpProtectionProxy, /*name=*/"IpPrivacyProxyServer",
331     /*default_value=*/""};
332 
333 const base::FeatureParam<std::string> kIpPrivacyProxyAllowlist{
334     &kEnableIpProtectionProxy, /*name=*/"IpPrivacyProxyAllowlist",
335     /*default_value=*/""};
336 
337 // Network-change migration requires NetworkHandle support, which are currently
338 // only supported on Android (see
339 // NetworkChangeNotifier::AreNetworkHandlesSupported).
340 #if BUILDFLAG(IS_ANDROID)
341 inline constexpr auto kMigrateSessionsOnNetworkChangeV2Default =
342     base::FEATURE_ENABLED_BY_DEFAULT;
343 #else   // !BUILDFLAG(IS_ANDROID)
344 inline constexpr auto kMigrateSessionsOnNetworkChangeV2Default =
345     base::FEATURE_DISABLED_BY_DEFAULT;
346 #endif  // BUILDFLAG(IS_ANDROID)
347 BASE_FEATURE(kMigrateSessionsOnNetworkChangeV2,
348              "MigrateSessionsOnNetworkChangeV2",
349              kMigrateSessionsOnNetworkChangeV2Default);
350 
351 #if BUILDFLAG(IS_LINUX)
352 BASE_FEATURE(kAddressTrackerLinuxIsProxied,
353              "AddressTrackerLinuxIsProxied",
354              base::FEATURE_ENABLED_BY_DEFAULT);
355 #endif  // BUILDFLAG(IS_LINUX)
356 
357 }  // namespace net::features
358