net/base/features.h

*6777b538SAndroid Build Coastguard Worker// Copyright 2018 The Chromium Authors
*6777b538SAndroid Build Coastguard Worker// Use of this source code is governed by a BSD-style license that can be
*6777b538SAndroid Build Coastguard Worker// found in the LICENSE file.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#ifndef NET_BASE_FEATURES_H_
*6777b538SAndroid Build Coastguard Worker#define NET_BASE_FEATURES_H_
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#include <string>
*6777b538SAndroid Build Coastguard Worker#include <string_view>
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#include "base/feature_list.h"
*6777b538SAndroid Build Coastguard Worker#include "base/metrics/field_trial_params.h"
*6777b538SAndroid Build Coastguard Worker#include "base/time/time.h"
*6777b538SAndroid Build Coastguard Worker#include "build/build_config.h"
*6777b538SAndroid Build Coastguard Worker#include "crypto/crypto_buildflags.h"
*6777b538SAndroid Build Coastguard Worker#include "net/base/net_export.h"
*6777b538SAndroid Build Coastguard Worker#include "net/net_buildflags.h"
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Workernamespace net::features {
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables ALPS extension of TLS 1.3 for HTTP/2, see
*6777b538SAndroid Build Coastguard Worker// https://vasilvv.github.io/tls-alps/draft-vvv-tls-alps.html and
*6777b538SAndroid Build Coastguard Worker// https://vasilvv.github.io/httpbis-alps/draft-vvv-httpbis-alps.html.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAlpsForHttp2);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Disable H2 reprioritization, in order to measure its impact.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAvoidH2Reprioritization);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When kCapReferrerToOriginOnCrossOrigin is enabled, HTTP referrers on cross-
*6777b538SAndroid Build Coastguard Worker// origin requests are restricted to contain at most the source origin.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kCapReferrerToOriginOnCrossOrigin);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables the built-in DNS resolver.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAsyncDns);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Support for altering the parameters used for DNS transaction timeout. See
*6777b538SAndroid Build Coastguard Worker// ResolveContext::SecureTransactionTimeout().
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kDnsTransactionDynamicTimeouts);
*6777b538SAndroid Build Coastguard Worker// Multiplier applied to current fallback periods in determining a transaction
*6777b538SAndroid Build Coastguard Worker// timeout.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<double>
*6777b538SAndroid Build Coastguard Worker    kDnsTransactionTimeoutMultiplier;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kDnsMinTransactionTimeout;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables querying HTTPS DNS records that will affect results from HostResolver
*6777b538SAndroid Build Coastguard Worker// and may be used to affect connection behavior. Whether or not those results
*6777b538SAndroid Build Coastguard Worker// are used (e.g. to connect via ECH) may be controlled by separate features.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseDnsHttpsSvcb);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Param to control whether or not HostResolver, when using Secure DNS, will
*6777b538SAndroid Build Coastguard Worker// fail the entire connection attempt when receiving an inconclusive response to
*6777b538SAndroid Build Coastguard Worker// an HTTPS query (anything except transport error, timeout, or SERVFAIL). Used
*6777b538SAndroid Build Coastguard Worker// to prevent certain downgrade attacks against ECH behavior.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbEnforceSecureResponse;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If we are still waiting for an HTTPS transaction after all the
*6777b538SAndroid Build Coastguard Worker// other transactions in an insecure DnsTask have completed, we will compute a
*6777b538SAndroid Build Coastguard Worker// timeout for the remaining transaction. The timeout will be
*6777b538SAndroid Build Coastguard Worker// `kUseDnsHttpsSvcbInsecureExtraTimePercent.Get() / 100 * t`, where `t` is the
*6777b538SAndroid Build Coastguard Worker// time delta since the first query began. And the timeout will additionally be
*6777b538SAndroid Build Coastguard Worker// clamped by:
*6777b538SAndroid Build Coastguard Worker//   (a) `kUseDnsHttpsSvcbInsecureExtraTimeMin.Get()`
*6777b538SAndroid Build Coastguard Worker//   (b) `kUseDnsHttpsSvcbInsecureExtraTimeMax.Get()`
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// Any param is ignored if zero, and if one of min/max is non-zero with a zero
*6777b538SAndroid Build Coastguard Worker// percent param it will be used as an absolute timeout. If all are zero, there
*6777b538SAndroid Build Coastguard Worker// is no timeout specific to HTTPS transactions, only the regular DNS query
*6777b538SAndroid Build Coastguard Worker// timeout and server fallback.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbInsecureExtraTimeMax;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbInsecureExtraTimePercent;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbInsecureExtraTimeMin;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Same as `kUseDnsHttpsSvcbInsecureExtraTime...` except for secure DnsTasks.
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// If `kUseDnsHttpsSvcbEnforceSecureResponse` is enabled, the timeouts will not
*6777b538SAndroid Build Coastguard Worker// be used because there is no sense killing a transaction early if that will
*6777b538SAndroid Build Coastguard Worker// just kill the entire request.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbSecureExtraTimeMax;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbSecureExtraTimePercent;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kUseDnsHttpsSvcbSecureExtraTimeMin;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Update protocol using ALPN information in HTTPS DNS records.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseDnsHttpsSvcbAlpn);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If enabled, HostResolver will use the new HostResolverCache that separately
*6777b538SAndroid Build Coastguard Worker// caches by DNS type, unlike the old HostCache that always cached by merged
*6777b538SAndroid Build Coastguard Worker// request results. May enable related behavior such as separately sorting DNS
*6777b538SAndroid Build Coastguard Worker// results after each transaction rather than sorting collectively after all
*6777b538SAndroid Build Coastguard Worker// transactions complete.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseHostResolverCache);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables the DNS ServiceEndpointRequest API, which provides intermediate
*6777b538SAndroid Build Coastguard Worker// service endpoints in the middle of a DNS transaction so that clients of this
*6777b538SAndroid Build Coastguard Worker// API can attempt connections as soon as candidate endpoints are available.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseServiceEndpointRequest);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If the `kUseAlternativePortForGloballyReachableCheck` flag is enabled, the
*6777b538SAndroid Build Coastguard Worker// globally reachable check will use the port number specified by
*6777b538SAndroid Build Coastguard Worker// `kAlternativePortForGloballyReachableCheck` flag. Otherwise, the globally
*6777b538SAndroid Build Coastguard Worker// reachable check will use 443 port.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int>
*6777b538SAndroid Build Coastguard Worker    kAlternativePortForGloballyReachableCheck;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseAlternativePortForGloballyReachableCheck);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If enabled, overrides IPv6 reachability probe results based on the system's
*6777b538SAndroid Build Coastguard Worker// IP addresses.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableIPv6ReachabilityOverride);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables TLS 1.3 early data.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableTLS13EarlyData);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables optimizing the network quality estimation algorithms in network
*6777b538SAndroid Build Coastguard Worker// quality estimator (NQE).
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kNetworkQualityEstimator);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Splits cache entries by the request's includeCredentials.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSplitCacheByIncludeCredentials);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Splits cache entries by the request's NetworkIsolationKey if one is
*6777b538SAndroid Build Coastguard Worker// available.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSplitCacheByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Splits the generated code cache by the request's NetworkIsolationKey if one
*6777b538SAndroid Build Coastguard Worker// is available. Note that this feature is also gated behind
*6777b538SAndroid Build Coastguard Worker// `net::HttpCache::IsSplitCacheEnabled()`.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSplitCodeCacheByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Splits host cache entries by the DNS request's NetworkAnonymizationKey if one
*6777b538SAndroid Build Coastguard Worker// is available. Also prevents merging live DNS lookups when there is a NAK
*6777b538SAndroid Build Coastguard Worker// mismatch.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSplitHostCacheByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Partitions connections based on the NetworkAnonymizationKey associated with a
*6777b538SAndroid Build Coastguard Worker// request.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPartitionConnectionsByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Partitions HttpServerProperties based on the NetworkAnonymizationKey
*6777b538SAndroid Build Coastguard Worker// associated with a request.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(
*6777b538SAndroid Build Coastguard Worker    kPartitionHttpServerPropertiesByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Partitions TLS sessions and QUIC server configs based on the
*6777b538SAndroid Build Coastguard Worker// NetworkAnonymizationKey associated with a request.
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// This feature requires kPartitionConnectionsByNetworkIsolationKey to be
*6777b538SAndroid Build Coastguard Worker// enabled to work.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPartitionSSLSessionsByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Partitions Network Error Logging and Reporting API data by
*6777b538SAndroid Build Coastguard Worker// NetworkAnonymizationKey. Also partitions all reports generated by other
*6777b538SAndroid Build Coastguard Worker// consumers of the reporting API. Applies the NetworkAnonymizationKey to
*6777b538SAndroid Build Coastguard Worker// reports uploads as well.
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// When disabled, the main entry points of the reporting and NEL services ignore
*6777b538SAndroid Build Coastguard Worker// NetworkAnonymizationKey parameters, and they're cleared while loading from
*6777b538SAndroid Build Coastguard Worker// the cache, but internal objects can be created with them (e.g., endpoints),
*6777b538SAndroid Build Coastguard Worker// for testing.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPartitionNelAndReportingByNetworkIsolationKey);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Creates a <double key + is_cross_site> NetworkIsolationKey which is used
*6777b538SAndroid Build Coastguard Worker// to partition the HTTP cache. This key will have the following properties:
*6777b538SAndroid Build Coastguard Worker// `top_frame_site_` -> the schemeful site of the top level page.
*6777b538SAndroid Build Coastguard Worker// `frame_site_` -> std::nullopt.
*6777b538SAndroid Build Coastguard Worker// `is_cross_site_` -> a boolean indicating whether the frame site is
*6777b538SAndroid Build Coastguard Worker// schemefully cross-site from the top-level site.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableCrossSiteFlagNetworkIsolationKey);
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(
*6777b538SAndroid Build Coastguard Worker    kEnableFrameSiteSharedOpaqueNetworkIsolationKey);
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kHttpCacheKeyingExperimentControlGroup);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables sending TLS 1.3 Key Update messages on TLS 1.3 connections in order
*6777b538SAndroid Build Coastguard Worker// to ensure that this corner of the spec is exercised. This is currently
*6777b538SAndroid Build Coastguard Worker// disabled by default because we discovered incompatibilities with some
*6777b538SAndroid Build Coastguard Worker// servers.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTLS13KeyUpdate);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables permuting TLS extensions in the ClientHello, to reduce the risk of
*6777b538SAndroid Build Coastguard Worker// non-compliant servers ossifying parts of the ClientHello and interfering with
*6777b538SAndroid Build Coastguard Worker// deployment of future security improvements.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPermuteTLSExtensions);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables Kyber-based post-quantum key-agreements in TLS 1.3 connections.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPostQuantumKyber);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Changes the timeout after which unused sockets idle sockets are cleaned up.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kNetUnusedIdleSocketTimeout);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, the time threshold for Lax-allow-unsafe cookies will be lowered
*6777b538SAndroid Build Coastguard Worker// from 2 minutes to 10 seconds. This time threshold refers to the age cutoff
*6777b538SAndroid Build Coastguard Worker// for which cookies that default into SameSite=Lax, which are newer than the
*6777b538SAndroid Build Coastguard Worker// threshold, will be sent with any top-level cross-site navigation regardless
*6777b538SAndroid Build Coastguard Worker// of HTTP method (i.e. allowing unsafe methods). This is a convenience for
*6777b538SAndroid Build Coastguard Worker// integration tests which may want to test behavior of cookies older than the
*6777b538SAndroid Build Coastguard Worker// threshold, but which would not be practical to run for 2 minutes.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kShortLaxAllowUnsafeThreshold);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, the SameSite by default feature does not add the
*6777b538SAndroid Build Coastguard Worker// "Lax-allow-unsafe" behavior. Any cookies that do not specify a SameSite
*6777b538SAndroid Build Coastguard Worker// attribute will be treated as Lax only, i.e. POST and other unsafe HTTP
*6777b538SAndroid Build Coastguard Worker// methods will not be allowed at all for top-level cross-site navigations.
*6777b538SAndroid Build Coastguard Worker// This only has an effect if the cookie defaults to SameSite=Lax.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSameSiteDefaultChecksMethodRigorously);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, bssl::TrustStore implementations will use TRUSTED_LEAF,
*6777b538SAndroid Build Coastguard Worker// TRUSTED_ANCHOR_OR_LEAF, and TRUSTED_ANCHOR as appropriate. When disabled,
*6777b538SAndroid Build Coastguard Worker// bssl::TrustStore implementation will only use TRUSTED_ANCHOR.
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/1403034): remove this a few milestones after the
*6777b538SAndroid Build Coastguard Worker// trusted leaf support has been launched on all relevant platforms.
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_MAC) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN)
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTrustStoreTrustedLeafSupport);
*6777b538SAndroid Build Coastguard Worker#endif
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Turns off streaming media caching to disk when on battery power.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTurnOffStreamingMediaCachingOnBattery);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Turns off streaming media caching to disk always.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTurnOffStreamingMediaCachingAlways);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled this feature will cause same-site calculations to take into
*6777b538SAndroid Build Coastguard Worker// account the scheme of the site-for-cookies and the request/response url.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSchemefulSameSite);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables a process-wide limit on "open" UDP sockets. See
*6777b538SAndroid Build Coastguard Worker// udp_socket_global_limits.h for details on what constitutes an "open" socket.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kLimitOpenUDPSockets);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// FeatureParams associated with kLimitOpenUDPSockets.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the maximum allowed open UDP sockets. Provisioning more sockets than
*6777b538SAndroid Build Coastguard Worker// this will result in a failure (ERR_INSUFFICIENT_RESOURCES).
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int> kLimitOpenUDPSocketsMax;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables a timeout on individual TCP connect attempts, based on
*6777b538SAndroid Build Coastguard Worker// the parameter values.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTimeoutTcpConnectAttempt);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// FeatureParams associated with kTimeoutTcpConnectAttempt.
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When there is an estimated RTT available, the experimental TCP connect
*6777b538SAndroid Build Coastguard Worker// attempt timeout is calculated as:
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker//  clamp(kTimeoutTcpConnectAttemptMin,
*6777b538SAndroid Build Coastguard Worker//        kTimeoutTcpConnectAttemptMax,
*6777b538SAndroid Build Coastguard Worker//        <Estimated RTT> * kTimeoutTcpConnectAttemptRTTMultiplier);
*6777b538SAndroid Build Coastguard Worker//
*6777b538SAndroid Build Coastguard Worker// Otherwise the TCP connect attempt timeout is set to
*6777b538SAndroid Build Coastguard Worker// kTimeoutTcpConnectAttemptMax.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<double>
*6777b538SAndroid Build Coastguard Worker    kTimeoutTcpConnectAttemptRTTMultiplier;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kTimeoutTcpConnectAttemptMin;
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kTimeoutTcpConnectAttemptMax;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(ENABLE_REPORTING)
*6777b538SAndroid Build Coastguard Worker// When enabled this feature will allow a new Reporting-Endpoints header to
*6777b538SAndroid Build Coastguard Worker// configure reporting endpoints for report delivery. This is used to support
*6777b538SAndroid Build Coastguard Worker// the new Document Reporting spec.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kDocumentReporting);
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(ENABLE_REPORTING)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
*6777b538SAndroid Build Coastguard Worker// When enabled, UDPSocketPosix increments the global counter of bytes received
*6777b538SAndroid Build Coastguard Worker// every time bytes are received, instead of using a timer to batch updates.
*6777b538SAndroid Build Coastguard Worker// This should reduce the number of wake ups and improve battery consumption.
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/1189805): Cleanup the feature after verifying that it
*6777b538SAndroid Build Coastguard Worker// doesn't negatively affect performance.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUdpSocketPosixAlwaysUpdateBytesReceived);
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When this feature is enabled, redirected requests will be considered
*6777b538SAndroid Build Coastguard Worker// cross-site for the purpose of SameSite cookies if any redirect hop was
*6777b538SAndroid Build Coastguard Worker// cross-site to the target URL, even if the original initiator of the
*6777b538SAndroid Build Coastguard Worker// redirected request was same-site with the target URL (and the
*6777b538SAndroid Build Coastguard Worker// site-for-cookies).
*6777b538SAndroid Build Coastguard Worker// See spec changes in https://github.com/httpwg/http-extensions/pull/1348
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kCookieSameSiteConsidersRedirectChain);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When this feature is enabled, the network service will wait until First-Party
*6777b538SAndroid Build Coastguard Worker// Sets are initialized before issuing requests that use the HTTP cache or
*6777b538SAndroid Build Coastguard Worker// cookies.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kWaitForFirstPartySetsInit);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Controls the maximum time duration an outermost frame navigation should be
*6777b538SAndroid Build Coastguard Worker// deferred by RWS initialization.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kWaitForFirstPartySetsInitNavigationThrottleTimeout;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, a cross-site ancestor chain bit is included in the partition
*6777b538SAndroid Build Coastguard Worker// key in partitioned cookies.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAncestorChainBitEnabledInPartitionedCookies);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, cookie-related code will treat cookies containing '\0', '\r',
*6777b538SAndroid Build Coastguard Worker// and '\n' as invalid and reject the cookie.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kBlockTruncatedCookies);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Controls whether static key pinning is enforced.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kStaticKeyPinningEnforcement);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// When enabled, cookies with a non-ASCII domain attribute will be rejected.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kCookieDomainRejectNonASCII);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kThirdPartyStoragePartitioning);
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSupportPartitionedBlobUrl);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Feature to enable consideration of 3PC deprecation trial settings.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTpcdTrialSettings);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Feature to enable consideration of top-level 3PC deprecation trial settings.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTopLevelTpcdTrialSettings);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether to enable the use of 3PC based on 3PCD metadata grants delivered via
*6777b538SAndroid Build Coastguard Worker// component updater.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTpcdMetadataGrants);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether to enable staged rollback of the TPCD Metadata Entries.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTpcdMetadataStagedRollback);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether ALPS parsing is on for any type of frame.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAlpsParsing);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether ALPS parsing is on for client hint parsing specifically.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAlpsClientHintParsing);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether to kill the session on Error::kAcceptChMalformed.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kShouldKillSessionOnAcceptChMalformed);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kCaseInsensitiveCookiePrefix);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableWebsocketsOverHttp3);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether to do IPv4 to IPv6 address translation for IPv4 literals.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseNAT64ForIPv4Literal);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether to block newly added forbidden headers (https://crbug.com/1362331).
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kBlockNewForbiddenHeaders);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_WIN)
*6777b538SAndroid Build Coastguard Worker// Whether to probe for SHA-256 on some legacy platform keys, before assuming
*6777b538SAndroid Build Coastguard Worker// the key requires SHA-1. See SSLPlatformKeyWin for details.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPlatformKeyProbeSHA256);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether or not to use the GetNetworkConnectivityHint API on modern Windows
*6777b538SAndroid Build Coastguard Worker// versions for the Network Change Notifier.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableGetNetworkConnectivityHintAPI);
*6777b538SAndroid Build Coastguard Worker#endif
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Prefetch to follow normal semantics instead of 5-minute rule
*6777b538SAndroid Build Coastguard Worker// https://crbug.com/1345207
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPrefetchFollowsNormalCacheSemantics);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// A flag for new Kerberos feature, that suggests new UI
*6777b538SAndroid Build Coastguard Worker// when Kerberos authentication in browser fails on ChromeOS.
*6777b538SAndroid Build Coastguard Worker// b/260522530
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_CHROMEOS)
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kKerberosInBrowserRedirect);
*6777b538SAndroid Build Coastguard Worker#endif
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// A flag to use asynchronous session creation for new QUIC sessions.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAsyncQuicSession);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// A flag to make multiport context creation asynchronous.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAsyncMultiPortPath);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables custom proxy configuration for the IP Protection experimental proxy.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableIpProtectionProxy);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the name of the IP protection auth token server.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string> kIpPrivacyTokenServer;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the path component of the IP protection auth token server URL used for
*6777b538SAndroid Build Coastguard Worker// getting initial token signing data.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyTokenServerGetInitialDataPath;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the path component of the IP protection auth token server URL used for
*6777b538SAndroid Build Coastguard Worker// getting blind-signed tokens.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyTokenServerGetTokensPath;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the path component of the IP protection auth token server URL used for
*6777b538SAndroid Build Coastguard Worker// getting proxy configuration.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyTokenServerGetProxyConfigPath;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the batch size to fetch new auth tokens for IP protection.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyAuthTokenCacheBatchSize;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the cache low-water-mark for auth tokens for IP protection.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<int>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyAuthTokenCacheLowWaterMark;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the normal time between fetches of the IP protection proxy list.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyProxyListFetchInterval;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Sets the minimum time between fetches of the IP protection proxy list, such
*6777b538SAndroid Build Coastguard Worker// as when a re-fetch is forced due to an error.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyProxyListMinFetchInterval;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Overrides the ProxyA hostname normally set by the proxylist fetch.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyProxyAHostnameOverride;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Overrides the ProxyB hostname normally set by the proxylist fetch.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyProxyBHostnameOverride;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Controls whether IP Protection _proxying_ is bypassed by not including any
*6777b538SAndroid Build Coastguard Worker// of the proxies in the proxy list. This supports experimental comparison of
*6777b538SAndroid Build Coastguard Worker// connections that _would_ have been proxied, but were not.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool> kIpPrivacyDirectOnly;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// The PSK added to connections to proxyB with `Proxy-Authorization: Preshared
*6777b538SAndroid Build Coastguard Worker// $PSK`.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string> kIpPrivacyProxyBPsk;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If true, pass OAuth token to Phosphor in GetProxyConfig API for IP
*6777b538SAndroid Build Coastguard Worker// Protection.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyIncludeOAuthTokenInGetProxyConfig;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Controls whether a header ("IP-Protection: 1") should be added to proxied
*6777b538SAndroid Build Coastguard Worker// network requests.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyAddHeaderToProxiedRequests;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Token expirations will have a random time between 5 seconds and this delta
*6777b538SAndroid Build Coastguard Worker// subtracted from their expiration, in order to even out the load on the token
*6777b538SAndroid Build Coastguard Worker// servers.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<base::TimeDelta>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyExpirationFuzz;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If true, only proxy traffic when the top-level site uses the http:// or
*6777b538SAndroid Build Coastguard Worker// https:// schemes. This prevents attempts to proxy from top-level sites with
*6777b538SAndroid Build Coastguard Worker// chrome://, chrome-extension://, or other non-standard schemes, in addition to
*6777b538SAndroid Build Coastguard Worker// top-level sites using less common schemes like blob:// and data://.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool>
*6777b538SAndroid Build Coastguard Worker    kIpPrivacyRestrictTopLevelSiteSchemes;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If true, IP protection will attempt to use QUIC to connect to proxies,
*6777b538SAndroid Build Coastguard Worker// falling back to HTTPS.  If false, it will only use HTTPs.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool> kIpPrivacyUseQuicProxies;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// If true, IP protection will only use QUIC to connect to proxies, with no
*6777b538SAndroid Build Coastguard Worker// fallback to HTTPS. This is intended for development of the QUIC
*6777b538SAndroid Build Coastguard Worker// functionality.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool> kIpPrivacyUseQuicProxiesOnly;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Truncate IP protection proxy chains to a single proxy. This is intended for
*6777b538SAndroid Build Coastguard Worker// development of the QUIC functionality.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<bool> kIpPrivacyUseSingleProxy;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Send all traffic to this host via IP Protection proxies, regardless of MDL,
*6777b538SAndroid Build Coastguard Worker// 1P/3P, or token availability. This is intended for development of the QUIC
*6777b538SAndroid Build Coastguard Worker// functionality.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT extern const base::FeatureParam<std::string> kIpPrivacyAlwaysProxy;
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Whether QuicParams::migrate_sessions_on_network_change_v2 defaults to true or
*6777b538SAndroid Build Coastguard Worker// false. This is needed as a workaround to set this value to true on Android
*6777b538SAndroid Build Coastguard Worker// but not on WebView (until crbug.com/1430082 has been fixed).
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kMigrateSessionsOnNetworkChangeV2);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables whether blackhole detector should be disabled during connection
*6777b538SAndroid Build Coastguard Worker// migration and there is no available network.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kDisableBlackholeOnNoNewNetwork);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker// AddressTrackerLinux will not run inside the network service in this
*6777b538SAndroid Build Coastguard Worker// configuration, which will improve the Linux network service sandbox.
*6777b538SAndroid Build Coastguard Worker// TODO(crbug.com/1312226): remove this.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kAddressTrackerLinuxIsProxied);
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_LINUX)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables binding of cookies to the port that originally set them by default.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnablePortBoundCookies);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables binding of cookies to the scheme that originally set them. Also
*6777b538SAndroid Build Coastguard Worker// enables domain cookie shadowing protection.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableSchemeBoundCookies);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables expiration duration limit (3 hours) for cookies on insecure websites.
*6777b538SAndroid Build Coastguard Worker// This feature is a no-op unless kEnableSchemeBoundCookies is enabled.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTimeLimitedInsecureCookies);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables enabling third-party cookie blocking from the command line.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kForceThirdPartyCookieBlocking);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables an exception for third-party cookie blocking when the request is
*6777b538SAndroid Build Coastguard Worker// same-site with the top-level document, opted into CORS, but embedded in a
*6777b538SAndroid Build Coastguard Worker// cross-site context.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kThirdPartyCookieTopLevelSiteCorsException);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables Early Hints on HTTP/1.1.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableEarlyHintsOnHttp11);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables draft-07 version of WebTransport over HTTP/3.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kEnableWebTransportDraft07);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables Zstandard Content-Encoding support.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kZstdContentEncoding);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kThirdPartyPartitionedStorageAllowedByDefault);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables the HTTP extensible priorities "priority" header.
*6777b538SAndroid Build Coastguard Worker// RFC 9218
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kPriorityHeader);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables a more efficient implementation of SpdyHeadersToHttpResponse().
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kSpdyHeadersToHttpResponseUseBuilder);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables receiving ECN bit by sockets in Chrome.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kReceiveEcn);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables using the new ALPS codepoint to negotiate application settings for
*6777b538SAndroid Build Coastguard Worker// HTTP2.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseNewAlpsCodepointHttp2);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables using the new ALPS codepoint to negotiate application settings for
*6777b538SAndroid Build Coastguard Worker// QUIC.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kUseNewAlpsCodepointQUIC);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Treat HTTP header `Expires: "0"` as expired value according section 5.3 on
*6777b538SAndroid Build Coastguard Worker// RFC 9111.
*6777b538SAndroid Build Coastguard Worker// TODO(https://crbug.com/853508): Remove after the bug fix will go well for a
*6777b538SAndroid Build Coastguard Worker// while on stable channels.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTreatHTTPExpiresHeaderValueZeroAsExpired);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// Enables truncating the response body to the content length.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kTruncateBodyToContentLength);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#if BUILDFLAG(IS_MAC)
*6777b538SAndroid Build Coastguard Worker// Reduces the frequency of IP address change notifications that result in
*6777b538SAndroid Build Coastguard Worker// TCP and QUIC connection resets.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kReduceIPAddressChangeNotification);
*6777b538SAndroid Build Coastguard Worker#endif  // BUILDFLAG(IS_MAC)
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker// This feature will enable the Device Bound Session Credentials protocol to let
*6777b538SAndroid Build Coastguard Worker// the server assert sessions (and cookies) are bound to a specific device.
*6777b538SAndroid Build Coastguard WorkerNET_EXPORT BASE_DECLARE_FEATURE(kDeviceBoundSessions);
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker}  // namespace net::features
*6777b538SAndroid Build Coastguard Worker
*6777b538SAndroid Build Coastguard Worker#endif  // NET_BASE_FEATURES_H_