Brave News: Do not use APIRequestHelper for binary data #12857
Conversation
petemill
force-pushed
the
fix-news-image-request
branch
from
364ba7b
to
b088c3b
Compare
petemill
force-pushed
the
fix-news-image-request
branch
from
b088c3b
to
033cdc3
Compare
There was a problem hiding this comment.
@petemill This doesn't look like it removes any of the (somewhat) identifying request headers (e.g. Accept-Language, User-Agent) when sending a request to the private CDN. Is that header removal done somewhere else? Or did we end up not implementing it? I can't remember.
@fmarier The header removal is done here https://github.com/brave/brave-core/pull/12857/files#diff-f5dc813d6939b2fdab7d89947a9657e8d6583d004b2d74c4839017647ca637f4R50 |
|
I pushed a refactor earlier today and didn't have a chance to build which is why there's CI errors, which I'll address now |
| net::NetworkTrafficAnnotationTag annotation_tag, | ||
| scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory) | ||
| : annotation_tag_(annotation_tag), | ||
| url_loader_factory_(url_loader_factory) {} |
There was a problem hiding this comment.
fixed, and noting that this is it's being done in the code I copied it from 😄 https://github.com/brave/brave-core/blob/master/components/api_request_helper/api_request_helper.cc#L45
| request->credentials_mode = network::mojom::CredentialsMode::kOmit; | ||
| request->method = net::HttpRequestHeaders::kGetMethod; | ||
| // Don't send any identifying information, such as language or user agent | ||
| for (auto entry : brave::private_cdn_headers) |
| } | ||
| } | ||
| url_loaders_.erase(iter); | ||
| std::move(callback).Run(response_code, *response_body); |
There was a problem hiding this comment.
response_body can be nullptr if a network error has occurred [1]. It's better just check response_body before dereferencing in case some other corner case will appear in SimpleURLLoader.
- See
SetAllowPartialResultsand this code:
https://github.com/chromium/chromium/blob/4c7435484856fc171e16fa84d9c244fbadd6fa4a/services/network/public/cpp/simple_url_loader.cc#L1541-L1543
| base::StringPiece body_payload(body.data(), body.size()); | ||
| if (response_code < 200 || response_code >= 300 || | ||
| (is_padded && | ||
| !brave::PrivateCdnHelper::GetInstance()->RemovePadding( |
There was a problem hiding this comment.
Would prefer to change in a follow-up. This is not introduced in this PR, and would prefer to limit this PR to fix the regression and not refactor.
| &body_payload))) { | ||
| // Byte padding removal failed | ||
| absl::optional<std::vector<uint8_t>> args; | ||
| std::move(callback).Run(std::move(args)); |
| bool auto_retry_on_network_change /* = true */, | ||
| size_t max_body_size /* = 5 * 1024 * 1024 */) { | ||
| // Do not allow unbounded max body | ||
| DCHECK(max_body_size != = -1u); |
There was a problem hiding this comment.
thanks for spotting - fixed
| request->credentials_mode = network::mojom::CredentialsMode::kOmit; | ||
| request->method = net::HttpRequestHeaders::kGetMethod; | ||
| // Don't send any identifying information, such as language or user agent | ||
| for (auto entry : brave::private_cdn_headers) |
There was a problem hiding this comment.
brave::private_cdn_headers should be a base::NoDestructor instance accessible (and constructible) via some getter like brave::GetPrivateCDNHeaders().
There was a problem hiding this comment.
Would prefer to change in a follow-up. This is not introduced in this PR, and would prefer to limit this PR to fix the regression and not refactor
petemill
force-pushed
the
fix-news-image-request
branch
from
033cdc3
to
f67bf99
Compare
Create PrivateCDNRequestHelper to help ensure requests are anonymous. APIRequestHelper was no longer appropriate as it requires response to be JSON format.
petemill
force-pushed
the
fix-news-image-request
branch
from
f67bf99
to
ed65156
Compare
APIRequestHelper has recently changed to validate that the response is valid JSON.
Resolves brave/brave-browser#22024
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed)Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on
Test Plan: