Lists of domains and resources used by Chromium / Chrome?
224 views
Skip to first unread message
psn...@brave.com
Jan 7, 2019, 4:00:06 PM1/7/19
to Chromium-dev
Hello folks,
What lists of special-cased domains are used by Chromium / Chrome, either hardcoded or fetched later on?
I can think of SafeBrowsing and the list of domains / blocking rules / EasyList fetched by the AdTagging system.
Are there other such lists of domains / URLs used by Chromium / Chrome?
Thanks in advance!
What lists of special-cased domains are used by Chromium / Chrome, either hardcoded or fetched later on?
I can think of SafeBrowsing and the list of domains / blocking rules / EasyList fetched by the AdTagging system.
Are there other such lists of domains / URLs used by Chromium / Chrome?
Thanks in advance!
Matthew Menke
Jan 7, 2019, 8:28:58 PM1/7/19
to Chromium-dev
What's your definition of a "special-cased domain"? It sounds like you're interested in domains with built-in magic rules for handling them, as opposed to URLs that are fetched by internal Chrome code?
The entire HSTS preload list could be considered "special cased domains", or even the registry-controlled domain list. localhost (And some localhost variants) also have a bit of magic to them (They're considered secure in some layers, they also use hard-coded mappings to IP addresses, instead of using real DNS lookups, and may have other magic).
psn...@brave.com
Jan 9, 2019, 7:27:57 PM1/9/19
to Chromium-dev
Hi Matt,
yes, you have the idea exactly right, I'm looking for lists of domains with special handling, not hardcoded domains, etc. The HSTS preload list is a perfect example. Thanks!
That brings my list to:
yes, you have the idea exactly right, I'm looking for lists of domains with special handling, not hardcoded domains, etc. The HSTS preload list is a perfect example. Thanks!
That brings my list to:
- HSTS preload
- SafeBrowsing
- EasyList rules from the AdTagging
Any others come to mind?
thanks!
thanks!
Matthew Menke
Jan 9, 2019, 8:58:24 PM1/9/19
to Chromium-dev
I believe the Chrome web store has special rules, or at least we used to add an extra header to responses from it. Wouldn't be surprised if there's other magic for that.
Also, Google-owned domains have magic (We add a header with field trial information for HTTPS requests to google-owned domains, and remove it on redirects away from them). There may be other magic related to Chrome signin and Google-owned domains, not sure.
Other than that, I can't think of any, but that's certainly no guarantee the list is comprehensive.
Matthew Menke
Jan 9, 2019, 9:07:45 PM1/9/19
to Chromium-dev
Worth noting that everything I've listed (Except localhost and the registry-controlled domain list) is src/chrome only. I believe HSTS we only enable in official Chrome builds, since the list can get out of date in third party distributions.
Nick Harper
Jan 10, 2019, 1:26:23 AM1/10/19
to Matt Menke, Chromium-dev
I think the only check for HSTS is that the build is timely: https://cs.chromium.org/chromium/src/net/http/transport_security_state.cc?gsn=GetSTSState&l=1135
--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/739754fc-9056-4aa5-8eb4-ea1527442605%40chromium.org.
PhistucK
Jan 10, 2019, 1:34:00 AM1/10/19
to nha...@chromium.org, Matt Menke, Chromium-dev
I think the new tab page (whichever URL depends on the search engine that the user chose) is also handled specially.
☆PhistucK
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CACdeXiKtOitRQhBujjhT2tFs8oMu9sQ4iv8uS1Kfb2uuS9%2BwKA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages