Protecting development command-line flag from production use
246 views
Skip to first unread message
Dustin Mitchell
Sep 3, 2024, 3:12:38 PM9/3/24
to Abhi Patel, Matt Menke, net...@chromium.org
Hi //net! @Abhi Patel and I are working on modifying `--proxy-server` to allow specifying proxy chains and/or quic-only proxies.
Both of these pieces of functionality are things we do not want used in "production" - at least not yet, due to:
* security concerns around quic proxies
* not wanting to introduce syntax we will need to support long-term; and
* not committing to a proxy specification meaning "always-use-quic"
* not wanting to introduce syntax we will need to support long-term; and
* not committing to a proxy specification meaning "always-use-quic"
However, we do want them to support interoperability testing with various proxies, and to support further testing and development of functionality like HTTP auth and client certs over QUIC proxies, without the bother of getting IP Protection set up. In other words, this is a preliminary step to making QUIC proxy support work outside of IP Protection.
It's unclear if or how we would ever want to expose proxy chain functionality - maybe just to extensions, or just to enterprise policy? Anyway, not a decision we want to make today. And we likely do not want to have a `quic://` proxy scheme, just as we don't have a `spdy://` scheme -- the browser should figure out when to use QUIC, although how to do this is as-yet undecided.
The current implementation (https://crrev.com/c/5807517) gates the new command-line syntax behind `NDEBUG``, with the intent being that if it only works on devel builds, nobody will be tempted to start using this in their kiosk build or anything like that. @Matt Menke has suggested using a BUILD_FLAG instead of NDEBUG, for later greppability when removing this.
But maybe hiding this functionality isn't necessary at all? Would a feature be a better choice than a BUILD_FLAG? Or should we just enable this command-line syntax universally?
WDYT?
Dustin
Matt Menke
Sep 3, 2024, 3:20:53 PM9/3/24
to Dustin Mitchell, Abhi Patel, net...@chromium.org
Minor nit - using a BUILD_FLAG wouldn't just be more greppable, but removing the build flag would also result in a build error if any caller was still using it, which would prevent any lingering #if's if the underlying flag value is removed from gn.
Abhi Patel
Sep 6, 2024, 12:10:46 PM9/6/24
to Matt Menke, Dustin Mitchell, net...@chromium.org
Hi all,
I'll proceed with using a BUILD_FLAG for the new `--proxy-server` syntax. This will make it more greppable and will result in a build error if any caller is still using it when the underlying flag value is removed from gn.
Thanks,
Abhi
Reply all
Reply to author
Forward
0 new messages