Hubert Chao (Gerrit)

unread,

Aug 27, 2025, 5:40:40 PM (12 days ago) Aug 27

to Chris Thompson, Adam Rice, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, Hiroki Nakagawa, net-r...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, derinel+wat...@google.com, fenced-fra...@chromium.org, horo+...@chromium.org, ipc-securi...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org, network-ser...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, webauthn...@chromium.org

Attention needed from Adam Rice and Chris Thompson

Hubert Chao voted Commit-Queue+1

Commit-Queue

+1

Open in Gerrit

Related details

Attention is currently required from:

Adam Rice
Chris Thompson

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Chris Thompson (Gerrit)

unread,

Aug 27, 2025, 11:59:21 PM (12 days ago) Aug 27

to Hubert Chao, Adam Rice, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, Hiroki Nakagawa, net-r...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, derinel+wat...@google.com, fenced-fra...@chromium.org, horo+...@chromium.org, ipc-securi...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org, network-ser...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, webauthn...@chromium.org

Attention needed from Adam Rice and Hubert Chao

Chris Thompson voted and added 1 comment

Votes added by Chris Thompson

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 7 (Latest):

Chris Thompson . resolved

Overall LGTM

Open in Gerrit

Related details

Attention is currently required from:

Adam Rice
Hubert Chao

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Adam Rice (Gerrit)

unread,

Sep 4, 2025, 9:54:19 AM (4 days ago) Sep 4

to Hubert Chao, Chris Thompson, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, Hiroki Nakagawa, net-r...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, derinel+wat...@google.com, fenced-fra...@chromium.org, horo+...@chromium.org, ipc-securi...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org, network-ser...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, webauthn...@chromium.org

Attention needed from Hubert Chao

Adam Rice voted and added 2 comments

Votes added by Adam Rice

Code-Review

+1

2 comments

Patchset-level comments

File-level comment, Patchset 10 (Latest):

Adam Rice . resolved

lgtm with suggestion

File chrome/browser/net/websocket_browsertest.cc

Line 302, Patchset 10 (Latest):

    base::FieldTrialParams params;
    params["LocalNetworkAccessChecksWarn"] = "false";
    feature_list_.InitWithFeaturesAndParameters(
        {{network::features::kLocalNetworkAccessChecks, params},
         {network::features::kLocalNetworkAccessChecksWebSockets, {}}},
        {});

Adam Rice . unresolved

```suggestion
    feature_list_.InitWithFeaturesAndParameters(
        {{network::features::kLocalNetworkAccessChecks,
        {{"LocalNetworkAccessChecksWarn", "false"}}},
         {network::features::kLocalNetworkAccessChecksWebSockets, {}}},
        {});
```

Open in Gerrit

Related details

Attention is currently required from:

Hubert Chao

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Hubert Chao (Gerrit)

unread,

Sep 4, 2025, 11:06:44 AM (4 days ago) Sep 4

to Adam Rice, Chris Thompson, AyeAye, Chromium LUCI CQ, chromium...@chromium.org, Hiroki Nakagawa, net-r...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, derinel+wat...@google.com, fenced-fra...@chromium.org, horo+...@chromium.org, ipc-securi...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org, network-ser...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, webauthn...@chromium.org

Hubert Chao added 1 comment

File chrome/browser/net/websocket_browsertest.cc

Line 302, Patchset 10: base::FieldTrialParams params;


    params["LocalNetworkAccessChecksWarn"] = "false";
    feature_list_.InitWithFeaturesAndParameters(
        {{network::features::kLocalNetworkAccessChecks, params},
         {network::features::kLocalNetworkAccessChecksWebSockets, {}}},
        {});

Adam Rice . resolved

```suggestion
    feature_list_.InitWithFeaturesAndParameters(
        {{network::features::kLocalNetworkAccessChecks,
        {{"LocalNetworkAccessChecksWarn", "false"}}},
         {network::features::kLocalNetworkAccessChecksWebSockets, {}}},
        {});
```

Hubert Chao

Done

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Sep 4, 2025, 11:50:58 AM (4 days ago) Sep 4

to Hubert Chao, Adam Rice, Chris Thompson, AyeAye, chromium...@chromium.org, Hiroki Nakagawa, net-r...@chromium.org, alexmo...@chromium.org, blink-work...@chromium.org, creis...@chromium.org, derinel+wat...@google.com, fenced-fra...@chromium.org, horo+...@chromium.org, ipc-securi...@chromium.org, kinuko+ser...@chromium.org, kinuko...@chromium.org, navigation...@chromium.org, network-ser...@chromium.org, servicewor...@chromium.org, shimazu+se...@chromium.org, webauthn...@chromium.org

Chromium LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

10 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:

```
The name of the file: chrome/browser/net/websocket_browsertest.cc
Insertions: 2, Deletions: 3.

@@ -299,10 +299,9 @@
   void SetUp() override {
     // Some builders run with field_trial disabled, need to enable
     // LocalNetworkAccessChecks manually.
-    base::FieldTrialParams params;
-    params["LocalNetworkAccessChecksWarn"] = "false";
     feature_list_.InitWithFeaturesAndParameters(
-        {{network::features::kLocalNetworkAccessChecks, params},
+        {{network::features::kLocalNetworkAccessChecks,
+          {{"LocalNetworkAccessChecksWarn", "false"}}},


          {network::features::kLocalNetworkAccessChecksWebSockets, {}}},
         {});

     WebSocketBrowserHTTPSConnectToTest::SetUp();
```

Change information

Commit message:

[LNA] Add feature flag for WebSockets and LNA, create initial LNA check

Add a feature flag guarding enforcement of LNA checks on WebSockets;
create a (known flawed) implementation that assumes all websockets to
local or loopback address spaces are LNA checks. Future CLs will iterate
on this as we get the plumbing in place (mainly
network::mojom::ClientSecurityStatePtr) to do the LessPublicThan checks
for real LNA.

Add browser tests to ensure that the LNA checks work properly.

Bug: 421156866

Change-Id: Ie5d1fb74ab16bc7241810f0291d9c2c188a1d543

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6874968

Commit-Queue: Hubert Chao <hc...@chromium.org>

Reviewed-by: Adam Rice <ri...@chromium.org>

Reviewed-by: Chris Thompson <cth...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1510940}

Files:

M chrome/browser/net/websocket_browsertest.cc
M services/network/public/cpp/features.cc
M services/network/public/cpp/features.h
M services/network/websocket.cc

Change size: M

Delta: 4 files changed, 121 insertions(+), 1 deletion(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Adam Rice, +1 by Chris Thompson

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[LNA] Add feature flag for WebSockets and LNA, create initial LNA check [chromium/src : main]

Hubert Chao (Gerrit)

Hubert Chao voted Commit-Queue+1

Related details

Chris Thompson (Gerrit)

Chris Thompson voted and added 1 comment

Votes added by Chris Thompson

1 comment

Related details

Adam Rice (Gerrit)

Adam Rice voted and added 2 comments

Votes added by Adam Rice

2 comments

Related details

Hubert Chao (Gerrit)

Hubert Chao added 1 comment

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

Change information