--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
My preference would be option 3 (extensions can modify the system prefs). We'll have to deal with conflicts between 2 extensions, but as you pointed out, we have this problem with per-profile settings already. I think we can come up with some way to decide who wins.
I like option 3 as well, as it seems to me to be the clearest. I like
the most recently activated tiebreak idea because it seems to me that
this is what the user would expect it to do -- and that this also
allows the user to easily change system behavior by activating the
desired profile. In an ideal world, we would restore windows from
multiple profiles simultaneously, but this is by no means necessary.
Are there system APIs for modifying the systemwide proxy settings on
all platforms? On Linux the answer is almost certainly no, but if
this works on Mac and Windows then I wouldn't let that veto the idea.
However, this is something that could potentially be done with an
xdg-style script, for instance by adding to xdg-settings that we wrote
and contributed to xdg-utils to help with default browser selection.
If we shell out to an xdg script to update the proxy settings, then
we'd presumably pick up the change via the normal proxy configuration
change notification mechanisms when it became effective. If we want to
do it that way, it would be useful to design the APIs with potential
failure in mind (in the case of an unsupported desktop environment),
and to be asynchronous (to allow the script to run a while before
receiving a success status, and to allow that success status to
precede the actual proxy settings change).
I think what Dominic meant is not the system proxy settings, but the proxy configuration used for the to-be-introduced system URL request context that is meant to handle all requests not associated with a profile. Question is whether extension should be able to control that through the proxy extension API, and if so, how exactly that should behave.
Why is it important that these requests are not tied to a specific profile?
- a
There are requests that are sent at startup or shortly thereafter (for
example IntranetRedirectDetector or the misleadingly named
GoogleUrlTracker), or in regular intervals in the background (for
example SafeBrowsing database updates or the extension blacklist).
> In the OCSP example, requests arise as a result of my visiting sites
> with certificates that support OCSP verification. So if I open up a
> Work profile window and navigate to chromium.org, I'd expect that to
> use my work profile settings to apply. Similarly, if I'm typing text
> into the Omnibox of a Work profile window then I'd expect that traffic
> to pass through the Work proxy, not pass through some other route in
> the browser.
>
>> Here are a couple of ideas... and I like neither of them...
> [snip]
>
> Since I don't like them either that means we agree on at least one
> thing, which feels like a good start. ;)
>
>> Option 4:
>> - ???
>
> Perhaps Option 4 is for it to be impossible for requests to be
> generated without a context in the first place, and for extensions,
> plugins, etc, to be completely isolated on a per-profile basis?
>
> Cheers,
>
> Wez
>
On Wed, Feb 2, 2011 at 18:21, Wez <w...@chromium.org> wrote:There are requests that are sent at startup or shortly thereafter (for
> On Jan 31, 8:25 pm, Dominic Battre <bat...@chromium.org> wrote:
>> Say you have an "at work" extension that configures your proxy settings.
>> What are the desired proxy settings for system URL requests? All "at home"
>> windows will use the proxy configuration from the "at home" profile, all "at
>> work" windows will use the proxy configuration from the "at work" profile
>> (configured by an extension). But what should happen to system URL requests?
>
> Fundamentally I'd expect *all* requests of any sort to have
> originated, however indirectly, from something the user did with the
> browser, and therefore be implicitly bound to a profile.
example IntranetRedirectDetector or the misleadingly named
GoogleUrlTracker), or in regular intervals in the background (for
example SafeBrowsing database updates or the extension blacklist).
These requests update state that's shared by all users, so
conceptually there's no real association to any profile in particular.
That said, technically it might very well be possible to associate
them with a profile if needed (for example by simply using the
last/first profile like Dominic suggested).
Bernhard.
> Wez
>
Sorry, I meant user as in the real-world entity corresponding to a
profile (in Dominic's example, we'd have a Work and a Home persona),
so we're talking about one browser process and one --user-data-dir
here.
Bernhard.
> Wez
>
- a
On Wed, Feb 2, 2011 at 20:50, Wez <w...@chromium.org> wrote:
> On 2 February 2011 18:38, Bernhard Bauer <bau...@google.com> wrote:
Sorry, I meant user as in the real-world entity corresponding to a>> These requests update state that's shared by all users, so
>> conceptually there's no real association to any profile in particular.
>> That said, technically it might very well be possible to associate
>> them with a profile if needed (for example by simply using the
>> last/first profile like Dominic suggested).
>>
>
> So you're saying that if I were to run two copies of Chrome with different
> user-data directories, or run two copies under different operating system
> user accounts on the same machine, I'd hit problems with them competing to
> update system-wide data?
profile (in Dominic's example, we'd have a Work and a Home persona),
so we're talking about one browser process and one --user-data-dir
here.
[snip]
For Windows and Mac, however, this is an entirely different story, because certificate validation is done using the OS APIs (CryptoAPI and CDSA/Security Framework, respectively). Both platforms support fetching CRLs, OCSP statuses, and AIA-chased certificates, and do so using the OS-user proxy settings and/or the OS-system proxy settings. Unless Chrome modifies those settings, which to date has been something that has been avoided, then whatever an extension requests, or whatever profile the user is currently in, makes no difference, because the OS-settings will always win. Further, on Windows, there is one more type of request (at least on Vista+), for a root certificate update, that is also triggered by HTTPS validation.
[snip]
Well, that's already supported now -- just start two Chrome processes
with different --user-data-dir switches.
Bernhard.
> Wez
>
It also describes being able to switch profiles from within a browser
window, which you can't do if you have separate browser processes for
each user data directory.
Bernhard.
> Wez
>
On Thu, Feb 3, 2011 at 11:15, Miranda Callahan <mira...@google.com> wrote:
>>>> > That doesn't sound right to me - surely if I have gone to the trouble of
>>>> > separating my Work & Home personae, it's clear that I want them to be
>>>> > separate, so I want them to have completely independent user-data, in
>>>> > the
>>>> > same way as if Work & Home were actually separate user accounts on the
>>>> > host
>>>> > computer?
>>>>
>>>> Well, that's already supported now -- just start two Chrome processes
>>>> with different --user-data-dir switches.
>>>
>>> Which is what the "Multi-profile" support described
>>> at http://www.chromium.org/user-experience/multi-profiles essentially
>>> describes, with there being N "local" profiles, of which M (<= N) are bound
>>> to by synced to Google account profiles, isn't it?
>>
>> It also describes being able to switch profiles from within a browser
>> window, which you can't do if you have separate browser processes for
>> each user data directory.
Ah, let me step in here to say that a discussion with Glen and Jeff
last week made clear that this will *not* be an option in the
multiprofile system; the browser menu listing different profiles will
provide the opportunity to launch a new window with the chosen
profile. Changing the underlying profile data in a running browser
window is simply too complicated to handle here.
The idea of separate user data extends only to the data in the
personal profile directory (right now, stored in "Default") -- not to
the entire user-data-dir.
(I have edited the multiprofile design doc to hopefully make this more
clear -- see the "Profile Launch Menu" section.)
-- Miranda
I'm starting to rethink this a bit. We didn't give a whole lot of thought to Dominic's option 1 (ie, don't let extensions control the proxy for system requests). Do extensions really care about system requests?
Ryan brings up a good point. In Tor's case, they care way more that certificate validation be done through Tor than various browser-level requests like safebrowsing. It sounds like we can't do cert validation through the proxy regardless of what we do is. Is that correct?
On Thu, Feb 3, 2011 at 8:20 PM, Matt Perry <mpcom...@chromium.org> wrote:Ryan brings up a good point. In Tor's case, they care way more that certificate validation be done through Tor than various browser-level requests like safebrowsing. It sounds like we can't do cert validation through the proxy regardless of what we do is. Is that correct?If we allow extensions to set the proxy for the system request context, we should be able to, no?
Ryan brings up a good point. In Tor's case, they care way more that certificate validation be done through Tor than various browser-level requests like safebrowsing. It sounds like we can't do cert validation through the proxy regardless of what we do is. Is that correct?
[ summons wtc ]Well, Wan-Teh was telling me something about how we need more control over SSL settings. I forget all the reasons why. But IIRC, the conclusion was that we need to use NSS for certificate validation as well, not just the SSL handshake/encryption/decryption stuff. In that case, we'd have full control over certificate validation. Wan-Teh, please correct me if I remembered incorrectly.So, if we do move towards that, we can do cert validation through the proxy.