From 035b7bad959b77d7b8770077b77a4ba950472d3e Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 22 May 2022 01:31:43 +0800 Subject: [PATCH] net, grpc_support: Set NetworkIsolationKey from header If BidirectionalStream request contains a -network-isolation-key header, it is used to set the network isolation key of the stream. The header itself is removed and not transmitted. The header value should be a valid URL with different host and port for each different network isolation key. Invalid header value is reported by returning error from bidirectional_stream_start. Network isolation takes effect only if it is enabled by experimental option of "feature_list": { "enable-features": "PartitionConnectionsByNetworkIsolationKey" } --- .../grpc_support/bidirectional_stream.cc | 15 ++++++++++++++- src/net/http/bidirectional_stream.cc | 8 ++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/components/grpc_support/bidirectional_stream.cc b/src/components/grpc_support/bidirectional_stream.cc index 2bb1ddbfa9..d9f45074dd 100644 --- a/src/components/grpc_support/bidirectional_stream.cc +++ b/src/components/grpc_support/bidirectional_stream.cc @@ -21,6 +21,7 @@ #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/request_priority.h" +#include "net/base/schemeful_site.h" #include "net/http/bidirectional_stream.h" #include "net/http/bidirectional_stream_request_info.h" #include "net/http/http_network_session.h" @@ -96,8 +97,20 @@ int BidirectionalStream::Start(const char* url, request_info->priority = static_cast(priority); // Http method is a token, just as header name. request_info->method = method; - if (!net::HttpUtil::IsValidHeaderName(request_info->method)) + if (!net::HttpUtil::IsValidHeaderName(request_info->method)) { + LOG(ERROR) << "Invalid method " << request_info->method; return -1; + } + std::string network_isolation_key_header; + if (headers.GetHeader("-network-isolation-key", + &network_isolation_key_header)) { + net::SchemefulSite site(GURL{network_isolation_key_header}); + if (site.opaque()) { + LOG(ERROR) << "Invalid -network-isolation-key " + << network_isolation_key_header; + return -1; + } + } request_info->extra_headers.CopyFrom(headers); request_info->end_stream_on_headers = end_of_stream; write_end_of_stream_ = end_of_stream; diff --git a/src/net/http/bidirectional_stream.cc b/src/net/http/bidirectional_stream.cc index 37153bfdbd..7adac554ad 100644 --- a/src/net/http/bidirectional_stream.cc +++ b/src/net/http/bidirectional_stream.cc @@ -207,6 +207,14 @@ void BidirectionalStream::StartRequest(const SSLConfig& ssl_config) { HttpRequestInfo http_request_info; http_request_info.url = request_info_->url; http_request_info.method = request_info_->method; + std::string network_isolation_key_header; + if (request_info_->extra_headers.GetHeader("-network-isolation-key", + &network_isolation_key_header)) { + request_info_->extra_headers.RemoveHeader("-network-isolation-key"); + net::SchemefulSite site(GURL{network_isolation_key_header}); + CHECK(!site.opaque()); + http_request_info.network_isolation_key = NetworkIsolationKey(site, site); + } http_request_info.extra_headers = request_info_->extra_headers; http_request_info.socket_tag = request_info_->socket_tag; stream_request_ =