From 133af65c89c035b2934ca3532f8442c719c5b471 Mon Sep 17 00:00:00 2001 From: Anton Lazarev Date: Thu, 28 Oct 2021 09:12:34 -0700 Subject: [PATCH] disable CNAME uncloaking when a proxy extension with a socks fallback is enabled --- .../net/brave_ad_block_tp_network_delegate_helper.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/browser/net/brave_ad_block_tp_network_delegate_helper.cc b/browser/net/brave_ad_block_tp_network_delegate_helper.cc index bc8710d67468..f58e0f279ecc 100644 --- a/browser/net/brave_ad_block_tp_network_delegate_helper.cc +++ b/browser/net/brave_ad_block_tp_network_delegate_helper.cc @@ -247,7 +247,10 @@ void UseCnameResult(scoped_refptr task_runner, // If only particular types of network traffic are being proxied, or if no // proxy is configured, it should be safe to continue making unproxied DNS // queries. However, in SingleProxy mode all types of network traffic should go -// through the proxy, so additional DNS queries should be avoided. +// through the proxy, so additional DNS queries should be avoided. Also, in the +// case of per-scheme proxy configurations, a fallback for any non-matching +// request can be configured, in which case additional DNS queries should be +// avoided as well. bool ProxySettingsAllowUncloaking(content::BrowserContext* browser_context) { DCHECK(browser_context); @@ -269,7 +272,10 @@ bool ProxySettingsAllowUncloaking(content::BrowserContext* browser_context) { net::ProxyConfigService::ConfigAvailability::CONFIG_VALID) { // PROXY_LIST corresponds to SingleProxy mode. if (config.value().proxy_rules().type == - net::ProxyConfig::ProxyRules::Type::PROXY_LIST) { + net::ProxyConfig::ProxyRules::Type::PROXY_LIST || + (config.value().proxy_rules().type == + net::ProxyConfig::ProxyRules::Type::PROXY_LIST_PER_SCHEME && + !config.value().proxy_rules().fallback_proxies.IsEmpty())) { can_uncloak = false; } }