-
Notifications
You must be signed in to change notification settings - Fork 870
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove chromium pins and add brave pins #352
Conversation
verified that the output header only contains the pins we added |
{ "name": "balance.mercury.basicattentiontoken.org", "policy": "custom", "mode": "force-https", "pins": "brave"}, | ||
{ "name": "balance-staging.mercury.basicattentiontoken.org", "policy": "custom", "mode": "force-https", "pins": "brave"}, | ||
{ "name": "download.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, | ||
{ "name": "laptop-updates.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does anyone know yet if we're going to be using the same domains for brave-core updates? if not we need to add a new issue to add them to this list once they're finalized
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @RyanJarv
|
||
bool ParseCertificatesFile(base::StringPiece certs_input, Pinsets* pinsets) { | ||
base::StringPiece brave_certs = R"brave_certs(TestSPKI | ||
sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
string literals have a max length of 65,536. I think we're ok for now but we'll probably need to change this eventually. Have you considered using a pak file and loading the resource from there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to:
std::string str = ui::ResourceBundle::GetSharedInstance().GetRawDataResource( IDR_BRAVE_TAG_MANAGER_POLYFILL).as_string();
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This runs at build time so pak wouldn't work. I thought about loading from a file, but paths get a little weird so I just used a string for now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok we can just concat in a string when needed later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if length becomes a problem we can either split it into multiple strings (maybe one for each cert?) or try to sort out the path issue
fix brave/brave-browser#767
Submitter Checklist:
git rebase -i
to squash commits (if needed).Test Plan:
Reviewer Checklist: