remove chromium pins and add brave pins #352
Conversation
|
verified that the output header only contains the pins we added |
| { "name": "balance.mercury.basicattentiontoken.org", "policy": "custom", "mode": "force-https", "pins": "brave"}, | ||
| { "name": "balance-staging.mercury.basicattentiontoken.org", "policy": "custom", "mode": "force-https", "pins": "brave"}, | ||
| { "name": "download.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, | ||
| { "name": "laptop-updates.brave.com", "mode": "force-https", "policy": "custom", "pins": "brave"}, |
There was a problem hiding this comment.
does anyone know yet if we're going to be using the same domains for brave-core updates? if not we need to add a new issue to add them to this list once they're finalized
|
|
||
| bool ParseCertificatesFile(base::StringPiece certs_input, Pinsets* pinsets) { | ||
| base::StringPiece brave_certs = R"brave_certs(TestSPKI | ||
| sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= |
There was a problem hiding this comment.
string literals have a max length of 65,536. I think we're ok for now but we'll probably need to change this eventually. Have you considered using a pak file and loading the resource from there?
There was a problem hiding this comment.
Similar to:
std::string str = ui::ResourceBundle::GetSharedInstance().GetRawDataResource( IDR_BRAVE_TAG_MANAGER_POLYFILL).as_string();
There was a problem hiding this comment.
This runs at build time so pak wouldn't work. I thought about loading from a file, but paths get a little weird so I just used a string for now
There was a problem hiding this comment.
ok we can just concat in a string when needed later.
There was a problem hiding this comment.
if length becomes a problem we can either split it into multiple strings (maybe one for each cert?) or try to sort out the path issue
fix brave/brave-browser#767
Submitter Checklist:
git rebase -ito squash commits (if needed).Test Plan:
Reviewer Checklist: