BASELINE: Update Chromium to 108.0.5359.70

Change-Id: I77334ff232b819600f275bd3cfe41fbaa3619230
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/445904
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 95 insertions, 155 deletions

diff --git a/chromium/net/base/features.h b/chromium/net/base/features.h
index 6729475a475..745c3488f09 100644
--- a/chromium/net/base/features.h
+++ b/chromium/net/base/features.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2018 The Chromium Authors. All rights reserved.
+// Copyright 2018 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -20,18 +20,18 @@ namespace net::features {
 // Enables ALPS extension of TLS 1.3 for HTTP/2, see
 // https://vasilvv.github.io/tls-alps/draft-vvv-tls-alps.html and
 // https://vasilvv.github.io/httpbis-alps/draft-vvv-httpbis-alps.html.
-NET_EXPORT extern const base::Feature kAlpsForHttp2;
+NET_EXPORT BASE_DECLARE_FEATURE(kAlpsForHttp2);
 
 // Disable H2 reprioritization, in order to measure its impact.
-NET_EXPORT extern const base::Feature kAvoidH2Reprioritization;
+NET_EXPORT BASE_DECLARE_FEATURE(kAvoidH2Reprioritization);
 
 // When kCapReferrerToOriginOnCrossOrigin is enabled, HTTP referrers on cross-
 // origin requests are restricted to contain at most the source origin.
-NET_EXPORT extern const base::Feature kCapReferrerToOriginOnCrossOrigin;
+NET_EXPORT BASE_DECLARE_FEATURE(kCapReferrerToOriginOnCrossOrigin);
 
 // Support for altering the parameters used for DNS transaction timeout. See
 // ResolveContext::SecureTransactionTimeout().
-NET_EXPORT extern const base::Feature kDnsTransactionDynamicTimeouts;
+NET_EXPORT BASE_DECLARE_FEATURE(kDnsTransactionDynamicTimeouts);
 // Multiplier applied to current fallback periods in determining a transaction
 // timeout.
 NET_EXPORT extern const base::FeatureParam<double>
@@ -39,75 +39,10 @@ NET_EXPORT extern const base::FeatureParam<double>
 NET_EXPORT extern const base::FeatureParam<base::TimeDelta>
     kDnsMinTransactionTimeout;
 
-// Enables DNS query-only experiments for HTTPSSVC or INTEGRITY records,
-// depending on feature parameters. Received responses never affect Chrome
-// behavior other than metrics.
-//
-// Not to be confused with `kUseDnsHttpsSvcb` which is querying HTTPS in order
-// to affect Chrome connection behavior.
-NET_EXPORT extern const base::Feature kDnsHttpssvc;
-
-// Determine which kind of record should be queried: HTTPSSVC or INTEGRITY. No
-// more than one of these feature parameters should be enabled at once. In the
-// event that both are enabled, |kDnsHttpssvcUseIntegrity| takes priority, and
-// |kDnsHttpssvcUseHttpssvc| will be ignored.
-NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseHttpssvc;
-NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseIntegrity;
-
-// Enable HTTPSSVC or INTEGRITY to be queried over insecure DNS.
-NET_EXPORT extern const base::FeatureParam<bool>
-    kDnsHttpssvcEnableQueryOverInsecure;
-
-// If we are still waiting for an HTTPSSVC or INTEGRITY query after all the
-// other queries in a DnsTask have completed, we will compute a timeout for the
-// remaining query. The timeout will be the min of:
-//   (a) |kDnsHttpssvcExtraTimeMs.Get()|
-//   (b) |kDnsHttpssvcExtraTimePercent.Get() / 100 * t|, where |t| is the
-//       number of milliseconds since the first query began.
-NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimeMs;
-NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimePercent;
-
-// These parameters, respectively, are the list of experimental and control
-// domains for which we will query HTTPSSVC or INTEGRITY records. We expect
-// valid INTEGRITY results for experiment domains. We expect no INTEGRITY
-// results for control domains.
-//
-// The format of both parameters is a comma-separated list of domains.
-// Whitespace around domain names is permitted. Trailing comma is optional.
-//
-// See helper functions:
-// |dns_httpssvc_experiment::GetDnsHttpssvcExperimentDomains| and
-// |dns_httpssvc_experiment::GetDnsHttpssvcControlDomains|.
-NET_EXPORT extern const base::FeatureParam<std::string>
-    kDnsHttpssvcExperimentDomains;
-NET_EXPORT extern const base::FeatureParam<std::string>
-    kDnsHttpssvcControlDomains;
-
-// This param controls how we determine whether a domain is an experimental or
-// control domain. When false, domains must be in |kDnsHttpssvcControlDomains|
-// to be considered a control. When true, we ignore |kDnsHttpssvcControlDomains|
-// and any non-experiment domain (not in |kDnsHttpssvcExperimentDomains|) is
-// considered a control domain.
-NET_EXPORT extern const base::FeatureParam<bool>
-    kDnsHttpssvcControlDomainWildcard;
-
-namespace dns_httpssvc_experiment {
-// Get the value of |kDnsHttpssvcExtraTimeMs|.
-NET_EXPORT base::TimeDelta GetExtraTimeAbsolute();
-}  // namespace dns_httpssvc_experiment
-
 // Enables querying HTTPS DNS records that will affect results from HostResolver
 // and may be used to affect connection behavior. Whether or not those results
 // are used (e.g. to connect via ECH) may be controlled by separate features.
-//
-// Not to be confused with `kDnsHttpssvc` which is for experiment-only queries
-// where received HTTPS results do not affect Chrome behavior and are only used
-// for metrics.
-NET_EXPORT extern const base::Feature kUseDnsHttpsSvcb;
-
-// Param to control whether or not presence of an HTTPS record for an HTTP
-// request will force an HTTP->HTTPS upgrade redirect.
-NET_EXPORT extern const base::FeatureParam<bool> kUseDnsHttpsSvcbHttpUpgrade;
+NET_EXPORT BASE_DECLARE_FEATURE(kUseDnsHttpsSvcb);
 
 // Param to control whether or not HostResolver, when using Secure DNS, will
 // fail the entire connection attempt when receiving an inconclusive response to
@@ -116,10 +51,6 @@ NET_EXPORT extern const base::FeatureParam<bool> kUseDnsHttpsSvcbHttpUpgrade;
 NET_EXPORT extern const base::FeatureParam<bool>
     kUseDnsHttpsSvcbEnforceSecureResponse;
 
-// Param to control whether HTTPS queries will be allowed via Insecure DNS
-// (instead of just via Secure DNS).
-NET_EXPORT extern const base::FeatureParam<bool> kUseDnsHttpsSvcbEnableInsecure;
-
 // If we are still waiting for an HTTPS transaction after all the
 // other transactions in an insecure DnsTask have completed, we will compute a
 // timeout for the remaining transaction. The timeout will be
@@ -152,65 +83,52 @@ NET_EXPORT extern const base::FeatureParam<int>
 NET_EXPORT extern const base::FeatureParam<base::TimeDelta>
     kUseDnsHttpsSvcbSecureExtraTimeMin;
 
-// Deprecated in favor of `kUseDnsHttpsSvcbInsecureExtraTime...` and
-// `kUseDnsHttpsSvcbSecureExtraTime...` params. Ignored for insecure DnsTasks if
-// any `kUseDnsHttpsSvcbInsecureExtraTime...` params are non-zero, and ignored
-// for secure DnsTasks if any `kUseDnsHttpsSvcbSecureExtraTime...` params are
-// non-zero.
-NET_EXPORT extern const base::FeatureParam<base::TimeDelta>
-    kUseDnsHttpsSvcbExtraTimeAbsolute;
-NET_EXPORT extern const base::FeatureParam<int>
-    kUseDnsHttpsSvcbExtraTimePercent;
-
 // Update protocol using ALPN information in HTTPS DNS records.
-NET_EXPORT extern const base::Feature kUseDnsHttpsSvcbAlpn;
+NET_EXPORT BASE_DECLARE_FEATURE(kUseDnsHttpsSvcbAlpn);
 
 // Enables TLS 1.3 early data.
-NET_EXPORT extern const base::Feature kEnableTLS13EarlyData;
+NET_EXPORT BASE_DECLARE_FEATURE(kEnableTLS13EarlyData);
 
 // Enables the TLS Encrypted ClientHello feature.
 // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-13
-NET_EXPORT extern const base::Feature kEncryptedClientHello;
+NET_EXPORT BASE_DECLARE_FEATURE(kEncryptedClientHello);
 
 // Enables optimizing the network quality estimation algorithms in network
 // quality estimator (NQE).
-NET_EXPORT extern const base::Feature kNetworkQualityEstimator;
+NET_EXPORT BASE_DECLARE_FEATURE(kNetworkQualityEstimator);
 
 // Splits cache entries by the request's includeCredentials.
-NET_EXPORT extern const base::Feature kSplitCacheByIncludeCredentials;
+NET_EXPORT BASE_DECLARE_FEATURE(kSplitCacheByIncludeCredentials);
 
 // Splits cache entries by the request's NetworkIsolationKey if one is
 // available.
-NET_EXPORT extern const base::Feature kSplitCacheByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kSplitCacheByNetworkIsolationKey);
 
 // Splits host cache entries by the DNS request's NetworkIsolationKey if one is
 // available. Also prevents merging live DNS lookups when there is a NIK
 // mismatch.
-NET_EXPORT extern const base::Feature kSplitHostCacheByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kSplitHostCacheByNetworkIsolationKey);
 
 // Partitions connections based on the NetworkIsolationKey associated with a
 // request.
-NET_EXPORT extern const base::Feature
-    kPartitionConnectionsByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionConnectionsByNetworkIsolationKey);
 
 // Forces the `frame_origin` value in IsolationInfo to the `top_level_origin`
 // value when an IsolationInfo instance is created. This is to enable
 // expirimenting with double keyed network partitions.
-NET_EXPORT extern const base::Feature
-    kForceIsolationInfoFrameOriginToTopLevelFrame;
+NET_EXPORT BASE_DECLARE_FEATURE(kForceIsolationInfoFrameOriginToTopLevelFrame);
 
 // Partitions HttpServerProperties based on the NetworkIsolationKey associated
 // with a request.
-NET_EXPORT extern const base::Feature
-    kPartitionHttpServerPropertiesByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(
+    kPartitionHttpServerPropertiesByNetworkIsolationKey);
 
 // Partitions TLS sessions and QUIC server configs based on the
 // NetworkIsolationKey associated with a request.
 //
 // This feature requires kPartitionConnectionsByNetworkIsolationKey to be
 // enabled to work.
-NET_EXPORT extern const base::Feature
-    kPartitionSSLSessionsByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionSSLSessionsByNetworkIsolationKey);
 
 // Partitions Expect-CT data by NetworkIsolationKey. This only affects the
 // Expect-CT data itself. Regardless of this value, reports will be uploaded
@@ -219,8 +137,7 @@ NET_EXPORT extern const base::Feature
 // This feature requires kPartitionConnectionsByNetworkIsolationKey,
 // kPartitionHttpServerPropertiesByNetworkIsolationKey, and
 // kPartitionConnectionsByNetworkIsolationKey to all be enabled to work.
-NET_EXPORT extern const base::Feature
-    kPartitionExpectCTStateByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionExpectCTStateByNetworkIsolationKey);
 
 // Partitions Network Error Logging and Reporting API data by
 // NetworkIsolationKey. Also partitions all reports generated by other consumers
@@ -231,8 +148,7 @@ NET_EXPORT extern const base::Feature
 // NetworkIsolationKey parameters, and they're cleared while loading from the
 // cache, but internal objects can be created with them (e.g., endpoints), for
 // testing.
-NET_EXPORT extern const base::Feature
-    kPartitionNelAndReportingByNetworkIsolationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionNelAndReportingByNetworkIsolationKey);
 
 // Creates a <double key + is_cross_site> NetworkAnonymizationKey which is used
 // to partition the network state. This double key will have the following
@@ -242,18 +158,17 @@ NET_EXPORT extern const base::Feature
 // to the frame site. The frame site will not be stored in this key so the value
 // of is_cross_site will be computed at key construction. This feature overrides
 // `kEnableDoubleKeyNetworkAnonymizationKey` if both are enabled.
-NET_EXPORT extern const base::Feature
-    kEnableCrossSiteFlagNetworkAnonymizationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kEnableCrossSiteFlagNetworkAnonymizationKey);
 
 // Creates a double keyed NetworkAnonymizationKey which is used to partition the
 // network state. This double key will have the following properties:
 // `top_frame_site` -> the schemeful site of the top level page.
 // `frame_site ` -> nullopt
 // `is_cross_site` -> nullopt
-NET_EXPORT extern const base::Feature kEnableDoubleKeyNetworkAnonymizationKey;
+NET_EXPORT BASE_DECLARE_FEATURE(kEnableDoubleKeyNetworkAnonymizationKey);
 
 // Enables limiting the size of Expect-CT table.
-NET_EXPORT extern const base::Feature kExpectCTPruning;
+NET_EXPORT BASE_DECLARE_FEATURE(kExpectCTPruning);
 
 // FeatureParams associated with kExpectCTPruning.
 
@@ -276,25 +191,25 @@ NET_EXPORT extern const base::FeatureParam<int> kExpectCTPruneDelaySecs;
 // to ensure that this corner of the spec is exercised. This is currently
 // disabled by default because we discovered incompatibilities with some
 // servers.
-NET_EXPORT extern const base::Feature kTLS13KeyUpdate;
+NET_EXPORT BASE_DECLARE_FEATURE(kTLS13KeyUpdate);
 
 // Enables permuting TLS extensions in the ClientHello, to reduce the risk of
 // non-compliant servers ossifying parts of the ClientHello and interfering with
 // deployment of future security improvements.
-NET_EXPORT extern const base::Feature kPermuteTLSExtensions;
+NET_EXPORT BASE_DECLARE_FEATURE(kPermuteTLSExtensions);
 
 // Enables CECPQ2, a post-quantum key-agreement, in TLS 1.3 connections.
-NET_EXPORT extern const base::Feature kPostQuantumCECPQ2;
+NET_EXPORT BASE_DECLARE_FEATURE(kPostQuantumCECPQ2);
 
 // Enables CECPQ2, a post-quantum key-agreement, in TLS 1.3 connections for a
 // subset of domains. (This is intended as Finch kill-switch. For testing
 // compatibility with large ClientHello messages, use |kPostQuantumCECPQ2|.)
-NET_EXPORT extern const base::Feature kPostQuantumCECPQ2SomeDomains;
+NET_EXPORT BASE_DECLARE_FEATURE(kPostQuantumCECPQ2SomeDomains);
 NET_EXPORT extern const base::FeatureParam<std::string>
     kPostQuantumCECPQ2Prefix;
 
 // Changes the timeout after which unused sockets idle sockets are cleaned up.
-NET_EXPORT extern const base::Feature kNetUnusedIdleSocketTimeout;
+NET_EXPORT BASE_DECLARE_FEATURE(kNetUnusedIdleSocketTimeout);
 
 // When enabled, the time threshold for Lax-allow-unsafe cookies will be lowered
 // from 2 minutes to 10 seconds. This time threshold refers to the age cutoff
@@ -303,59 +218,46 @@ NET_EXPORT extern const base::Feature kNetUnusedIdleSocketTimeout;
 // of HTTP method (i.e. allowing unsafe methods). This is a convenience for
 // integration tests which may want to test behavior of cookies older than the
 // threshold, but which would not be practical to run for 2 minutes.
-NET_EXPORT extern const base::Feature kShortLaxAllowUnsafeThreshold;
+NET_EXPORT BASE_DECLARE_FEATURE(kShortLaxAllowUnsafeThreshold);
 
 // When enabled, the SameSite by default feature does not add the
 // "Lax-allow-unsafe" behavior. Any cookies that do not specify a SameSite
 // attribute will be treated as Lax only, i.e. POST and other unsafe HTTP
 // methods will not be allowed at all for top-level cross-site navigations.
 // This only has an effect if the cookie defaults to SameSite=Lax.
-NET_EXPORT extern const base::Feature kSameSiteDefaultChecksMethodRigorously;
-
-#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
-// When enabled, use the builtin cert verifier instead of the platform verifier.
-NET_EXPORT extern const base::Feature kCertVerifierBuiltinFeature;
-#if BUILDFLAG(IS_MAC)
-NET_EXPORT extern const base::FeatureParam<int> kCertVerifierBuiltinImpl;
-NET_EXPORT extern const base::FeatureParam<int> kCertVerifierBuiltinCacheSize;
-#endif /* BUILDFLAG(IS_MAC) */
-#endif /* BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) */
+NET_EXPORT BASE_DECLARE_FEATURE(kSameSiteDefaultChecksMethodRigorously);
 
 #if BUILDFLAG(TRIAL_COMPARISON_CERT_VERIFIER_SUPPORTED)
-NET_EXPORT extern const base::Feature kCertDualVerificationTrialFeature;
+NET_EXPORT BASE_DECLARE_FEATURE(kCertDualVerificationTrialFeature);
 #if BUILDFLAG(IS_MAC)
 NET_EXPORT extern const base::FeatureParam<int> kCertDualVerificationTrialImpl;
 NET_EXPORT extern const base::FeatureParam<int>
     kCertDualVerificationTrialCacheSize;
 #endif /* BUILDFLAG(IS_MAC) */
-#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) && \
-    BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
-// If both builtin verifier+system roots and builtin verifier+CRS flags are
-// supported in the same build, this param can be used to choose which to test
-// in the trial.
-NET_EXPORT extern const base::FeatureParam<bool>
-    kCertDualVerificationTrialUseCrs;
-#endif
 #endif /* BUILDFLAG(TRIAL_COMPARISON_CERT_VERIFIER_SUPPORTED) */
 
 #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
 // When enabled, use the Chrome Root Store instead of the system root store
-NET_EXPORT extern const base::Feature kChromeRootStoreUsed;
+NET_EXPORT BASE_DECLARE_FEATURE(kChromeRootStoreUsed);
+#if BUILDFLAG(IS_MAC)
+NET_EXPORT extern const base::FeatureParam<int> kChromeRootStoreSysImpl;
+NET_EXPORT extern const base::FeatureParam<int> kChromeRootStoreSysCacheSize;
+#endif /* BUILDFLAG(IS_MAC) */
 #endif /* BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) */
 
 // Turns off streaming media caching to disk when on battery power.
-NET_EXPORT extern const base::Feature kTurnOffStreamingMediaCachingOnBattery;
+NET_EXPORT BASE_DECLARE_FEATURE(kTurnOffStreamingMediaCachingOnBattery);
 
 // Turns off streaming media caching to disk always.
-NET_EXPORT extern const base::Feature kTurnOffStreamingMediaCachingAlways;
+NET_EXPORT BASE_DECLARE_FEATURE(kTurnOffStreamingMediaCachingAlways);
 
 // When enabled this feature will cause same-site calculations to take into
 // account the scheme of the site-for-cookies and the request/response url.
-NET_EXPORT extern const base::Feature kSchemefulSameSite;
+NET_EXPORT BASE_DECLARE_FEATURE(kSchemefulSameSite);
 
 // Enables a process-wide limit on "open" UDP sockets. See
 // udp_socket_global_limits.h for details on what constitutes an "open" socket.
-NET_EXPORT extern const base::Feature kLimitOpenUDPSockets;
+NET_EXPORT BASE_DECLARE_FEATURE(kLimitOpenUDPSockets);
 
 // FeatureParams associated with kLimitOpenUDPSockets.
 
@@ -365,7 +267,7 @@ NET_EXPORT extern const base::FeatureParam<int> kLimitOpenUDPSocketsMax;
 
 // Enables a timeout on individual TCP connect attempts, based on
 // the parameter values.
-NET_EXPORT extern const base::Feature kTimeoutTcpConnectAttempt;
+NET_EXPORT BASE_DECLARE_FEATURE(kTimeoutTcpConnectAttempt);
 
 // FeatureParams associated with kTimeoutTcpConnectAttempt.
 
@@ -389,7 +291,7 @@ NET_EXPORT extern const base::FeatureParam<base::TimeDelta>
 // When enabled this feature will allow a new Reporting-Endpoints header to
 // configure reporting endpoints for report delivery. This is used to support
 // the new Document Reporting spec.
-NET_EXPORT extern const base::Feature kDocumentReporting;
+NET_EXPORT BASE_DECLARE_FEATURE(kDocumentReporting);
 #endif  // BUILDFLAG(ENABLE_REPORTING)
 
 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
@@ -398,7 +300,7 @@ NET_EXPORT extern const base::Feature kDocumentReporting;
 // This should reduce the number of wake ups and improve battery consumption.
 // TODO(https://crbug.com/1189805): Cleanup the feature after verifying that it
 // doesn't negatively affect performance.
-NET_EXPORT extern const base::Feature kUdpSocketPosixAlwaysUpdateBytesReceived;
+NET_EXPORT BASE_DECLARE_FEATURE(kUdpSocketPosixAlwaysUpdateBytesReceived);
 #endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
 
 // When this feature is enabled, redirected requests will be considered
@@ -407,61 +309,75 @@ NET_EXPORT extern const base::Feature kUdpSocketPosixAlwaysUpdateBytesReceived;
 // redirected request was same-site with the target URL (and the
 // site-for-cookies).
 // See spec changes in https://github.com/httpwg/http-extensions/pull/1348
-NET_EXPORT extern const base::Feature kCookieSameSiteConsidersRedirectChain;
+NET_EXPORT BASE_DECLARE_FEATURE(kCookieSameSiteConsidersRedirectChain);
+
+// When this feature is enabled, the SameParty attribute is enabled. (Note that
+// when this feature is disabled, the SameParty attribute is still parsed and
+// saved for cookie-sets, but it has no associated semantics (when setting or
+// reading cookies).)
+NET_EXPORT BASE_DECLARE_FEATURE(kSamePartyAttributeEnabled);
 
 // When enabled, cookies with the SameParty attribute are treated as
 // "first-party" when in same-party contexts, for the purposes of third-party
 // cookie blocking. (Note that as a consequence, some cookies may be blocked
 // while others are allowed on a cross-site, same-party request. Additionally,
 // privacy mode is disabled in same-party contexts.)
-NET_EXPORT extern const base::Feature kSamePartyCookiesConsideredFirstParty;
+NET_EXPORT BASE_DECLARE_FEATURE(kSamePartyCookiesConsideredFirstParty);
 
 // When enabled, sites can opt-in to having their cookies partitioned by
 // top-level site with the Partitioned attribute. Partitioned cookies will only
 // be sent when the browser is on the same top-level site that it was on when
 // the cookie was set.
-NET_EXPORT extern const base::Feature kPartitionedCookies;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionedCookies);
 // Flag to bypass the origin trial opt-in to use Partitioned cookies. This
 // allows developers to test Partitioned cookies manually in development
 // environments.
 // TODO(crbug.com/1296161): Remove this feature when the CHIPS OT ends.
-NET_EXPORT extern const base::Feature kPartitionedCookiesBypassOriginTrial;
+NET_EXPORT BASE_DECLARE_FEATURE(kPartitionedCookiesBypassOriginTrial);
 
 // When enabled, then we allow partitioned cookies even if kPartitionedCookies
 // is disabled only if the cookie partition key contains a nonce. So far, this
 // is used to create temporary cookie jar partitions for fenced and anonymous
 // frames.
-NET_EXPORT extern const base::Feature kNoncedPartitionedCookies;
+NET_EXPORT BASE_DECLARE_FEATURE(kNoncedPartitionedCookies);
 
 // When enabled, additional cookie-related APIs will perform cookie field size
 // and character set validation to enforce stricter conformance with RFC6265bis.
 // TODO(crbug.com/1243852) Eventually enable this permanently and remove the
 // feature flag, assuming no breakage occurs with it enabled.
-NET_EXPORT extern const base::Feature kExtraCookieValidityChecks;
+NET_EXPORT BASE_DECLARE_FEATURE(kExtraCookieValidityChecks);
 
 // Enable recording UMAs for network activities which can wake-up radio on
 // Android.
-NET_EXPORT extern const base::Feature kRecordRadioWakeupTrigger;
+NET_EXPORT BASE_DECLARE_FEATURE(kRecordRadioWakeupTrigger);
 
 // When enabled, cookies cannot have an expiry date further than 400 days in the
 // future.
-NET_EXPORT extern const base::Feature kClampCookieExpiryTo400Days;
+NET_EXPORT BASE_DECLARE_FEATURE(kClampCookieExpiryTo400Days);
 
 // Controls whether static key pinning is enforced.
-NET_EXPORT extern const base::Feature kStaticKeyPinningEnforcement;
+NET_EXPORT BASE_DECLARE_FEATURE(kStaticKeyPinningEnforcement);
 
 // When enabled, cookies with a non-ASCII domain attribute will be rejected.
-NET_EXPORT extern const base::Feature kCookieDomainRejectNonASCII;
+NET_EXPORT BASE_DECLARE_FEATURE(kCookieDomainRejectNonASCII);
 
 // Blocks the 'Set-Cookie' request header on outbound fetch requests.
-NET_EXPORT extern const base::Feature kBlockSetCookieHeader;
+NET_EXPORT BASE_DECLARE_FEATURE(kBlockSetCookieHeader);
 
-NET_EXPORT extern const base::Feature kOptimizeNetworkBuffers;
+NET_EXPORT BASE_DECLARE_FEATURE(kOptimisticBlockfileWrite);
+
+NET_EXPORT BASE_DECLARE_FEATURE(kOptimizeNetworkBuffers);
 
 NET_EXPORT
 extern const base::FeatureParam<int> kOptimizeNetworkBuffersBytesReadLimit;
 
 NET_EXPORT extern const base::FeatureParam<int>
+    kOptimizeNetworkBuffersMinInputStreamAvailableValueToIgnore;
+
+NET_EXPORT extern const base::FeatureParam<int>
+    kOptimizeNetworkBuffersMinInputStreamReadSize;
+
+NET_EXPORT extern const base::FeatureParam<int>
     kOptimizeNetworkBuffersMaxInputStreamBytesToReadWhenAvailableUnknown;
 
 NET_EXPORT extern const base::FeatureParam<int>
@@ -471,7 +387,7 @@ NET_EXPORT extern const base::FeatureParam<bool>
     kOptimizeNetworkBuffersInputStreamCheckAvailable;
 
 // Enable the Storage Access API. https://crbug.com/989663.
-NET_EXPORT extern const base::Feature kStorageAccessAPI;
+NET_EXPORT BASE_DECLARE_FEATURE(kStorageAccessAPI);
 
 // Set the default number of "automatic" implicit storage access grants per
 // third party origin that can be granted. This can be overridden via
@@ -484,8 +400,32 @@ NET_EXPORT extern const base::FeatureParam<int>
 // granted if the storage is partitioned.
 NET_EXPORT extern const base::FeatureParam<bool>
     kStorageAccessAPIGrantsUnpartitionedStorage;
+// Whether to auto-grant storage access requests when the top level origin and
+// the requesting origin are in the same First-Party Set.
+NET_EXPORT extern const base::FeatureParam<bool>
+    kStorageAccessAPIAutoGrantInFPS;
+// Whether to auto-deny storage access requests when the top level origin and
+// the requesting origin are not in the same First-Party Set.
+NET_EXPORT extern const base::FeatureParam<bool>
+    kStorageAccessAPIAutoDenyOutsideFPS;
+
+NET_EXPORT BASE_DECLARE_FEATURE(kThirdPartyStoragePartitioning);
+
+// Whether ALPS parsing is on for any type of frame.
+NET_EXPORT BASE_DECLARE_FEATURE(kAlpsParsing);
+
+// Whether ALPS parsing is on for client hint parsing specifically.
+NET_EXPORT BASE_DECLARE_FEATURE(kAlpsClientHintParsing);
+
+// Whether to kill the session on Error::kAcceptChMalformed.
+NET_EXPORT BASE_DECLARE_FEATURE(kShouldKillSessionOnAcceptChMalformed);
+
+NET_EXPORT BASE_DECLARE_FEATURE(kCaseInsensitiveCookiePrefix);
+
+NET_EXPORT BASE_DECLARE_FEATURE(kEnableWebsocketsOverHttp3);
 
-NET_EXPORT extern const base::Feature kThirdPartyStoragePartitioning;
+// Whether to do IPv4 to IPv6 address translation for IPv4 literals.
+NET_EXPORT BASE_DECLARE_FEATURE(kUseNAT64ForIPv4Literal);
 
 }  // namespace net::features