diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-11-20 15:06:40 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-11-22 11:48:58 +0000 |
| commit | daa093eea7c773db06799a13bd7e4e2e2a9f8f14 (patch) | |
| tree | 96cc5e7b9194c1b29eab927730bfa419e7111c25 /chromium/net/http | |
| parent | be59a35641616a4cf23c4a13fa0632624b021c1b (diff) | |
| download | qtwebengine-chromium-daa093eea7c773db06799a13bd7e4e2e2a9f8f14.tar.gz | |
BASELINE: Update Chromium to 63.0.3239.58
Change-Id: Ia93b322a00ba4dd4004f3bcf1254063ba90e1605
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/net/http')
68 files changed, 5170 insertions, 3309 deletions
diff --git a/chromium/net/http/BUILD.gn b/chromium/net/http/BUILD.gn index 8699aeffe46..d00da41da1d 100644 --- a/chromium/net/http/BUILD.gn +++ b/chromium/net/http/BUILD.gn @@ -4,6 +4,7 @@ import("//build/compiled_action.gni") +# Generates a header file based on the real preload list. compiled_action("generate_transport_security_state") { tool = "//net/tools/transport_security_state_generator" @@ -20,10 +21,28 @@ compiled_action("generate_transport_security_state") { rebase_path(inputs, root_build_dir) + rebase_path(outputs, root_build_dir) } +# Generates a header file for use in unittests. +compiled_action("transport_security_state_unittest_data_default") { + tool = "//net/tools/transport_security_state_generator" + + # Inputs in order expected by the command line of the tool. + inputs = [ + "transport_security_state_static_unittest_default.json", + "transport_security_state_static_unittest_default.pins", + "transport_security_state_static_unittest.template", + ] + outputs = [ + "$target_gen_dir/transport_security_state_static_unittest_default.h", + ] + args = + rebase_path(inputs, root_build_dir) + rebase_path(outputs, root_build_dir) +} + +# Generates a number of header files that are used by integration tests for the +# generation process and preload format. compiled_action_foreach("transport_security_state_unittest_data") { tool = "//net/tools/transport_security_state_generator" sources = [ - "transport_security_state_static_unittest0.json", "transport_security_state_static_unittest1.json", "transport_security_state_static_unittest2.json", "transport_security_state_static_unittest3.json", diff --git a/chromium/net/http/bidirectional_stream.cc b/chromium/net/http/bidirectional_stream.cc index cbcbdd6d18c..e13e3f7d2ad 100644 --- a/chromium/net/http/bidirectional_stream.cc +++ b/chromium/net/http/bidirectional_stream.cc @@ -10,7 +10,6 @@ #include "base/bind.h" #include "base/location.h" #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/threading/thread_task_runner_handle.h" #include "base/timer/timer.h" diff --git a/chromium/net/http/bidirectional_stream_unittest.cc b/chromium/net/http/bidirectional_stream_unittest.cc index b6dd52c873d..cbb28ae2680 100644 --- a/chromium/net/http/bidirectional_stream_unittest.cc +++ b/chromium/net/http/bidirectional_stream_unittest.cc @@ -372,7 +372,7 @@ class MockTimer : public base::MockTimer { MockTimer() : base::MockTimer(false, false) {} ~MockTimer() override {} - void Start(const tracked_objects::Location& posted_from, + void Start(const base::Location& posted_from, base::TimeDelta delay, const base::Closure& user_task) override { // Sets a maximum delay, so the timer does not fire unless it is told to. diff --git a/chromium/net/http/http_auth_controller.cc b/chromium/net/http/http_auth_controller.cc index 09a8dd8aa23..16e698378c2 100644 --- a/chromium/net/http/http_auth_controller.cc +++ b/chromium/net/http/http_auth_controller.cc @@ -388,6 +388,10 @@ bool HttpAuthController::HaveAuth() const { return handler_.get() && !identity_.invalid; } +bool HttpAuthController::NeedsHTTP11() const { + return handler_ && handler_->is_connection_based(); +} + void HttpAuthController::InvalidateCurrentHandler( InvalidateHandlerAction action) { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); diff --git a/chromium/net/http/http_auth_controller.h b/chromium/net/http/http_auth_controller.h index 769a62944aa..64e40cc860d 100644 --- a/chromium/net/http/http_auth_controller.h +++ b/chromium/net/http/http_auth_controller.h @@ -28,11 +28,21 @@ class NetLogWithSource; struct HttpRequestInfo; class SSLInfo; +// HttpAuthController is interface between other classes and HttpAuthHandlers. +// It handles all challenges when attempting to make a single request to a +// server, both in the case of trying multiple sets of credentials (Possibly on +// different sockets), and when going through multiple rounds of auth with +// connection-based auth, creating new HttpAuthHandlers as necessary. +// +// It is unaware of when a round of auth uses a new socket, which can lead to +// problems for connection-based auth. class NET_EXPORT_PRIVATE HttpAuthController : public base::RefCounted<HttpAuthController> { public: // The arguments are self explanatory except possibly for |auth_url|, which // should be both the auth target and auth path in a single url argument. + // |target| indicates whether this is for authenticating with a proxy or + // destination server. HttpAuthController(HttpAuth::Target target, const GURL& auth_url, HttpAuthCache* http_auth_cache, @@ -66,6 +76,10 @@ class NET_EXPORT_PRIVATE HttpAuthController bool HaveAuth() const; + // Return whether the authentication scheme is incompatible with HTTP/2 + // and thus the server would presumably reject a request on HTTP/2 anyway. + bool NeedsHTTP11() const; + scoped_refptr<AuthChallengeInfo> auth_info(); bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const; diff --git a/chromium/net/http/http_auth_handler.h b/chromium/net/http/http_auth_handler.h index 8d521b428b2..b0ab34007f2 100644 --- a/chromium/net/http/http_auth_handler.h +++ b/chromium/net/http/http_auth_handler.h @@ -21,6 +21,14 @@ class SSLInfo; // HttpAuthHandler is the interface for the authentication schemes // (basic, digest, NTLM, Negotiate). // HttpAuthHandler objects are typically created by an HttpAuthHandlerFactory. +// +// HttpAuthHandlers and generally created and managed by an HttpAuthController, +// which is the interaction point between the rest of net and the HTTP auth +// code. +// +// For connection-based authentication, an HttpAuthHandler handles all rounds +// related to using a single identity. If the identity is rejected, a new +// HttpAuthHandler must be created. class NET_EXPORT_PRIVATE HttpAuthHandler { public: HttpAuthHandler(); @@ -122,8 +130,16 @@ class NET_EXPORT_PRIVATE HttpAuthHandler { return (properties_ & IS_CONNECTION_BASED) != 0; } - // Returns true if the response to the current authentication challenge - // requires an identity. + // If NeedsIdentity() returns true, then a subsequent call to + // GenerateAuthToken() must indicate which identity to use. This can be done + // either by passing in a non-empty set of credentials, or an empty set to + // force the handler to use the default credentials. The latter is only an + // option if AllowsDefaultCredentials() returns true. + // + // If NeedsIdentity() returns false, then the handler is already bound to an + // identity and GenerateAuthToken() will ignore any credentials that are + // passed in. + // // TODO(wtc): Find a better way to handle a multi-round challenge-response // sequence used by a connection-based authentication scheme. virtual bool NeedsIdentity(); diff --git a/chromium/net/http/http_auth_handler_factory.cc b/chromium/net/http/http_auth_handler_factory.cc index cf3c32f3c5e..97f3f2f75db 100644 --- a/chromium/net/http/http_auth_handler_factory.cc +++ b/chromium/net/http/http_auth_handler_factory.cc @@ -7,6 +7,7 @@ #include "base/memory/ptr_util.h" #include "base/stl_util.h" #include "base/strings/string_util.h" +#include "build/build_config.h" #include "net/base/net_errors.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/http_auth_filter.h" @@ -87,10 +88,12 @@ CreateAuthHandlerRegistryFactory(const HttpAuthPreferences& prefs, new HttpAuthHandlerNegotiate::Factory(); #if defined(OS_WIN) negotiate_factory->set_library(std::make_unique<SSPILibraryDefault>()); -#elif defined(OS_POSIX) && !defined(OS_ANDROID) +#elif defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) negotiate_factory->set_library( std::make_unique<GSSAPISharedLibrary>(prefs.GssapiLibraryName())); -#endif // defined(OS_POSIX) && !defined(OS_ANDROID) +#elif defined(OS_CHROMEOS) + negotiate_factory->set_library(std::make_unique<GSSAPISharedLibrary>("")); +#endif negotiate_factory->set_host_resolver(host_resolver); registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme, negotiate_factory); @@ -142,7 +145,7 @@ HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) { std::vector<std::string> auth_types(std::begin(kDefaultAuthSchemes), std::end(kDefaultAuthSchemes)); HttpAuthPreferences prefs(auth_types -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , std::string() #endif diff --git a/chromium/net/http/http_auth_handler_ntlm.cc b/chromium/net/http/http_auth_handler_ntlm.cc index cecf3b2917d..36b2ac01ce8 100644 --- a/chromium/net/http/http_auth_handler_ntlm.cc +++ b/chromium/net/http/http_auth_handler_ntlm.cc @@ -49,13 +49,6 @@ int HttpAuthHandlerNTLM::GenerateAuthTokenImpl( LOG(ERROR) << "Username and password are expected to be non-NULL."; return ERR_MISSING_AUTH_CREDENTIALS; } - // TODO(wtc): See if we can use char* instead of void* for in_buf and - // out_buf. This change will need to propagate to GetNextToken, - // GenerateType1Msg, and GenerateType3Msg, and perhaps further. - const void* in_buf; - void* out_buf; - uint32_t in_buf_len, out_buf_len; - std::string decoded_auth_data; // The username may be in the form "DOMAIN\user". Parse it into the two // components. @@ -73,32 +66,33 @@ int HttpAuthHandlerNTLM::GenerateAuthTokenImpl( domain_ = domain; credentials_.Set(user, credentials->password()); - // Initial challenge. + std::string decoded_auth_data; if (auth_data_.empty()) { - in_buf_len = 0; - in_buf = NULL; + // There is no |auth_data_| because the client sends the first message. int rv = InitializeBeforeFirstChallenge(); if (rv != OK) return rv; } else { + // When |auth_data_| is present it contains the Challenge message. if (!base::Base64Decode(auth_data_, &decoded_auth_data)) { LOG(ERROR) << "Unexpected problem Base64 decoding."; return ERR_UNEXPECTED; } - in_buf_len = decoded_auth_data.length(); - in_buf = decoded_auth_data.data(); } - int rv = GetNextToken(in_buf, in_buf_len, &out_buf, &out_buf_len); - if (rv != OK) - return rv; + ntlm::Buffer next_token = GetNextToken( + ntlm::Buffer(reinterpret_cast<const uint8_t*>(decoded_auth_data.data()), + decoded_auth_data.size())); + if (next_token.empty()) + return ERR_UNEXPECTED; // Base64 encode data in output buffer and prepend "NTLM ". - std::string encode_input(static_cast<char*>(out_buf), out_buf_len); std::string encode_output; - base::Base64Encode(encode_input, &encode_output); - // OK, we are done with |out_buf| - free(out_buf); + base::Base64Encode( + base::StringPiece(reinterpret_cast<const char*>(next_token.data()), + next_token.size()), + &encode_output); + *auth_token = std::string("NTLM ") + encode_output; return OK; #endif diff --git a/chromium/net/http/http_auth_handler_ntlm.h b/chromium/net/http/http_auth_handler_ntlm.h index fed6303f834..0ab8d953c78 100644 --- a/chromium/net/http/http_auth_handler_ntlm.h +++ b/chromium/net/http/http_auth_handler_ntlm.h @@ -23,6 +23,8 @@ #include <windows.h> #include <security.h> #include "net/http/http_auth_sspi_win.h" +#elif defined(NTLM_PORTABLE) +#include "net/ntlm/ntlm_client.h" #endif #include <string> @@ -70,6 +72,10 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler { }; #if defined(NTLM_PORTABLE) + // A function that returns the time as the number of 100 nanosecond ticks + // since Jan 1, 1601 (UTC). + typedef uint64_t (*GetMSTimeProc)(); + // A function that generates n random bytes in the output buffer. typedef void (*GenerateRandomProc)(uint8_t* output, size_t n); @@ -81,18 +87,22 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler { // GetHostName functions. class ScopedProcSetter { public: - ScopedProcSetter(GenerateRandomProc random_proc, + ScopedProcSetter(GetMSTimeProc ms_time_proc, + GenerateRandomProc random_proc, HostNameProc host_name_proc) { + old_ms_time_proc_ = SetGetMSTimeProc(ms_time_proc); old_random_proc_ = SetGenerateRandomProc(random_proc); old_host_name_proc_ = SetHostNameProc(host_name_proc); } ~ScopedProcSetter() { + SetGetMSTimeProc(old_ms_time_proc_); SetGenerateRandomProc(old_random_proc_); SetHostNameProc(old_host_name_proc_); } private: + GetMSTimeProc old_ms_time_proc_; GenerateRandomProc old_random_proc_; HostNameProc old_host_name_proc_; }; @@ -130,31 +140,32 @@ class NET_EXPORT_PRIVATE HttpAuthHandlerNTLM : public HttpAuthHandler { ~HttpAuthHandlerNTLM() override; #if defined(NTLM_PORTABLE) - // For unit tests to override the GenerateRandom and GetHostName functions. - // Returns the old function. + // For unit tests to override the GetMSTime, GenerateRandom and GetHostName + // functions. Returns the old function. + static GetMSTimeProc SetGetMSTimeProc(GetMSTimeProc proc); static GenerateRandomProc SetGenerateRandomProc(GenerateRandomProc proc); static HostNameProc SetHostNameProc(HostNameProc proc); + + // Given an input token received from the server, generate the next output + // token to be sent to the server. + ntlm::Buffer GetNextToken(const ntlm::Buffer& in_token); #endif // Parse the challenge, saving the results into this instance. HttpAuth::AuthorizationResult ParseChallenge( HttpAuthChallengeTokenizer* tok, bool initial_challenge); - // Given an input token received from the server, generate the next output - // token to be sent to the server. - int GetNextToken(const void* in_token, - uint32_t in_token_len, - void** out_token, - uint32_t* out_token_len); - // Create an NTLM SPN to identify the |origin| server. static std::string CreateSPN(const GURL& origin); #if defined(NTLM_SSPI) HttpAuthSSPI auth_sspi_; +#elif defined(NTLM_PORTABLE) + ntlm::NtlmClient ntlm_client_; #endif #if defined(NTLM_PORTABLE) + static GetMSTimeProc get_ms_time_proc_; static GenerateRandomProc generate_random_proc_; static HostNameProc get_host_name_proc_; #endif diff --git a/chromium/net/http/http_auth_handler_ntlm_portable.cc b/chromium/net/http/http_auth_handler_ntlm_portable.cc index 38c73e5cedb..fe943575d25 100644 --- a/chromium/net/http/http_auth_handler_ntlm_portable.cc +++ b/chromium/net/http/http_auth_handler_ntlm_portable.cc @@ -4,574 +4,28 @@ #include "net/http/http_auth_handler_ntlm.h" -#include <stdlib.h> -// For gethostname -#if defined(OS_POSIX) -#include <unistd.h> -#elif defined(OS_WIN) -#include <winsock2.h> -#endif - -#include "base/md5.h" #include "base/rand_util.h" -#include "base/strings/string_util.h" -#include "base/strings/sys_string_conversions.h" -#include "base/strings/utf_string_conversions.h" +#include "base/time/time.h" #include "net/base/net_errors.h" #include "net/base/network_interfaces.h" -#include "net/ntlm/des.h" -#include "net/ntlm/md4.h" namespace net { -// Based on mozilla/security/manager/ssl/src/nsNTLMAuthModule.cpp, -// CVS rev. 1.14. -// -// TODO(wtc): -// - The IS_BIG_ENDIAN code is not tested. -// - Enable the logging code or just delete it. -// - Delete or comment out the LM code, which hasn't been tested and isn't -// being used. - -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is Mozilla. - * - * The Initial Developer of the Original Code is IBM Corporation. - * Portions created by IBM Corporation are Copyright (C) 2003 - * IBM Corporation. All Rights Reserved. - * - * Contributor(s): - * Darin Fisher <darin@meer.net> - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#if defined(ARCH_CPU_LITTLE_ENDIAN) -#define IS_LITTLE_ENDIAN 1 -#undef IS_BIG_ENDIAN -#elif defined(ARCH_CPU_BIG_ENDIAN) -#define IS_BIG_ENDIAN 1 -#undef IS_LITTLE_ENDIAN -#else -#error "Unknown endianness" -#endif - -#define NTLM_LOG(x) ((void)0) - -//----------------------------------------------------------------------------- -// This file contains a cross-platform NTLM authentication implementation. It -// is based on documentation from: http://davenport.sourceforge.net/ntlm.html -//----------------------------------------------------------------------------- - -enum { - NTLM_NegotiateUnicode = 0x00000001, - NTLM_NegotiateOEM = 0x00000002, - NTLM_RequestTarget = 0x00000004, - NTLM_Unknown1 = 0x00000008, - NTLM_NegotiateSign = 0x00000010, - NTLM_NegotiateSeal = 0x00000020, - NTLM_NegotiateDatagramStyle = 0x00000040, - NTLM_NegotiateLanManagerKey = 0x00000080, - NTLM_NegotiateNetware = 0x00000100, - NTLM_NegotiateNTLMKey = 0x00000200, - NTLM_Unknown2 = 0x00000400, - NTLM_Unknown3 = 0x00000800, - NTLM_NegotiateDomainSupplied = 0x00001000, - NTLM_NegotiateWorkstationSupplied = 0x00002000, - NTLM_NegotiateLocalCall = 0x00004000, - NTLM_NegotiateAlwaysSign = 0x00008000, - NTLM_TargetTypeDomain = 0x00010000, - NTLM_TargetTypeServer = 0x00020000, - NTLM_TargetTypeShare = 0x00040000, - NTLM_NegotiateNTLM2Key = 0x00080000, - NTLM_RequestInitResponse = 0x00100000, - NTLM_RequestAcceptResponse = 0x00200000, - NTLM_RequestNonNTSessionKey = 0x00400000, - NTLM_NegotiateTargetInfo = 0x00800000, - NTLM_Unknown4 = 0x01000000, - NTLM_Unknown5 = 0x02000000, - NTLM_Unknown6 = 0x04000000, - NTLM_Unknown7 = 0x08000000, - NTLM_Unknown8 = 0x10000000, - NTLM_Negotiate128 = 0x20000000, - NTLM_NegotiateKeyExchange = 0x40000000, - NTLM_Negotiate56 = 0x80000000 -}; - -// We send these flags with our type 1 message. -enum { - NTLM_TYPE1_FLAGS = - (NTLM_NegotiateUnicode | NTLM_NegotiateOEM | NTLM_RequestTarget | - NTLM_NegotiateNTLMKey | - NTLM_NegotiateAlwaysSign | - NTLM_NegotiateNTLM2Key) -}; - -static const char NTLM_SIGNATURE[] = "NTLMSSP"; -static const char NTLM_TYPE1_MARKER[] = {0x01, 0x00, 0x00, 0x00}; -static const char NTLM_TYPE2_MARKER[] = {0x02, 0x00, 0x00, 0x00}; -static const char NTLM_TYPE3_MARKER[] = {0x03, 0x00, 0x00, 0x00}; - -enum { - NTLM_TYPE1_HEADER_LEN = 32, - NTLM_TYPE2_HEADER_LEN = 32, - NTLM_TYPE3_HEADER_LEN = 64, - - LM_HASH_LEN = 16, - LM_RESP_LEN = 24, - - NTLM_HASH_LEN = 16, - NTLM_RESP_LEN = 24 -}; - -//----------------------------------------------------------------------------- - -#define LogFlags(x) ((void)0) -#define LogBuf(a, b, c) ((void)0) -#define LogToken(a, b, c) ((void)0) - -//----------------------------------------------------------------------------- - -// Byte order swapping. -#define SWAP16(x) ((((x)&0xff) << 8) | (((x) >> 8) & 0xff)) -#define SWAP32(x) ((SWAP16((x)&0xffff) << 16) | (SWAP16((x) >> 16))) - -static void* WriteBytes(void* buf, const void* data, uint32_t data_len) { - memcpy(buf, data, data_len); - return static_cast<char*>(buf) + data_len; -} - -static void* WriteDWORD(void* buf, uint32_t dword) { -#ifdef IS_BIG_ENDIAN - // NTLM uses little endian on the wire. - dword = SWAP32(dword); -#endif - return WriteBytes(buf, &dword, sizeof(dword)); -} - -static void* WriteSecBuf(void* buf, uint16_t length, uint32_t offset) { -#ifdef IS_BIG_ENDIAN - length = SWAP16(length); - offset = SWAP32(offset); -#endif - // Len: 2 bytes. - buf = WriteBytes(buf, &length, sizeof(length)); - // MaxLen: 2 bytes. The sender should set it to the value of Len. The - // recipient must ignore it. - buf = WriteBytes(buf, &length, sizeof(length)); - // BufferOffset: 4 bytes. - buf = WriteBytes(buf, &offset, sizeof(offset)); - return buf; -} - -#ifdef IS_BIG_ENDIAN -/** - * WriteUnicodeLE copies a unicode string from one buffer to another. The - * resulting unicode string is in little-endian format. The input string is - * assumed to be in the native endianness of the local machine. It is safe - * to pass the same buffer as both input and output, which is a handy way to - * convert the unicode buffer to little-endian on big-endian platforms. - */ -static void* WriteUnicodeLE(void* buf, - const base::char16* str, - uint32_t str_len) { - // Convert input string from BE to LE. - uint8_t* cursor = static_cast<uint8_t*>(buf); - const uint8_t* input = reinterpret_cast<const uint8_t*>(str); - for (uint32_t i = 0; i < str_len; ++i, input += 2, cursor += 2) { - // Allow for the case where |buf == str|. - uint8_t temp = input[0]; - cursor[0] = input[1]; - cursor[1] = temp; - } - return buf; -} -#endif - -static uint16_t ReadUint16(const uint8_t*& buf) { - uint16_t x = - (static_cast<uint16_t>(buf[0])) | (static_cast<uint16_t>(buf[1]) << 8); - buf += sizeof(x); - return x; -} +namespace { -static uint32_t ReadUint32(const uint8_t*& buf) { - uint32_t x = (static_cast<uint32_t>(buf[0])) | - (static_cast<uint32_t>(buf[1]) << 8) | - (static_cast<uint32_t>(buf[2]) << 16) | - (static_cast<uint32_t>(buf[3]) << 24); - buf += sizeof(x); - return x; +uint64_t GetMSTime() { + return base::Time::Now().since_origin().InMicroseconds() * 10; } -//----------------------------------------------------------------------------- - -// NTLM_Hash computes the NTLM hash of the given password. -// -// param password -// null-terminated unicode password. -// param hash -// 16-byte result buffer -static void NTLM_Hash(const base::string16& password, uint8_t* hash) { -#ifdef IS_BIG_ENDIAN - uint32_t len = password.length(); - uint8_t* passbuf; - - passbuf = static_cast<uint8_t*>(malloc(len * 2)); - WriteUnicodeLE(passbuf, password.data(), len); - weak_crypto::MD4Sum(passbuf, len * 2, hash); - - free(passbuf); -#else - weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), - password.length() * 2, hash); -#endif +void GenerateRandom(uint8_t* output, size_t n) { + base::RandBytes(output, n); } -//----------------------------------------------------------------------------- - -// LM_Response generates the LM response given a 16-byte password hash and the -// challenge from the Type-2 message. -// -// param hash -// 16-byte password hash -// param challenge -// 8-byte challenge from Type-2 message -// param response -// 24-byte buffer to contain the LM response upon return -static void LM_Response(const uint8_t* hash, - const uint8_t* challenge, - uint8_t* response) { - uint8_t keybytes[21], k1[8], k2[8], k3[8]; - - memcpy(keybytes, hash, 16); - memset(keybytes + 16, 0, 5); - - DESMakeKey(keybytes, k1); - DESMakeKey(keybytes + 7, k2); - DESMakeKey(keybytes + 14, k3); - - DESEncrypt(k1, challenge, response); - DESEncrypt(k2, challenge, response + 8); - DESEncrypt(k3, challenge, response + 16); -} - -//----------------------------------------------------------------------------- - -// Returns OK or a network error code. -static int GenerateType1Msg(void** out_buf, uint32_t* out_len) { - // - // Verify that buf_len is sufficient. - // - *out_len = NTLM_TYPE1_HEADER_LEN; - *out_buf = malloc(*out_len); - if (!*out_buf) - return ERR_OUT_OF_MEMORY; - - // - // Write out type 1 message. - // - void* cursor = *out_buf; - - // 0 : signature - cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); - - // 8 : marker - cursor = WriteBytes(cursor, NTLM_TYPE1_MARKER, sizeof(NTLM_TYPE1_MARKER)); - - // 12 : flags - cursor = WriteDWORD(cursor, NTLM_TYPE1_FLAGS); - - // - // NOTE: It is common for the domain and workstation fields to be empty. - // This is true of Win2k clients, and my guess is that there is - // little utility to sending these strings before the charset has - // been negotiated. We follow suite -- anyways, it doesn't hurt - // to save some bytes on the wire ;-) - // - - // 16 : supplied domain security buffer (empty) - cursor = WriteSecBuf(cursor, 0, 0); - - // 24 : supplied workstation security buffer (empty) - cursor = WriteSecBuf(cursor, 0, 0); - - return OK; -} - -struct Type2Msg { - uint32_t flags; // NTLM_Xxx bitwise combination - uint8_t challenge[8]; // 8 byte challenge - const void* target; // target string (type depends on flags) - uint32_t target_len; // target length in bytes -}; - -// Returns OK or a network error code. -// TODO(wtc): This function returns ERR_UNEXPECTED when the input message is -// invalid. We should return a better error code. -static int ParseType2Msg(const void* in_buf, uint32_t in_len, Type2Msg* msg) { - // Make sure in_buf is long enough to contain a meaningful type2 msg. - // - // 0 NTLMSSP Signature - // 8 NTLM Message Type - // 12 Target Name - // 20 Flags - // 24 Challenge - // 32 end of header, start of optional data blocks - // - if (in_len < NTLM_TYPE2_HEADER_LEN) - return ERR_UNEXPECTED; - - const uint8_t* cursor = (const uint8_t*)in_buf; - - // verify NTLMSSP signature - if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0) - return ERR_UNEXPECTED; - cursor += sizeof(NTLM_SIGNATURE); +} // namespace - // verify Type-2 marker - if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) - return ERR_UNEXPECTED; - cursor += sizeof(NTLM_TYPE2_MARKER); - - // read target name security buffer - uint32_t target_len = ReadUint16(cursor); - ReadUint16(cursor); // discard next 16-bit value - uint32_t offset = ReadUint32(cursor); // get offset from in_buf - msg->target_len = 0; - msg->target = NULL; - - // Target length 0 is valid and indicates no target information. - if (target_len != 0) { - // Check the offset / length combo is in range of the input buffer, - // including integer overflow checking. - if (target_len <= in_len && in_len - offset >= target_len) { - msg->target_len = target_len; - msg->target = ((const uint8_t*)in_buf) + offset; - } else { - // Reject a message with a non-zero target length that - // would cause an overflow. - return ERR_UNEXPECTED; - } - } - - // read flags - msg->flags = ReadUint32(cursor); - - // read challenge - memcpy(msg->challenge, cursor, sizeof(msg->challenge)); - cursor += sizeof(msg->challenge); - - NTLM_LOG(("NTLM type 2 message:\n")); - LogBuf("target", (const uint8_t*)msg->target, msg->target_len); - LogBuf("flags", (const uint8_t*)&msg->flags, 4); - LogFlags(msg->flags); - LogBuf("challenge", msg->challenge, sizeof(msg->challenge)); - - // We currently do not implement LMv2/NTLMv2 or NTLM2 responses, - // so we can ignore target information. We may want to enable - // support for these alternate mechanisms in the future. - return OK; -} - -static void GenerateRandom(uint8_t* output, size_t n) { - for (size_t i = 0; i < n; ++i) - output[i] = base::RandInt(0, 255); -} - -// Returns OK or a network error code. -static int GenerateType3Msg(const base::string16& domain, - const base::string16& username, - const base::string16& password, - const std::string& hostname, - const void* rand_8_bytes, - const void* in_buf, - uint32_t in_len, - void** out_buf, - uint32_t* out_len) { - // in_buf contains Type-2 msg (the challenge) from server. - - int rv; - Type2Msg msg; - - rv = ParseType2Msg(in_buf, in_len, &msg); - if (rv != OK) - return rv; - - bool unicode = (msg.flags & NTLM_NegotiateUnicode) != 0; - -// Temporary buffers for unicode strings -#ifdef IS_BIG_ENDIAN - base::string16 ucs_domain_buf, ucs_user_buf; -#endif - base::string16 ucs_host_buf; - // Temporary buffers for oem strings - std::string oem_domain_buf, oem_user_buf; - // Pointers and lengths for the string buffers; encoding is unicode if - // the "negotiate unicode" flag was set in the Type-2 message. - const void* domain_ptr; - const void* user_ptr; - const void* host_ptr; - uint32_t domain_len, user_len, host_len; - - // - // Get domain name. - // - if (unicode) { -#ifdef IS_BIG_ENDIAN - ucs_domain_buf = domain; - domain_ptr = ucs_domain_buf.data(); - domain_len = ucs_domain_buf.length() * 2; - WriteUnicodeLE(const_cast<void*>(domain_ptr), - (const base::char16*)domain_ptr, ucs_domain_buf.length()); -#else - domain_ptr = domain.data(); - domain_len = domain.length() * 2; -#endif - } else { - oem_domain_buf = base::SysWideToNativeMB(base::UTF16ToWide(domain)); - domain_ptr = oem_domain_buf.data(); - domain_len = oem_domain_buf.length(); - } - - // - // Get user name. - // - if (unicode) { -#ifdef IS_BIG_ENDIAN - ucs_user_buf = username; - user_ptr = ucs_user_buf.data(); - user_len = ucs_user_buf.length() * 2; - WriteUnicodeLE(const_cast<void*>(user_ptr), (const base::char16*)user_ptr, - ucs_user_buf.length()); -#else - user_ptr = username.data(); - user_len = username.length() * 2; -#endif - } else { - oem_user_buf = base::SysWideToNativeMB(base::UTF16ToWide(username)); - user_ptr = oem_user_buf.data(); - user_len = oem_user_buf.length(); - } - - // - // Get workstation name (use local machine's hostname). - // - if (unicode) { - // hostname is ASCII, so we can do a simple zero-pad expansion: - ucs_host_buf.assign(hostname.begin(), hostname.end()); - host_ptr = ucs_host_buf.data(); - host_len = ucs_host_buf.length() * 2; -#ifdef IS_BIG_ENDIAN - WriteUnicodeLE(const_cast<void*>(host_ptr), (const base::char16*)host_ptr, - ucs_host_buf.length()); -#endif - } else { - host_ptr = hostname.data(); - host_len = hostname.length(); - } - - // - // Now that we have generated all of the strings, we can allocate out_buf. - // - *out_len = NTLM_TYPE3_HEADER_LEN + host_len + domain_len + user_len + - LM_RESP_LEN + NTLM_RESP_LEN; - *out_buf = malloc(*out_len); - if (!*out_buf) - return ERR_OUT_OF_MEMORY; - - // - // Next, we compute the LM and NTLM responses. - // - uint8_t lm_resp[LM_RESP_LEN]; - uint8_t ntlm_resp[NTLM_RESP_LEN]; - uint8_t ntlm_hash[NTLM_HASH_LEN]; - - // compute NTLM2 session response - base::MD5Digest session_hash; - uint8_t temp[16]; - - memcpy(lm_resp, rand_8_bytes, 8); - memset(lm_resp + 8, 0, LM_RESP_LEN - 8); - - memcpy(temp, msg.challenge, 8); - memcpy(temp + 8, lm_resp, 8); - base::MD5Sum(temp, 16, &session_hash); - - NTLM_Hash(password, ntlm_hash); - LM_Response(ntlm_hash, session_hash.a, ntlm_resp); - - // - // Finally, we assemble the Type-3 msg :-) - // - void* cursor = *out_buf; - uint32_t offset; - - // 0 : signature - cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); - - // 8 : marker - cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER)); - - // 12 : LM response sec buf - offset = NTLM_TYPE3_HEADER_LEN + domain_len + user_len + host_len; - cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset); - memcpy(static_cast<uint8_t*>(*out_buf) + offset, lm_resp, LM_RESP_LEN); - - // 20 : NTLM response sec buf - offset += LM_RESP_LEN; - cursor = WriteSecBuf(cursor, NTLM_RESP_LEN, offset); - memcpy(static_cast<uint8_t*>(*out_buf) + offset, ntlm_resp, NTLM_RESP_LEN); - - // 28 : domain name sec buf - offset = NTLM_TYPE3_HEADER_LEN; - cursor = WriteSecBuf(cursor, domain_len, offset); - memcpy(static_cast<uint8_t*>(*out_buf) + offset, domain_ptr, domain_len); - - // 36 : user name sec buf - offset += domain_len; - cursor = WriteSecBuf(cursor, user_len, offset); - memcpy(static_cast<uint8_t*>(*out_buf) + offset, user_ptr, user_len); - - // 44 : workstation (host) name sec buf - offset += user_len; - cursor = WriteSecBuf(cursor, host_len, offset); - memcpy(static_cast<uint8_t*>(*out_buf) + offset, host_ptr, host_len); - - // 52 : session key sec buf (not used) - cursor = WriteSecBuf(cursor, 0, 0); - - // 60 : negotiated flags - cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS); - - return OK; -} - -// NTLM authentication is specified in "NTLM Over HTTP Protocol Specification" -// [MS-NTHT]. +// static +HttpAuthHandlerNTLM::GetMSTimeProc HttpAuthHandlerNTLM::get_ms_time_proc_ = + GetMSTime; // static HttpAuthHandlerNTLM::GenerateRandomProc @@ -581,7 +35,8 @@ HttpAuthHandlerNTLM::GenerateRandomProc HttpAuthHandlerNTLM::HostNameProc HttpAuthHandlerNTLM::get_host_name_proc_ = GetHostName; -HttpAuthHandlerNTLM::HttpAuthHandlerNTLM() {} +HttpAuthHandlerNTLM::HttpAuthHandlerNTLM() + : ntlm_client_(ntlm::NtlmFeatures(false)) {} bool HttpAuthHandlerNTLM::NeedsIdentity() { // This gets called for each round-trip. Only require identity on @@ -603,6 +58,14 @@ int HttpAuthHandlerNTLM::InitializeBeforeFirstChallenge() { HttpAuthHandlerNTLM::~HttpAuthHandlerNTLM() {} // static +HttpAuthHandlerNTLM::GetMSTimeProc HttpAuthHandlerNTLM::SetGetMSTimeProc( + GetMSTimeProc proc) { + GetMSTimeProc old_proc = get_ms_time_proc_; + get_ms_time_proc_ = proc; + return old_proc; +} + +// static HttpAuthHandlerNTLM::GenerateRandomProc HttpAuthHandlerNTLM::SetGenerateRandomProc(GenerateRandomProc proc) { GenerateRandomProc old_proc = generate_random_proc_; @@ -622,31 +85,25 @@ HttpAuthHandlerNTLM::Factory::Factory() {} HttpAuthHandlerNTLM::Factory::~Factory() {} -int HttpAuthHandlerNTLM::GetNextToken(const void* in_token, - uint32_t in_token_len, - void** out_token, - uint32_t* out_token_len) { - int rv = 0; - - // If in_token is non-null, then assume it contains a type 2 message... - if (in_token) { - LogToken("in-token", in_token, in_token_len); - std::string hostname = get_host_name_proc_(); - if (hostname.empty()) - return ERR_UNEXPECTED; - uint8_t rand_buf[8]; - generate_random_proc_(rand_buf, 8); - rv = GenerateType3Msg(domain_, credentials_.username(), - credentials_.password(), hostname, rand_buf, in_token, - in_token_len, out_token, out_token_len); - } else { - rv = GenerateType1Msg(out_token, out_token_len); +ntlm::Buffer HttpAuthHandlerNTLM::GetNextToken(const ntlm::Buffer& in_token) { + // If in_token is non-empty, then assume it contains a challenge message, + // and generate the Authenticate message in reply. Otherwise return the + // Negotiate message. + if (in_token.empty()) { + return ntlm_client_.GetNegotiateMessage(); } - if (rv == OK) - LogToken("out-token", *out_token, *out_token_len); - - return rv; + std::string hostname = get_host_name_proc_(); + if (hostname.empty()) + return ntlm::Buffer(); + uint8_t client_challenge[8]; + generate_random_proc_(client_challenge, 8); + uint64_t client_time = get_ms_time_proc_(); + + return ntlm_client_.GenerateAuthenticateMessage( + domain_, credentials_.username(), credentials_.password(), hostname, + channel_bindings_, CreateSPN(origin_), client_time, client_challenge, + in_token); } int HttpAuthHandlerNTLM::Factory::CreateAuthHandler( diff --git a/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc b/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc index a379c717dc8..36294e8b6f2 100644 --- a/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc +++ b/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc @@ -5,7 +5,6 @@ #include <string> #include "base/base64.h" -#include "base/memory/ptr_util.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "net/base/test_completion_callback.h" @@ -142,6 +141,11 @@ class HttpAuthHandlerNtlmPortableTest : public PlatformTest { memset(output, 0xaa, n); } + static uint64_t MockGetMSTime() { + // Tue, 23 May 2017 20:13:07 +0000 + return 131400439870000000; + } + static std::string MockGetHostName() { return ntlm::test::kHostnameAscii; } private: @@ -174,7 +178,7 @@ TEST_F(HttpAuthHandlerNtlmPortableTest, VerifyType1Message) { // The type 1 message generated is always the same. The only variable // part of the message is the flags and this implementation always offers // the same set of flags. - ASSERT_EQ("NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=", token); + ASSERT_EQ("NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAgAAAAAAAAACAAAAA=", token); } TEST_F(HttpAuthHandlerNtlmPortableTest, EmptyTokenFails) { @@ -205,373 +209,27 @@ TEST_F(HttpAuthHandlerNtlmPortableTest, CantChangeSchemeMidway) { HandleAnotherChallenge("Negotiate SSdtIG5vdCBhIHJlYWwgdG9rZW4h")); } -TEST_F(HttpAuthHandlerNtlmPortableTest, MinimalStructurallyValidType2) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader( - ntlm::test::kMinChallengeMessage, ntlm::kChallengeHeaderLen))); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type2MessageTooShort) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - uint8_t raw[31]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 31); - - // Fail because the minimum size valid message is 32 bytes. - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(ERR_UNEXPECTED, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type2MessageWrongSignature) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - uint8_t raw[32]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the default valid message to overwrite the last byte of the - // signature. - raw[7] = 0xff; - - // Fail because the first 8 bytes don't match "NTLMSSP\0" - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(ERR_UNEXPECTED, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type2WrongMessageType) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - uint8_t raw[32]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the message type so it is not 0x00000002 - raw[8] = 0x03; - - // Fail because the message type should be MessageType::kChallenge - // (0x00000002) - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(ERR_UNEXPECTED, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type2MessageWithNoTargetName) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // The spec (2.2.1.2) states that the length SHOULD be 0 and the offset - // SHOULD be where the payload would be if it was present. This is the - // expected response from a compliant server when no target name is sent. - // In reality the offset should always be ignored if the length is zero. - // Also implementations often just write zeros. - uint8_t raw[32]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the default valid message to overwrite the offset to zero. - raw[16] = 0x00; - - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type2MessageWithTargetName) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // One extra byte is provided for target name. - uint8_t raw[33]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the default valid message to indicate 1 byte is present in the - // target name payload. - raw[12] = 0x01; - raw[14] = 0x01; - // Put something in the target name. - raw[32] = 'Z'; - - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, NoTargetNameOverflowFromOffset) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - uint8_t raw[32]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the default valid message to claim that the target name field is 1 - // byte long overrunning the end of the message message. - raw[12] = 0x01; - raw[14] = 0x01; - - // The above malformed message could cause an implementation to read outside - // the message buffer because the offset is past the end of the message. - // Verify it gets rejected. - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(ERR_UNEXPECTED, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, NoTargetNameOverflowFromLength) { - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // Message has 1 extra byte of space after the header for the target name. - // One extra byte is provided for target name. - uint8_t raw[33]; - memcpy(raw, ntlm::test::kMinChallengeMessage, 32); - // Modify the default valid message to indicate 2 bytes are present in the - // target name payload (however there is only space for 1). - raw[12] = 0x02; - raw[14] = 0x02; - // Put something in the target name. - raw[32] = 'Z'; - - // The above malformed message could cause an implementation to read outside - // the message buffer because the length is longer than available space. - // Verify it gets rejected. - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(raw, arraysize(raw)))); - ASSERT_EQ(ERR_UNEXPECTED, GetGenerateAuthTokenResult()); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type3RespectsUnicode) { - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockRandom, - MockGetHostName); - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // Generate the type 2 message from the server. - ntlm::NtlmBufferWriter writer(ntlm::kChallengeHeaderLen); - ASSERT_TRUE(writer.WriteMessageHeader(ntlm::MessageType::kChallenge)); - // No target name. It is never used. - ASSERT_TRUE(writer.WriteSecurityBuffer( - ntlm::SecurityBuffer(ntlm::kChallengeHeaderLen, 0))); - // Set the unicode flag. - ASSERT_TRUE(writer.WriteFlags(ntlm::NegotiateFlags::kUnicode)); - - std::string token; - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(writer.GetBuffer()))); - ASSERT_EQ(OK, GenerateAuthToken(&token)); - - // Validate the type 3 message - std::string decoded; - ASSERT_TRUE(DecodeChallenge(token, &decoded)); - ntlm::NtlmBufferReader reader(decoded); - ASSERT_TRUE(reader.MatchMessageHeader(ntlm::MessageType::kAuthenticate)); - - // Skip the LM and NTLM Hash fields. This test isn't testing that. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - base::string16 domain; - base::string16 username; - base::string16 hostname; - ReadString16Payload(&reader, &domain); - ASSERT_EQ(ntlm::test::kNtlmDomain, domain); - ReadString16Payload(&reader, &username); - ASSERT_EQ(ntlm::test::kUser, username); - ReadString16Payload(&reader, &hostname); - ASSERT_EQ(ntlm::test::kHostname, hostname); - - // The session key is not used for the NTLM scheme in HTTP. Since - // NTLMSSP_NEGOTIATE_KEY_EXCH was not sent this is empty. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - - // Verify the unicode flag is set. - ntlm::NegotiateFlags flags; - ASSERT_TRUE(reader.ReadFlags(&flags)); - ASSERT_EQ(ntlm::NegotiateFlags::kUnicode, - flags & ntlm::NegotiateFlags::kUnicode); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type3WithoutUnicode) { - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockRandom, - MockGetHostName); - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // Generate the type 2 message from the server. - ntlm::NtlmBufferWriter writer(ntlm::kChallengeHeaderLen); - ASSERT_TRUE(writer.WriteMessageHeader(ntlm::MessageType::kChallenge)); - // No target name. It is never used. - ASSERT_TRUE(writer.WriteSecurityBuffer( - ntlm::SecurityBuffer(ntlm::kChallengeHeaderLen, 0))); - // Set the OEM flag. - ASSERT_TRUE(writer.WriteFlags(ntlm::NegotiateFlags::kOem)); - - std::string token; - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(writer.GetBuffer()))); - ASSERT_EQ(OK, GenerateAuthToken(&token)); - - // Validate the type 3 message - std::string decoded; - ASSERT_TRUE(DecodeChallenge(token, &decoded)); - ntlm::NtlmBufferReader reader(decoded); - ASSERT_TRUE(reader.MatchMessageHeader(ntlm::MessageType::kAuthenticate)); - - // Skip the 2 hash fields. This test isn't testing that. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - std::string domain; - std::string username; - std::string hostname; - ASSERT_TRUE(ReadStringPayload(&reader, &domain)); - ASSERT_EQ(ntlm::test::kNtlmDomainAscii, domain); - ASSERT_TRUE(ReadStringPayload(&reader, &username)); - ASSERT_EQ(ntlm::test::kUserAscii, username); - ASSERT_TRUE(ReadStringPayload(&reader, &hostname)); - ASSERT_EQ(ntlm::test::kHostnameAscii, hostname); - - // The session key is not used for the NTLM scheme in HTTP. Since - // NTLMSSP_NEGOTIATE_KEY_EXCH was not sent this is empty. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - - // Verify the unicode flag is not set and OEM flag is. - ntlm::NegotiateFlags flags; - ASSERT_TRUE(reader.ReadFlags(&flags)); - ASSERT_EQ(ntlm::NegotiateFlags::kNone, - flags & ntlm::NegotiateFlags::kUnicode); - ASSERT_EQ(ntlm::NegotiateFlags::kOem, flags & ntlm::NegotiateFlags::kOem); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type3UnicodeNoSessionSecurity) { - // Verify that the client won't be downgraded if the server clears - // the session security flag. - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockRandom, - MockGetHostName); - ASSERT_EQ(OK, CreateHandler()); - ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - - // Generate the type 2 message from the server. - ntlm::NtlmBufferWriter writer(ntlm::kChallengeHeaderLen); - ASSERT_TRUE(writer.WriteMessageHeader(ntlm::MessageType::kChallenge)); - // No target name. It is never used. - ASSERT_TRUE(writer.WriteSecurityBuffer( - ntlm::SecurityBuffer(ntlm::kChallengeHeaderLen, 0))); - // Set the unicode but not the session security flag. - ASSERT_TRUE(writer.WriteFlags(ntlm::NegotiateFlags::kUnicode)); - - ASSERT_TRUE( - writer.WriteBytes(ntlm::test::kServerChallenge, ntlm::kChallengeLen)); - ASSERT_TRUE(writer.IsEndOfBuffer()); - - std::string token; - ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(writer.GetBuffer()))); - ASSERT_EQ(OK, GenerateAuthToken(&token)); - - // Validate the type 3 message - std::string decoded; - ASSERT_TRUE(DecodeChallenge(token, &decoded)); - ntlm::NtlmBufferReader reader(decoded); - ASSERT_TRUE(reader.MatchMessageHeader(ntlm::MessageType::kAuthenticate)); - - // Read the LM and NTLM Response Payloads. - uint8_t actual_lm_response[ntlm::kResponseLenV1]; - uint8_t actual_ntlm_response[ntlm::kResponseLenV1]; - ASSERT_TRUE( - ReadBytesPayload(&reader, actual_lm_response, ntlm::kResponseLenV1)); - ASSERT_TRUE( - ReadBytesPayload(&reader, actual_ntlm_response, ntlm::kResponseLenV1)); - - // Verify that the client still generated a response that uses - // session security. - ASSERT_EQ(0, memcmp(ntlm::test::kExpectedLmResponseWithV1SS, - actual_lm_response, ntlm::kResponseLenV1)); - ASSERT_EQ(0, memcmp(ntlm::test::kExpectedNtlmResponseWithV1SS, - actual_ntlm_response, ntlm::kResponseLenV1)); - - base::string16 domain; - base::string16 username; - base::string16 hostname; - ReadString16Payload(&reader, &domain); - ASSERT_EQ(ntlm::test::kNtlmDomain, domain); - ReadString16Payload(&reader, &username); - ASSERT_EQ(ntlm::test::kUser, username); - ReadString16Payload(&reader, &hostname); - ASSERT_EQ(ntlm::test::kHostname, hostname); - - // The session key is not used for the NTLM scheme in HTTP. Since - // NTLMSSP_NEGOTIATE_KEY_EXCH was not sent this is empty. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - - // Verify the unicode flag is set. - ntlm::NegotiateFlags flags; - ASSERT_TRUE(reader.ReadFlags(&flags)); - ASSERT_EQ(ntlm::NegotiateFlags::kUnicode, - flags & ntlm::NegotiateFlags::kUnicode); -} - -TEST_F(HttpAuthHandlerNtlmPortableTest, Type3UnicodeWithSessionSecurity) { - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockRandom, +TEST_F(HttpAuthHandlerNtlmPortableTest, NtlmV1AuthenticationSuccess) { + HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGetMSTime, MockRandom, MockGetHostName); ASSERT_EQ(OK, CreateHandler()); ASSERT_EQ(OK, GetGenerateAuthTokenResult()); - // Generate the type 2 message from the server. - ntlm::NtlmBufferWriter writer(ntlm::kChallengeHeaderLen); - ASSERT_TRUE(writer.WriteMessageHeader(ntlm::MessageType::kChallenge)); - // No target name. It is never used. - ASSERT_TRUE(writer.WriteSecurityBuffer( - ntlm::SecurityBuffer(ntlm::kChallengeHeaderLen, 0))); - // Set the unicode and session security flag. - ASSERT_TRUE( - writer.WriteFlags((ntlm::NegotiateFlags::kUnicode | - ntlm::NegotiateFlags::kExtendedSessionSecurity))); - - ASSERT_TRUE( - writer.WriteBytes(ntlm::test::kServerChallenge, ntlm::kChallengeLen)); - ASSERT_TRUE(writer.IsEndOfBuffer()); - std::string token; ASSERT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, - HandleAnotherChallenge(CreateNtlmAuthHeader(writer.GetBuffer()))); + HandleAnotherChallenge( + CreateNtlmAuthHeader(ntlm::test::kChallengeMsgV1, + arraysize(ntlm::test::kChallengeMsgV1)))); ASSERT_EQ(OK, GenerateAuthToken(&token)); - // Validate the type 3 message + // Validate the authenticate message std::string decoded; ASSERT_TRUE(DecodeChallenge(token, &decoded)); - ntlm::NtlmBufferReader reader(decoded); - ASSERT_TRUE(reader.MatchMessageHeader(ntlm::MessageType::kAuthenticate)); - - // Read the LM and NTLM Response Payloads. - uint8_t actual_lm_response[ntlm::kResponseLenV1]; - uint8_t actual_ntlm_response[ntlm::kResponseLenV1]; - ASSERT_TRUE( - ReadBytesPayload(&reader, actual_lm_response, ntlm::kResponseLenV1)); - ASSERT_TRUE( - ReadBytesPayload(&reader, actual_ntlm_response, ntlm::kResponseLenV1)); - - ASSERT_EQ(0, memcmp(ntlm::test::kExpectedLmResponseWithV1SS, - actual_lm_response, ntlm::kResponseLenV1)); - ASSERT_EQ(0, memcmp(ntlm::test::kExpectedNtlmResponseWithV1SS, - actual_ntlm_response, ntlm::kResponseLenV1)); - - base::string16 domain; - base::string16 username; - base::string16 hostname; - ReadString16Payload(&reader, &domain); - ASSERT_EQ(ntlm::test::kNtlmDomain, domain); - ReadString16Payload(&reader, &username); - ASSERT_EQ(ntlm::test::kUser, username); - ReadString16Payload(&reader, &hostname); - ASSERT_EQ(ntlm::test::kHostname, hostname); - - // The session key is not used for the NTLM scheme in HTTP. Since - // NTLMSSP_NEGOTIATE_KEY_EXCH was not sent this is empty. - ASSERT_TRUE(reader.SkipSecurityBufferWithValidation()); - - // Verify the unicode flag is set. - ntlm::NegotiateFlags flags; - ASSERT_TRUE(reader.ReadFlags(&flags)); - ASSERT_EQ(ntlm::NegotiateFlags::kUnicode, - flags & ntlm::NegotiateFlags::kUnicode); + ASSERT_EQ(arraysize(ntlm::test::kExpectedAuthenticateMsgSpecResponseV1), + decoded.size()); + ASSERT_EQ(0, memcmp(decoded.data(), + ntlm::test::kExpectedAuthenticateMsgSpecResponseV1, + decoded.size())); } } // namespace net diff --git a/chromium/net/http/http_auth_preferences.cc b/chromium/net/http/http_auth_preferences.cc index c9b2d32a54b..ba9198b195f 100644 --- a/chromium/net/http/http_auth_preferences.cc +++ b/chromium/net/http/http_auth_preferences.cc @@ -2,16 +2,18 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "net/http/http_auth_preferences.h" + #include "base/strings/string_split.h" +#include "build/build_config.h" #include "net/http/http_auth_filter.h" -#include "net/http/http_auth_preferences.h" #include "net/http/url_security_manager.h" namespace net { HttpAuthPreferences::HttpAuthPreferences( const std::vector<std::string>& auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , const std::string& gssapi_library_name #endif @@ -23,7 +25,7 @@ HttpAuthPreferences::HttpAuthPreferences( : auth_schemes_(auth_schemes.begin(), auth_schemes.end()), negotiate_disable_cname_lookup_(false), negotiate_enable_port_(false), -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) gssapi_library_name_(gssapi_library_name), #endif #if defined(OS_CHROMEOS) @@ -51,7 +53,7 @@ std::string HttpAuthPreferences::AuthAndroidNegotiateAccountType() const { return auth_android_negotiate_account_type_; } #endif -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) std::string HttpAuthPreferences::GssapiLibraryName() const { return gssapi_library_name_; } diff --git a/chromium/net/http/http_auth_preferences.h b/chromium/net/http/http_auth_preferences.h index a77b193d159..b0deb5666d2 100644 --- a/chromium/net/http/http_auth_preferences.h +++ b/chromium/net/http/http_auth_preferences.h @@ -11,6 +11,7 @@ #include <vector> #include "base/macros.h" +#include "build/build_config.h" #include "net/base/net_export.h" #include "url/gurl.h" @@ -23,7 +24,7 @@ class URLSecurityManager; class NET_EXPORT HttpAuthPreferences { public: HttpAuthPreferences(const std::vector<std::string>& auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , const std::string& gssapi_library_name #endif @@ -40,7 +41,7 @@ class NET_EXPORT HttpAuthPreferences { #if defined(OS_ANDROID) virtual std::string AuthAndroidNegotiateAccountType() const; #endif -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) virtual std::string GssapiLibraryName() const; #endif #if defined(OS_CHROMEOS) @@ -78,7 +79,7 @@ class NET_EXPORT HttpAuthPreferences { #if defined(OS_ANDROID) std::string auth_android_negotiate_account_type_; #endif -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) // GSSAPI library name cannot change after startup, since changing it // requires unloading the existing GSSAPI library, which could cause all // sorts of problems for, for example, active Negotiate transactions. diff --git a/chromium/net/http/http_auth_preferences_unittest.cc b/chromium/net/http/http_auth_preferences_unittest.cc index f59f00f5892..174089c3ede 100644 --- a/chromium/net/http/http_auth_preferences_unittest.cc +++ b/chromium/net/http/http_auth_preferences_unittest.cc @@ -11,6 +11,7 @@ #include "base/run_loop.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread.h" +#include "build/build_config.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -20,7 +21,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) { std::vector<std::string> expected_schemes_vector( expected_schemes, expected_schemes + arraysize(expected_schemes)); HttpAuthPreferences http_auth_preferences(expected_schemes_vector -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif @@ -37,7 +38,7 @@ TEST(HttpAuthPreferencesTest, AuthSchemes) { TEST(HttpAuthPreferencesTest, DisableCnameLookup) { std::vector<std::string> auth_schemes; HttpAuthPreferences http_auth_preferences(auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif @@ -54,7 +55,7 @@ TEST(HttpAuthPreferencesTest, DisableCnameLookup) { TEST(HttpAuthPreferencesTest, NegotiateEnablePort) { std::vector<std::string> auth_schemes; HttpAuthPreferences http_auth_preferences(auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif @@ -72,7 +73,7 @@ TEST(HttpAuthPreferencesTest, NegotiateEnablePort) { TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) { std::vector<std::string> auth_schemes; HttpAuthPreferences http_auth_preferences(auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif @@ -89,15 +90,10 @@ TEST(HttpAuthPreferencesTest, AuthAndroidhNegotiateAccountType) { } #endif -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) TEST(HttpAuthPreferencesTest, GssApiLibraryName) { std::vector<std::string> AuthSchemes; - HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar" -#if defined(OS_CHROMEOS) - , - true -#endif - ); + HttpAuthPreferences http_auth_preferences(AuthSchemes, "bar"); EXPECT_EQ(std::string("bar"), http_auth_preferences.GssapiLibraryName()); } #endif @@ -105,7 +101,7 @@ TEST(HttpAuthPreferencesTest, GssApiLibraryName) { #if defined(OS_CHROMEOS) TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) { std::vector<std::string> AuthSchemes; - HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", true); + HttpAuthPreferences http_auth_preferences(AuthSchemes, true); EXPECT_TRUE(http_auth_preferences.AllowGssapiLibraryLoad()); } #endif @@ -113,7 +109,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadTrue) { #if defined(OS_CHROMEOS) TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) { std::vector<std::string> AuthSchemes; - HttpAuthPreferences http_auth_preferences(AuthSchemes, "foo", false); + HttpAuthPreferences http_auth_preferences(AuthSchemes, false); EXPECT_FALSE(http_auth_preferences.AllowGssapiLibraryLoad()); } #endif @@ -121,7 +117,7 @@ TEST(HttpAuthPreferencesTest, AllowGssapiLibraryLoadFalse) { TEST(HttpAuthPreferencesTest, AuthServerWhitelist) { std::vector<std::string> auth_schemes; HttpAuthPreferences http_auth_preferences(auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif @@ -139,7 +135,7 @@ TEST(HttpAuthPreferencesTest, AuthServerWhitelist) { TEST(HttpAuthPreferencesTest, AuthDelegateWhitelist) { std::vector<std::string> auth_schemes; HttpAuthPreferences http_auth_preferences(auth_schemes -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , "" #endif diff --git a/chromium/net/http/http_cache.cc b/chromium/net/http/http_cache.cc index 1b404a79ad6..283359bf5ef 100644 --- a/chromium/net/http/http_cache.cc +++ b/chromium/net/http/http_cache.cc @@ -67,8 +67,8 @@ HttpCache::DefaultBackend::~DefaultBackend() {} // static std::unique_ptr<HttpCache::BackendFactory> HttpCache::DefaultBackend::InMemory( int max_bytes) { - return base::WrapUnique(new DefaultBackend( - MEMORY_CACHE, CACHE_BACKEND_DEFAULT, base::FilePath(), max_bytes)); + return std::make_unique<DefaultBackend>(MEMORY_CACHE, CACHE_BACKEND_DEFAULT, + base::FilePath(), max_bytes); } int HttpCache::DefaultBackend::CreateBackend( diff --git a/chromium/net/http/http_cache_lookup_manager.cc b/chromium/net/http/http_cache_lookup_manager.cc index e1c43eb57db..804c3843acd 100644 --- a/chromium/net/http/http_cache_lookup_manager.cc +++ b/chromium/net/http/http_cache_lookup_manager.cc @@ -4,7 +4,8 @@ #include "net/http/http_cache_lookup_manager.h" -#include "base/memory/ptr_util.h" +#include <memory> + #include "base/values.h" #include "net/base/load_flags.h" diff --git a/chromium/net/http/http_cache_lookup_manager_unittest.cc b/chromium/net/http/http_cache_lookup_manager_unittest.cc index 81b2bfec6c5..d3d8268a81d 100644 --- a/chromium/net/http/http_cache_lookup_manager_unittest.cc +++ b/chromium/net/http/http_cache_lookup_manager_unittest.cc @@ -2,9 +2,9 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include <memory> #include <string> -#include "base/memory/ptr_util.h" #include "base/run_loop.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" diff --git a/chromium/net/http/http_cache_transaction.cc b/chromium/net/http/http_cache_transaction.cc index 8912d2eb320..d87bcd65335 100644 --- a/chromium/net/http/http_cache_transaction.cc +++ b/chromium/net/http/http_cache_transaction.cc @@ -1936,12 +1936,12 @@ int HttpCache::Transaction::DoFinishHeaders(int result) { TransitionToState(STATE_FINISH_HEADERS_COMPLETE); - // If it was an auth failure or 416, this transaction should continue to be + // If it was an auth failure, this transaction should continue to be // headers_transaction till consumer takes an action, so no need to do // anything now. - if (auth_response_.headers.get() || - (new_response_ && new_response_->headers && - new_response_->headers->response_code() == 416)) + // TODO(crbug.com/740947). See the issue for a suggestion for cleaning the + // state machine to be able to remove this condition. + if (auth_response_.headers.get()) return OK; // If the transaction needs to wait because another transaction is still diff --git a/chromium/net/http/http_cache_unittest.cc b/chromium/net/http/http_cache_unittest.cc index 89cfbab892c..5a303baa688 100644 --- a/chromium/net/http/http_cache_unittest.cc +++ b/chromium/net/http/http_cache_unittest.cc @@ -67,6 +67,13 @@ using net::test::IsError; using net::test::IsOk; +using testing::Gt; +using testing::AllOf; +using testing::Contains; +using testing::Eq; +using testing::Field; +using testing::Contains; +using testing::ByRef; using base::Time; @@ -9584,18 +9591,14 @@ TEST_P(HttpCacheMemoryDumpTest, DumpMemoryStats) { process_memory_dump->GetAllocatorDump( "net/url_request_context/main/0x123/http_cache"); ASSERT_NE(nullptr, dump); - std::unique_ptr<base::Value> raw_attrs = - dump->attributes_for_testing()->ToBaseValue(); - base::DictionaryValue* attrs; - ASSERT_TRUE(raw_attrs->GetAsDictionary(&attrs)); - base::DictionaryValue* size_attrs; - ASSERT_TRUE(attrs->GetDictionary( - base::trace_event::MemoryAllocatorDump::kNameSize, &size_attrs)); - std::string size; - ASSERT_TRUE(size_attrs->GetString("value", &size)); - int actual_size = 0; - ASSERT_TRUE(base::HexStringToInt(size, &actual_size)); - ASSERT_LT(0, actual_size); + + using Entry = base::trace_event::MemoryAllocatorDump::Entry; + const std::vector<Entry>& entries = dump->entries(); + ASSERT_THAT(entries, + Contains(AllOf( + Field(&Entry::name, + Eq(base::trace_event::MemoryAllocatorDump::kNameSize)), + Field(&Entry::value_uint64, Gt(0UL))))); } } // namespace net diff --git a/chromium/net/http/http_network_session.cc b/chromium/net/http/http_network_session.cc index d85516b37b2..6f8a9e39a06 100644 --- a/chromium/net/http/http_network_session.cc +++ b/chromium/net/http/http_network_session.cc @@ -13,8 +13,6 @@ #include "base/debug/stack_trace.h" #include "base/logging.h" #include "base/memory/memory_coordinator_client_registry.h" -#include "base/memory/ptr_util.h" -#include "base/profiler/scoped_tracker.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" @@ -102,7 +100,7 @@ HttpNetworkSession::Params::Params() ignore_certificate_errors(false), testing_fixed_http_port(0), testing_fixed_https_port(0), - enable_tcp_fast_open_for_ssl(false), + tcp_fast_open_mode(TcpFastOpenMode::DISABLED), enable_user_alternate_protocol_ports(false), enable_spdy_ping_based_connection_checking(true), enable_http2(true), @@ -114,9 +112,9 @@ HttpNetworkSession::Params::Params() quic_max_server_configs_stored_in_properties(0u), mark_quic_broken_when_network_blackholes(false), retry_without_alt_svc_on_quic_errors(false), - quic_close_sessions_on_ip_change(false), quic_idle_connection_timeout_seconds(kIdleConnectionTimeoutSeconds), quic_reduced_ping_timeout_seconds(kPingTimeoutSecs), + quic_connect_using_default_network(false), quic_migrate_sessions_on_network_change(false), quic_migrate_sessions_early(false), quic_allow_server_migration(false), @@ -188,14 +186,13 @@ HttpNetworkSession::HttpNetworkSession(const Params& params, params.quic_max_packet_length, params.quic_user_agent_id, params.quic_max_server_configs_stored_in_properties > 0, - params.quic_close_sessions_on_ip_change, params.mark_quic_broken_when_network_blackholes, params.quic_idle_connection_timeout_seconds, params.quic_reduced_ping_timeout_seconds, + params.quic_connect_using_default_network, params.quic_migrate_sessions_on_network_change, params.quic_migrate_sessions_early, params.quic_allow_server_migration, - params.quic_force_hol_blocking, params.quic_race_cert_verification, params.quic_estimate_initial_rtt, params.quic_connection_options, @@ -337,8 +334,6 @@ std::unique_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const { params_.quic_race_cert_verification); dict->SetBoolean("disable_bidirectional_streams", params_.quic_disable_bidirectional_streams); - dict->SetBoolean("close_sessions_on_ip_change", - params_.quic_close_sessions_on_ip_change); dict->SetBoolean("migrate_sessions_on_network_change", params_.quic_migrate_sessions_on_network_change); dict->SetBoolean("migrate_sessions_early", diff --git a/chromium/net/http/http_network_session.h b/chromium/net/http/http_network_session.h index 19411c11a07..ebbf81a60b0 100644 --- a/chromium/net/http/http_network_session.h +++ b/chromium/net/http/http_network_session.h @@ -84,12 +84,22 @@ class NET_EXPORT HttpNetworkSession : public base::MemoryCoordinatorClient { Params(const Params& other); ~Params(); + enum class TcpFastOpenMode { + DISABLED, + // If true, TCP fast open will be used for all HTTPS connections. + ENABLED_FOR_SSL_ONLY, + // TCP fast open will be used for all HTTP/HTTPS connections. + // TODO(mmenke): With 0-RTT session resumption, does this option make + // sense? + ENABLED_FOR_ALL, + }; + bool enable_server_push_cancellation; HostMappingRules host_mapping_rules; bool ignore_certificate_errors; uint16_t testing_fixed_http_port; uint16_t testing_fixed_https_port; - bool enable_tcp_fast_open_for_ssl; + TcpFastOpenMode tcp_fast_open_mode; bool enable_user_alternate_protocol_ports; // Use SPDY ping frames to test for connection health after idle. @@ -110,7 +120,7 @@ class NET_EXPORT HttpNetworkSession : public base::MemoryCoordinatorClient { // QUIC runtime configuration options. // Versions of QUIC which may be used. - QuicVersionVector quic_supported_versions; + QuicTransportVersionVector quic_supported_versions; // User agent description to send in the QUIC handshake. std::string quic_user_agent_id; // Limit on the size of QUIC packets. @@ -134,13 +144,13 @@ class NET_EXPORT HttpNetworkSession : public base::MemoryCoordinatorClient { // Retry requests which fail with QUIC_PROTOCOL_ERROR, and mark QUIC // broken if the retry succeeds. bool retry_without_alt_svc_on_quic_errors; - // If true, all QUIC sessions are closed when any local IP address changes. - bool quic_close_sessions_on_ip_change; // Specifies QUIC idle connection state lifetime. int quic_idle_connection_timeout_seconds; // Specifies the reduced ping timeout subsequent connections should use when // a connection was timed out with open streams. int quic_reduced_ping_timeout_seconds; + // If true, QUIC will attempt to explicitly use default network for sockets. + bool quic_connect_using_default_network; // If true, active QUIC sessions may be migrated onto a new network when // the platform indicates that the default network is changing. bool quic_migrate_sessions_on_network_change; diff --git a/chromium/net/http/http_network_transaction.cc b/chromium/net/http/http_network_transaction.cc index 2290f32d2c4..70bd489b669 100644 --- a/chromium/net/http/http_network_transaction.cc +++ b/chromium/net/http/http_network_transaction.cc @@ -16,7 +16,6 @@ #include "base/metrics/field_trial.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" -#include "base/profiler/scoped_tracker.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" @@ -225,6 +224,13 @@ void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) { DCHECK(HaveAuth(target)); DCHECK(!stream_request_.get()); + // Authorization schemes incompatible with HTTP/2 are unsupported for proxies. + if (target == HttpAuth::AUTH_SERVER && + auth_controllers_[target]->NeedsHTTP11()) { + session_->http_server_properties()->SetHTTP11Required( + HostPortPair::FromURL(request_->url)); + } + bool keep_alive = false; // Even if the server says the connection is keep-alive, we have to be // able to find the end of each response in order to reuse the connection. @@ -853,11 +859,6 @@ int HttpNetworkTransaction::DoNotifyBeforeCreateStream() { } int HttpNetworkTransaction::DoCreateStream() { - // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed. - tracked_objects::ScopedTracker tracking_profile( - FROM_HERE_WITH_EXPLICIT_FUNCTION( - "424359 HttpNetworkTransaction::DoCreateStream")); - response_.network_accessed = true; next_state_ = STATE_CREATE_STREAM_COMPLETE; @@ -1187,11 +1188,6 @@ int HttpNetworkTransaction::DoBuildRequestComplete(int result) { } int HttpNetworkTransaction::DoSendRequest() { - // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed. - tracked_objects::ScopedTracker tracking_profile( - FROM_HERE_WITH_EXPLICIT_FUNCTION( - "424359 HttpNetworkTransaction::DoSendRequest")); - send_start_time_ = base::TimeTicks::Now(); next_state_ = STATE_SEND_REQUEST_COMPLETE; diff --git a/chromium/net/http/http_network_transaction_unittest.cc b/chromium/net/http/http_network_transaction_unittest.cc index 0f1f7ffb358..95919a6d09b 100644 --- a/chromium/net/http/http_network_transaction_unittest.cc +++ b/chromium/net/http/http_network_transaction_unittest.cc @@ -103,6 +103,11 @@ #include "testing/platform_test.h" #include "url/gurl.h" +#if defined(NTLM_PORTABLE) +#include "base/base64.h" +#include "net/ntlm/ntlm_test_data.h" +#endif + using net::test::IsError; using net::test::IsOk; @@ -223,7 +228,6 @@ const base::string16 kFoo2(ASCIIToUTF16("foo2")); const base::string16 kFoo3(ASCIIToUTF16("foo3")); const base::string16 kFou(ASCIIToUTF16("fou")); const base::string16 kSecond(ASCIIToUTF16("second")); -const base::string16 kTestingNTLM(ASCIIToUTF16("testing-ntlm")); const base::string16 kWrongPassword(ASCIIToUTF16("wrongpassword")); const char kAlternativeServiceHttpHeader[] = @@ -644,31 +648,21 @@ void FillLargeHeadersString(std::string* str, int size) { } #if defined(NTLM_PORTABLE) -// Alternative functions that eliminate randomness and dependency on the local -// host name so that the generated NTLM messages are reproducible. -void MockGenerateRandom1(uint8_t* output, size_t n) { - static const uint8_t bytes[] = {0x55, 0x29, 0x66, 0x26, - 0x6b, 0x9c, 0x73, 0x54}; - static size_t current_byte = 0; - for (size_t i = 0; i < n; ++i) { - output[i] = bytes[current_byte++]; - current_byte %= arraysize(bytes); - } +uint64_t MockGetMSTime() { + // Tue, 23 May 2017 20:13:07 +0000 + return 131400439870000000; } -void MockGenerateRandom2(uint8_t* output, size_t n) { - static const uint8_t bytes[] = {0x96, 0x79, 0x85, 0xe7, 0x49, 0x93, - 0x70, 0xa1, 0x4e, 0xe7, 0x87, 0x45, - 0x31, 0x5b, 0xd3, 0x1f}; - static size_t current_byte = 0; - for (size_t i = 0; i < n; ++i) { - output[i] = bytes[current_byte++]; - current_byte %= arraysize(bytes); - } +// Alternative functions that eliminate randomness and dependency on the local +// host name so that the generated NTLM messages are reproducible. +void MockGenerateRandom(uint8_t* output, size_t n) { + // This is set to 0xaa because the client challenge for testing in + // [MS-NLMP] Section 4.2.1 is 8 bytes of 0xaa. + memset(output, 0xaa, n); } std::string MockGetHostName() { - return "WTC-WIN7"; + return ntlm::test::kHostnameAscii; } #endif // defined(NTLM_PORTABLE) @@ -805,7 +799,7 @@ bool CheckNTLMServerAuth(const AuthChallengeInfo* auth_challenge) { if (!auth_challenge) return false; EXPECT_FALSE(auth_challenge->is_proxy); - EXPECT_EQ("http://172.22.68.17", auth_challenge->challenger.Serialize()); + EXPECT_EQ("https://172.22.68.17", auth_challenge->challenger.Serialize()); EXPECT_EQ(std::string(), auth_challenge->realm); EXPECT_EQ(kNtlmAuthScheme, auth_challenge->scheme); return true; @@ -5201,8 +5195,8 @@ TEST_F(HttpNetworkTransactionTest, // CONNECT to mail.example.org:443 via SPDY. SpdyHeaderBlock connect2_block; - connect2_block[spdy_util_.GetMethodKey()] = "CONNECT"; - connect2_block[spdy_util_.GetHostKey()] = "mail.example.org:443"; + connect2_block[kHttp2MethodHeader] = "CONNECT"; + connect2_block[kHttp2AuthorityHeader] = "mail.example.org:443"; SpdySerializedFrame connect2(spdy_util_.ConstructSpdyHeaders( 3, std::move(connect2_block), LOWEST, false)); @@ -5942,24 +5936,47 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyThenServer) { // can't hook into its internals to cause it to generate predictable NTLM // authorization headers. #if defined(NTLM_PORTABLE) -// The NTLM authentication unit tests were generated by capturing the HTTP -// requests and responses using Fiddler 2 and inspecting the generated random -// bytes in the debugger. +// The NTLM authentication unit tests are based on known test data from the +// [MS-NLMP] Specification [1]. These tests are primarily of the authentication +// flow rather than the implementation of the NTLM protocol. See net/ntlm +// for the implementation and testing of the protocol. +// +// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx // Enter the correct password and authenticate successfully. -TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { +TEST_F(HttpNetworkTransactionTest, NTLMAuthV1) { HttpRequestInfo request; request.method = "GET"; - request.url = GURL("http://172.22.68.17/kids/login.aspx"); + request.url = GURL("https://172.22.68.17/kids/login.aspx"); // Ensure load is not disrupted by flags which suppress behaviour specific // to other auth schemes. request.load_flags = LOAD_DO_NOT_USE_EMBEDDED_IDENTITY; - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGenerateRandom1, - MockGetHostName); + HttpAuthHandlerNTLM::ScopedProcSetter proc_setter( + MockGetMSTime, MockGenerateRandom, MockGetHostName); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); + // Generate the NTLM messages based on known test data. + std::string negotiate_msg; + std::string challenge_msg; + std::string authenticate_msg; + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>(ntlm::test::kExpectedNegotiateMsg), + arraysize(ntlm::test::kExpectedNegotiateMsg)), + &negotiate_msg); + base::Base64Encode(base::StringPiece(reinterpret_cast<const char*>( + ntlm::test::kChallengeMsgV1), + arraysize(ntlm::test::kChallengeMsgV1)), + &challenge_msg); + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>( + ntlm::test::kExpectedAuthenticateMsgSpecResponseV1), + arraysize(ntlm::test::kExpectedAuthenticateMsgSpecResponseV1)), + &authenticate_msg); + MockWrite data_writes1[] = { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" @@ -5976,7 +5993,6 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { MockRead("Content-Length: 42\r\n"), MockRead("Content-Type: text/html\r\n\r\n"), // Missing content -- won't matter, as connection will be reset. - MockRead(SYNCHRONOUS, ERR_UNEXPECTED), }; MockWrite data_writes2[] = { @@ -5986,43 +6002,31 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM " - "TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(negotiate_msg.c_str()), MockWrite("\r\n\r\n"), // After calling trans.RestartWithAuth(), we should send a Type 3 message - // (the credentials for the origin server). The second request continues - // on the same connection. + // (using correct credentials). The second request continues on the + // same connection. MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGgAAAAYABgAgA" - "AAAAAAAABAAAAAGAAYAEAAAAAQABAAWAAAAAAAAAAAAAAABYIIAHQA" - "ZQBzAHQAaQBuAGcALQBuAHQAbABtAFcAVABDAC0AVwBJAE4ANwBVKW" - "Yma5xzVAAAAAAAAAAAAAAAAAAAAACH+gWcm+YsP9Tqb9zCR3WAeZZX" - "ahlhx5I=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(authenticate_msg.c_str()), MockWrite("\r\n\r\n"), }; MockRead data_reads2[] = { - // The origin server responds with a Type 2 message. - MockRead("HTTP/1.1 401 Access Denied\r\n"), - MockRead("WWW-Authenticate: NTLM " - "TlRMTVNTUAACAAAADAAMADgAAAAFgokCjGpMpPGlYKkAAAAAAAAAALo" - "AugBEAAAABQEoCgAAAA9HAE8ATwBHAEwARQACAAwARwBPAE8ARwBMAE" - "UAAQAaAEEASwBFAEUAUwBBAFIAQQAtAEMATwBSAFAABAAeAGMAbwByA" - "HAALgBnAG8AbwBnAGwAZQAuAGMAbwBtAAMAQABhAGsAZQBlAHMAYQBy" - "AGEALQBjAG8AcgBwAC4AYQBkAC4AYwBvAHIAcAAuAGcAbwBvAGcAbAB" - "lAC4AYwBvAG0ABQAeAGMAbwByAHAALgBnAG8AbwBnAGwAZQAuAGMAbw" - "BtAAAAAAA=\r\n"), - MockRead("Content-Length: 42\r\n"), - MockRead("Content-Type: text/html\r\n\r\n"), - MockRead("You are not authorized to view this page\r\n"), - - // Lastly we get the desired content. - MockRead("HTTP/1.1 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=utf-8\r\n"), - MockRead("Content-Length: 13\r\n\r\n"), - MockRead("Please Login\r\n"), - MockRead(SYNCHRONOUS, OK), + // The origin server responds with a Type 2 message. + MockRead("HTTP/1.1 401 Access Denied\r\n"), + MockRead("WWW-Authenticate: NTLM "), MockRead(challenge_msg.c_str()), + MockRead("\r\n"), MockRead("Content-Length: 42\r\n"), + MockRead("Content-Type: text/html\r\n\r\n"), + MockRead("You are not authorized to view this page\r\n"), + + // Lastly we get the desired content. + MockRead("HTTP/1.1 200 OK\r\n"), + MockRead("Content-Type: text/html; charset=utf-8\r\n"), + MockRead("Content-Length: 14\r\n\r\n"), MockRead("Please Login\r\n"), }; StaticSocketDataProvider data1(data_reads1, arraysize(data_reads1), @@ -6032,6 +6036,11 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { session_deps_.socket_factory->AddSocketDataProvider(&data1); session_deps_.socket_factory->AddSocketDataProvider(&data2); + SSLSocketDataProvider ssl1(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl1); + SSLSocketDataProvider ssl2(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2); + TestCompletionCallback callback1; HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); @@ -6050,8 +6059,9 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { TestCompletionCallback callback2; - rv = trans.RestartWithAuth(AuthCredentials(kTestingNTLM, kTestingNTLM), - callback2.callback()); + rv = trans.RestartWithAuth( + AuthCredentials(ntlm::test::kDomainUserCombined, ntlm::test::kPassword), + callback2.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); rv = callback2.WaitForResult(); @@ -6074,19 +6084,66 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth1) { response = trans.GetResponseInfo(); ASSERT_TRUE(response); EXPECT_FALSE(response->auth_challenge); - EXPECT_EQ(13, response->headers->GetContentLength()); + EXPECT_EQ(14, response->headers->GetContentLength()); + + std::string response_data; + rv = ReadTransaction(&trans, &response_data); + EXPECT_THAT(rv, IsOk()); + EXPECT_EQ("Please Login\r\n", response_data); + + EXPECT_TRUE(data1.AllReadDataConsumed()); + EXPECT_TRUE(data1.AllWriteDataConsumed()); + EXPECT_TRUE(data2.AllReadDataConsumed()); + EXPECT_TRUE(data2.AllWriteDataConsumed()); } // Enter a wrong password, and then the correct one. -TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { +TEST_F(HttpNetworkTransactionTest, NTLMAuthV1WrongThenRightPassword) { HttpRequestInfo request; request.method = "GET"; - request.url = GURL("http://172.22.68.17/kids/login.aspx"); + request.url = GURL("https://172.22.68.17/kids/login.aspx"); - HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGenerateRandom2, - MockGetHostName); + HttpAuthHandlerNTLM::ScopedProcSetter proc_setter( + MockGetMSTime, MockGenerateRandom, MockGetHostName); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); + // Generate the NTLM messages based on known test data. + std::string negotiate_msg; + std::string challenge_msg; + std::string authenticate_msg; + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>(ntlm::test::kExpectedNegotiateMsg), + arraysize(ntlm::test::kExpectedNegotiateMsg)), + &negotiate_msg); + base::Base64Encode(base::StringPiece(reinterpret_cast<const char*>( + ntlm::test::kChallengeMsgV1), + arraysize(ntlm::test::kChallengeMsgV1)), + &challenge_msg); + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>( + ntlm::test::kExpectedAuthenticateMsgSpecResponseV1), + arraysize(ntlm::test::kExpectedAuthenticateMsgSpecResponseV1)), + &authenticate_msg); + + // The authenticate message when |kWrongPassword| is sent. + std::string wrong_password_authenticate_msg( + "TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAQABAAhAAAAAAA" + "AABAAAAAA4IIAKqqqqqqqqqqAAAAAAAAAAAAAAAAAAAAAF2npafgDxlql9qxEIhLlsuuJIEd" + "NQHk7kQAbwBtAGEAaQBuAFUAcwBlAHIAQwBPAE0AUABVAFQARQBSAA=="); + + // Sanity check that this is the same as |authenticate_msg| except for the + // 24 bytes (32 encoded chars) of the NTLM Response. + ASSERT_EQ(authenticate_msg.length(), + wrong_password_authenticate_msg.length()); + ASSERT_EQ(authenticate_msg.length(), 200u); + ASSERT_EQ(base::StringPiece(authenticate_msg.data(), 117), + base::StringPiece(wrong_password_authenticate_msg.data(), 117)); + ASSERT_EQ( + base::StringPiece(authenticate_msg.data() + 149, 51), + base::StringPiece(wrong_password_authenticate_msg.data() + 149, 51)); + MockWrite data_writes1[] = { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" @@ -6103,7 +6160,6 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { MockRead("Content-Length: 42\r\n"), MockRead("Content-Type: text/html\r\n\r\n"), // Missing content -- won't matter, as connection will be reset. - MockRead(SYNCHRONOUS, ERR_UNEXPECTED), }; MockWrite data_writes2[] = { @@ -6113,45 +6169,33 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM " - "TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(negotiate_msg.c_str()), MockWrite("\r\n\r\n"), // After calling trans.RestartWithAuth(), we should send a Type 3 message - // (the credentials for the origin server). The second request continues - // on the same connection. + // (using incorrect credentials). The second request continues on the + // same connection. MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGgAAAAYABgAgA" - "AAAAAAAABAAAAAGAAYAEAAAAAQABAAWAAAAAAAAAAAAAAABYIIAHQA" - "ZQBzAHQAaQBuAGcALQBuAHQAbABtAFcAVABDAC0AVwBJAE4ANwCWeY" - "XnSZNwoQAAAAAAAAAAAAAAAAAAAADLa34/phTTKzNTWdub+uyFleOj" - "4Ww7b7E=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(wrong_password_authenticate_msg.c_str()), MockWrite("\r\n\r\n"), }; MockRead data_reads2[] = { - // The origin server responds with a Type 2 message. - MockRead("HTTP/1.1 401 Access Denied\r\n"), - MockRead("WWW-Authenticate: NTLM " - "TlRMTVNTUAACAAAADAAMADgAAAAFgokCbVWUZezVGpAAAAAAAAAAALo" - "AugBEAAAABQEoCgAAAA9HAE8ATwBHAEwARQACAAwARwBPAE8ARwBMAE" - "UAAQAaAEEASwBFAEUAUwBBAFIAQQAtAEMATwBSAFAABAAeAGMAbwByA" - "HAALgBnAG8AbwBnAGwAZQAuAGMAbwBtAAMAQABhAGsAZQBlAHMAYQBy" - "AGEALQBjAG8AcgBwAC4AYQBkAC4AYwBvAHIAcAAuAGcAbwBvAGcAbAB" - "lAC4AYwBvAG0ABQAeAGMAbwByAHAALgBnAG8AbwBnAGwAZQAuAGMAbw" - "BtAAAAAAA=\r\n"), - MockRead("Content-Length: 42\r\n"), - MockRead("Content-Type: text/html\r\n\r\n"), - MockRead("You are not authorized to view this page\r\n"), + // The origin server responds with a Type 2 message. + MockRead("HTTP/1.1 401 Access Denied\r\n"), + MockRead("WWW-Authenticate: NTLM "), MockRead(challenge_msg.c_str()), + MockRead("\r\n"), MockRead("Content-Length: 42\r\n"), + MockRead("Content-Type: text/html\r\n\r\n"), + MockRead("You are not authorized to view this page\r\n"), - // Wrong password. - MockRead("HTTP/1.1 401 Access Denied\r\n"), - MockRead("WWW-Authenticate: NTLM\r\n"), - MockRead("Connection: close\r\n"), - MockRead("Content-Length: 42\r\n"), - MockRead("Content-Type: text/html\r\n\r\n"), - // Missing content -- won't matter, as connection will be reset. - MockRead(SYNCHRONOUS, ERR_UNEXPECTED), + // Wrong password. + MockRead("HTTP/1.1 401 Access Denied\r\n"), + MockRead("WWW-Authenticate: NTLM\r\n"), MockRead("Connection: close\r\n"), + MockRead("Content-Length: 42\r\n"), + MockRead("Content-Type: text/html\r\n\r\n"), + // Missing content -- won't matter, as connection will be reset. }; MockWrite data_writes3[] = { @@ -6161,8 +6205,8 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM " - "TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(negotiate_msg.c_str()), MockWrite("\r\n\r\n"), // After calling trans.RestartWithAuth(), we should send a Type 3 message // (the credentials for the origin server). The second request continues @@ -6170,34 +6214,22 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" "Host: 172.22.68.17\r\n" "Connection: keep-alive\r\n" - "Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGgAAAAYABgAgA" - "AAAAAAAABAAAAAGAAYAEAAAAAQABAAWAAAAAAAAAAAAAAABYIIAHQA" - "ZQBzAHQAaQBuAGcALQBuAHQAbABtAFcAVABDAC0AVwBJAE4ANwBO54" - "dFMVvTHwAAAAAAAAAAAAAAAAAAAACS7sT6Uzw7L0L//WUqlIaVWpbI" - "+4MUm7c=\r\n\r\n"), + "Authorization: NTLM "), + MockWrite(authenticate_msg.c_str()), MockWrite("\r\n\r\n"), }; MockRead data_reads3[] = { - // The origin server responds with a Type 2 message. - MockRead("HTTP/1.1 401 Access Denied\r\n"), - MockRead("WWW-Authenticate: NTLM " - "TlRMTVNTUAACAAAADAAMADgAAAAFgokCL24VN8dgOR8AAAAAAAAAALo" - "AugBEAAAABQEoCgAAAA9HAE8ATwBHAEwARQACAAwARwBPAE8ARwBMAE" - "UAAQAaAEEASwBFAEUAUwBBAFIAQQAtAEMATwBSAFAABAAeAGMAbwByA" - "HAALgBnAG8AbwBnAGwAZQAuAGMAbwBtAAMAQABhAGsAZQBlAHMAYQBy" - "AGEALQBjAG8AcgBwAC4AYQBkAC4AYwBvAHIAcAAuAGcAbwBvAGcAbAB" - "lAC4AYwBvAG0ABQAeAGMAbwByAHAALgBnAG8AbwBnAGwAZQAuAGMAbw" - "BtAAAAAAA=\r\n"), - MockRead("Content-Length: 42\r\n"), - MockRead("Content-Type: text/html\r\n\r\n"), - MockRead("You are not authorized to view this page\r\n"), - - // Lastly we get the desired content. - MockRead("HTTP/1.1 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=utf-8\r\n"), - MockRead("Content-Length: 13\r\n\r\n"), - MockRead("Please Login\r\n"), - MockRead(SYNCHRONOUS, OK), + // The origin server responds with a Type 2 message. + MockRead("HTTP/1.1 401 Access Denied\r\n"), + MockRead("WWW-Authenticate: NTLM "), MockRead(challenge_msg.c_str()), + MockRead("\r\n"), MockRead("Content-Length: 42\r\n"), + MockRead("Content-Type: text/html\r\n\r\n"), + MockRead("You are not authorized to view this page\r\n"), + + // Lastly we get the desired content. + MockRead("HTTP/1.1 200 OK\r\n"), + MockRead("Content-Type: text/html; charset=utf-8\r\n"), + MockRead("Content-Length: 14\r\n\r\n"), MockRead("Please Login\r\n"), }; StaticSocketDataProvider data1(data_reads1, arraysize(data_reads1), @@ -6210,6 +6242,13 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { session_deps_.socket_factory->AddSocketDataProvider(&data2); session_deps_.socket_factory->AddSocketDataProvider(&data3); + SSLSocketDataProvider ssl1(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl1); + SSLSocketDataProvider ssl2(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2); + SSLSocketDataProvider ssl3(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl3); + TestCompletionCallback callback1; HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); @@ -6229,8 +6268,9 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { TestCompletionCallback callback2; // Enter the wrong password. - rv = trans.RestartWithAuth(AuthCredentials(kTestingNTLM, kWrongPassword), - callback2.callback()); + rv = trans.RestartWithAuth( + AuthCredentials(ntlm::test::kDomainUserCombined, kWrongPassword), + callback2.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); rv = callback2.WaitForResult(); @@ -6251,8 +6291,9 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { TestCompletionCallback callback4; // Now enter the right password. - rv = trans.RestartWithAuth(AuthCredentials(kTestingNTLM, kTestingNTLM), - callback4.callback()); + rv = trans.RestartWithAuth( + AuthCredentials(ntlm::test::kDomainUserCombined, ntlm::test::kPassword), + callback4.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); rv = callback4.WaitForResult(); @@ -6271,7 +6312,180 @@ TEST_F(HttpNetworkTransactionTest, NTLMAuth2) { response = trans.GetResponseInfo(); EXPECT_FALSE(response->auth_challenge); - EXPECT_EQ(13, response->headers->GetContentLength()); + EXPECT_EQ(14, response->headers->GetContentLength()); + + std::string response_data; + rv = ReadTransaction(&trans, &response_data); + EXPECT_THAT(rv, IsOk()); + EXPECT_EQ("Please Login\r\n", response_data); + + EXPECT_TRUE(data1.AllReadDataConsumed()); + EXPECT_TRUE(data1.AllWriteDataConsumed()); + EXPECT_TRUE(data2.AllReadDataConsumed()); + EXPECT_TRUE(data2.AllWriteDataConsumed()); + EXPECT_TRUE(data3.AllReadDataConsumed()); + EXPECT_TRUE(data3.AllWriteDataConsumed()); +} + +// Server requests NTLM authentication, which is not supported over HTTP/2. +// Subsequent request with authorization header should be sent over HTTP/1.1. +TEST_F(HttpNetworkTransactionTest, NTLMOverHttp2) { + HttpAuthHandlerNTLM::ScopedProcSetter proc_setter( + MockGetMSTime, MockGenerateRandom, MockGetHostName); + + const char* kUrl = "https://172.22.68.17/kids/login.aspx"; + + HttpRequestInfo request; + request.method = "GET"; + request.url = GURL(kUrl); + + // First request without credentials. + SpdyHeaderBlock request_headers0(spdy_util_.ConstructGetHeaderBlock(kUrl)); + SpdySerializedFrame request0(spdy_util_.ConstructSpdyHeaders( + 1, std::move(request_headers0), LOWEST, true)); + + SpdyHeaderBlock response_headers0; + response_headers0[kHttp2StatusHeader] = "401"; + response_headers0["www-authenticate"] = "NTLM"; + SpdySerializedFrame resp(spdy_util_.ConstructSpdyResponseHeaders( + 1, std::move(response_headers0), true)); + + // Stream 1 is closed. + spdy_util_.UpdateWithStreamDestruction(1); + + // Generate the NTLM messages based on known test data. + std::string negotiate_msg; + std::string challenge_msg; + std::string authenticate_msg; + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>(ntlm::test::kExpectedNegotiateMsg), + arraysize(ntlm::test::kExpectedNegotiateMsg)), + &negotiate_msg); + base::Base64Encode(base::StringPiece(reinterpret_cast<const char*>( + ntlm::test::kChallengeMsgV1), + arraysize(ntlm::test::kChallengeMsgV1)), + &challenge_msg); + base::Base64Encode( + base::StringPiece( + reinterpret_cast<const char*>( + ntlm::test::kExpectedAuthenticateMsgSpecResponseV1), + arraysize(ntlm::test::kExpectedAuthenticateMsgSpecResponseV1)), + &authenticate_msg); + + // Retry with authorization header. + SpdyHeaderBlock request_headers1(spdy_util_.ConstructGetHeaderBlock(kUrl)); + request_headers1["authorization"] = std::string("NTLM ") + negotiate_msg; + SpdySerializedFrame request1(spdy_util_.ConstructSpdyHeaders( + 3, std::move(request_headers1), LOWEST, true)); + + SpdySerializedFrame rst( + spdy_util_.ConstructSpdyRstStream(3, ERROR_CODE_HTTP_1_1_REQUIRED)); + + MockWrite writes0[] = {CreateMockWrite(request0, 0)}; + MockRead reads0[] = {CreateMockRead(resp, 1), MockRead(ASYNC, 0, 2)}; + + // Retry yet again using HTTP/1.1. + MockWrite writes1[] = { + // After restarting with a null identity, this is the + // request we should be issuing -- the final header line contains a Type + // 1 message. + MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" + "Host: 172.22.68.17\r\n" + "Connection: keep-alive\r\n" + "Authorization: NTLM "), + MockWrite(negotiate_msg.c_str()), MockWrite("\r\n\r\n"), + + // After calling trans.RestartWithAuth(), we should send a Type 3 message + // (the credentials for the origin server). The second request continues + // on the same connection. + MockWrite("GET /kids/login.aspx HTTP/1.1\r\n" + "Host: 172.22.68.17\r\n" + "Connection: keep-alive\r\n" + "Authorization: NTLM "), + MockWrite(authenticate_msg.c_str()), MockWrite("\r\n\r\n"), + }; + + MockRead reads1[] = { + // The origin server responds with a Type 2 message. + MockRead("HTTP/1.1 401 Access Denied\r\n"), + MockRead("WWW-Authenticate: NTLM "), MockRead(challenge_msg.c_str()), + MockRead("\r\n"), MockRead("Content-Length: 42\r\n"), + MockRead("Content-Type: text/html\r\n\r\n"), + MockRead("You are not authorized to view this page\r\n"), + + // Lastly we get the desired content. + MockRead("HTTP/1.1 200 OK\r\n"), + MockRead("Content-Type: text/html; charset=utf-8\r\n"), + MockRead("Content-Length: 14\r\n\r\n"), MockRead("Please Login\r\n"), + }; + SequencedSocketData data0(reads0, arraysize(reads0), writes0, + arraysize(writes0)); + StaticSocketDataProvider data1(reads1, arraysize(reads1), writes1, + arraysize(writes1)); + session_deps_.socket_factory->AddSocketDataProvider(&data0); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + + SSLSocketDataProvider ssl0(ASYNC, OK); + ssl0.next_proto = kProtoHTTP2; + SSLSocketDataProvider ssl1(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl0); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl1); + + std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); + + TestCompletionCallback callback1; + int rv = trans.Start(&request, callback1.callback(), NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + rv = callback1.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + EXPECT_FALSE(trans.IsReadyToRestartForAuth()); + + const HttpResponseInfo* response = trans.GetResponseInfo(); + ASSERT_TRUE(response); + EXPECT_TRUE(CheckNTLMServerAuth(response->auth_challenge.get())); + + TestCompletionCallback callback2; + + rv = trans.RestartWithAuth( + AuthCredentials(ntlm::test::kDomainUserCombined, ntlm::test::kPassword), + callback2.callback()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + rv = callback2.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + EXPECT_TRUE(trans.IsReadyToRestartForAuth()); + + response = trans.GetResponseInfo(); + ASSERT_TRUE(response); + EXPECT_FALSE(response->auth_challenge); + + TestCompletionCallback callback3; + + rv = trans.RestartWithAuth(AuthCredentials(), callback3.callback()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + rv = callback3.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + response = trans.GetResponseInfo(); + ASSERT_TRUE(response); + EXPECT_FALSE(response->auth_challenge); + EXPECT_EQ(14, response->headers->GetContentLength()); + + std::string response_data; + rv = ReadTransaction(&trans, &response_data); + EXPECT_THAT(rv, IsOk()); + EXPECT_EQ("Please Login\r\n", response_data); + + EXPECT_TRUE(data0.AllReadDataConsumed()); + EXPECT_TRUE(data0.AllWriteDataConsumed()); + EXPECT_TRUE(data1.AllReadDataConsumed()); + EXPECT_TRUE(data1.AllWriteDataConsumed()); } #endif // NTLM_PORTABLE @@ -13787,7 +14001,7 @@ TEST_F(HttpNetworkTransactionTest, RetryWithoutConnectionPooling) { SpdySerializedFrame resp1(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); SpdySerializedFrame body1(spdy_util_.ConstructSpdyDataFrame(1, true)); SpdyHeaderBlock response_headers; - response_headers[SpdyTestUtil::GetStatusKey()] = "421"; + response_headers[kHttp2StatusHeader] = "421"; SpdySerializedFrame resp2( spdy_util_.ConstructSpdyReply(3, std::move(response_headers))); MockRead reads1[] = {CreateMockRead(resp1, 1), CreateMockRead(body1, 2), @@ -13915,7 +14129,7 @@ TEST_F(HttpNetworkTransactionTest, ReturnHTTP421OnRetry) { SpdySerializedFrame resp1(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); SpdySerializedFrame body1(spdy_util_.ConstructSpdyDataFrame(1, true)); SpdyHeaderBlock response_headers; - response_headers[SpdyTestUtil::GetStatusKey()] = "421"; + response_headers[kHttp2StatusHeader] = "421"; SpdySerializedFrame resp2( spdy_util_.ConstructSpdyReply(3, response_headers.Clone())); MockRead reads1[] = {CreateMockRead(resp1, 1), CreateMockRead(body1, 2), @@ -14471,10 +14685,10 @@ TEST_F(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) { // SPDY GET for HTTP URL (through the proxy, but not the tunnel). SpdyHeaderBlock req2_block; - req2_block[spdy_util_.GetMethodKey()] = "GET"; - req2_block[spdy_util_.GetHostKey()] = "www.example.org:8080"; - req2_block[spdy_util_.GetSchemeKey()] = "http"; - req2_block[spdy_util_.GetPathKey()] = "/"; + req2_block[kHttp2MethodHeader] = "GET"; + req2_block[kHttp2AuthorityHeader] = "www.example.org:8080"; + req2_block[kHttp2SchemeHeader] = "http"; + req2_block[kHttp2PathHeader] = "/"; SpdySerializedFrame req2( spdy_util_.ConstructSpdyHeaders(3, std::move(req2_block), MEDIUM, true)); @@ -17011,7 +17225,7 @@ TEST_F(HttpNetworkTransactionTest, ProxyResolutionFailsSync) { MockAsyncProxyResolver resolver; session_deps_.proxy_service.reset(new ProxyService( std::make_unique<ProxyConfigServiceFixed>(proxy_config), - base::WrapUnique(new FailingProxyResolverFactory), nullptr)); + std::make_unique<FailingProxyResolverFactory>(), nullptr)); HttpRequestInfo request; request.method = "GET"; diff --git a/chromium/net/http/http_proxy_client_socket.cc b/chromium/net/http/http_proxy_client_socket.cc index 50847937d12..4be93e00bee 100644 --- a/chromium/net/http/http_proxy_client_socket.cc +++ b/chromium/net/http/http_proxy_client_socket.cc @@ -6,8 +6,6 @@ #include "base/bind.h" #include "base/bind_helpers.h" -#include "base/memory/ptr_util.h" -#include "base/profiler/scoped_tracker.h" #include "base/strings/string_util.h" #include "base/values.h" #include "net/base/auth.h" diff --git a/chromium/net/http/http_proxy_client_socket_pool.cc b/chromium/net/http/http_proxy_client_socket_pool.cc index 8a2b6c34b02..8e262e7f9a1 100644 --- a/chromium/net/http/http_proxy_client_socket_pool.cc +++ b/chromium/net/http/http_proxy_client_socket_pool.cc @@ -10,7 +10,6 @@ #include <utility> #include "base/compiler_specific.h" -#include "base/memory/ptr_util.h" #include "base/metrics/field_trial.h" #include "base/metrics/field_trial_params.h" #include "base/optional.h" @@ -296,11 +295,13 @@ void HttpProxyClientSocketPool::RequestSockets( const std::string& group_name, const void* params, int num_sockets, - const NetLogWithSource& net_log) { + const NetLogWithSource& net_log, + HttpRequestInfo::RequestMotivation motivation) { const scoped_refptr<HttpProxySocketParams>* casted_params = static_cast<const scoped_refptr<HttpProxySocketParams>*>(params); - base_.RequestSockets(group_name, *casted_params, num_sockets, net_log); + base_.RequestSockets(group_name, *casted_params, num_sockets, net_log, + motivation); } void HttpProxyClientSocketPool::CancelRequest( diff --git a/chromium/net/http/http_proxy_client_socket_pool.h b/chromium/net/http/http_proxy_client_socket_pool.h index 24c45174f87..9564c033d24 100644 --- a/chromium/net/http/http_proxy_client_socket_pool.h +++ b/chromium/net/http/http_proxy_client_socket_pool.h @@ -163,7 +163,8 @@ class NET_EXPORT_PRIVATE HttpProxyClientSocketPool void RequestSockets(const std::string& group_name, const void* params, int num_sockets, - const NetLogWithSource& net_log) override; + const NetLogWithSource& net_log, + HttpRequestInfo::RequestMotivation motivation) override; void SetPriority(const std::string& group_name, ClientSocketHandle* handle, diff --git a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc index 54178597d87..f442a517b30 100644 --- a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc @@ -323,7 +323,7 @@ TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) { CreateMockWrite(req, 0, ASYNC), CreateMockWrite(rst, 2, ASYNC), }; SpdyHeaderBlock resp_block; - resp_block[spdy_util_.GetStatusKey()] = "407"; + resp_block[kHttp2StatusHeader] = "407"; resp_block["proxy-authenticate"] = "Basic realm=\"MyRealm1\""; SpdySerializedFrame resp( diff --git a/chromium/net/http/http_proxy_client_socket_wrapper.cc b/chromium/net/http/http_proxy_client_socket_wrapper.cc index 2ce84c90213..d67438d1b38 100644 --- a/chromium/net/http/http_proxy_client_socket_wrapper.cc +++ b/chromium/net/http/http_proxy_client_socket_wrapper.cc @@ -11,7 +11,6 @@ #include "base/callback_helpers.h" #include "base/memory/weak_ptr.h" #include "base/metrics/histogram_macros.h" -#include "base/profiler/scoped_tracker.h" #include "base/values.h" #include "net/base/proxy_delegate.h" #include "net/http/http_proxy_client_socket.h" @@ -432,8 +431,7 @@ int HttpProxyClientSocketWrapper::DoSSLConnect() { SpdySessionKey key(GetDestination().host_port_pair(), ProxyServer::Direct(), PRIVACY_MODE_DISABLED); if (spdy_session_pool_->FindAvailableSession( - key, GURL(), - /* enable_ip_based_pooling = */ true, net_log_)) { + key, /* enable_ip_based_pooling = */ true, net_log_)) { using_spdy_ = true; next_state_ = STATE_SPDY_PROXY_CREATE_STREAM; return OK; @@ -546,8 +544,7 @@ int HttpProxyClientSocketWrapper::DoSpdyProxyCreateStream() { PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> spdy_session = spdy_session_pool_->FindAvailableSession( - key, GURL(), - /* enable_ip_based_pooling = */ true, net_log_); + key, /* enable_ip_based_pooling = */ true, net_log_); // It's possible that a session to the proxy has recently been created if (spdy_session) { if (transport_socket_handle_.get()) { diff --git a/chromium/net/http/http_request_headers.cc b/chromium/net/http/http_request_headers.cc index b2fec436b08..cf9433e07a9 100644 --- a/chromium/net/http/http_request_headers.cc +++ b/chromium/net/http/http_request_headers.cc @@ -7,7 +7,6 @@ #include <utility> #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" @@ -94,13 +93,9 @@ void HttpRequestHeaders::Clear() { void HttpRequestHeaders::SetHeader(const base::StringPiece& key, const base::StringPiece& value) { - DCHECK(HttpUtil::IsValidHeaderName(key)); - DCHECK(HttpUtil::IsValidHeaderValue(value)); - HeaderVector::iterator it = FindHeader(key); - if (it != headers_.end()) - it->value.assign(value.data(), value.size()); - else - headers_.push_back(HeaderKeyValuePair(key, value)); + DCHECK(HttpUtil::IsValidHeaderName(key)) << key; + DCHECK(HttpUtil::IsValidHeaderValue(value)) << key << ":" << value; + SetHeaderInternal(key, value); } void HttpRequestHeaders::SetHeaderIfMissing(const base::StringPiece& key, @@ -229,4 +224,13 @@ HttpRequestHeaders::FindHeader(const base::StringPiece& key) const { return headers_.end(); } +void HttpRequestHeaders::SetHeaderInternal(const base::StringPiece& key, + const base::StringPiece& value) { + HeaderVector::iterator it = FindHeader(key); + if (it != headers_.end()) + it->value.assign(value.data(), value.size()); + else + headers_.push_back(HeaderKeyValuePair(key, value)); +} + } // namespace net diff --git a/chromium/net/http/http_request_headers.h b/chromium/net/http/http_request_headers.h index 3c8a46ce796..c246f4f10c8 100644 --- a/chromium/net/http/http_request_headers.h +++ b/chromium/net/http/http_request_headers.h @@ -28,7 +28,7 @@ class NetLogCaptureMode; class NET_EXPORT HttpRequestHeaders { public: - struct HeaderKeyValuePair { + struct NET_EXPORT HeaderKeyValuePair { HeaderKeyValuePair(); HeaderKeyValuePair(const base::StringPiece& key, const base::StringPiece& value); @@ -112,6 +112,12 @@ class NET_EXPORT HttpRequestHeaders { // |value| passes HttpUtil::IsValidHeaderValue(). void SetHeader(const base::StringPiece& key, const base::StringPiece& value); + // Does the same as above but without internal DCHECKs for validations. + void SetHeaderWithoutCheckForTesting(const base::StringPiece& key, + const base::StringPiece& value) { + SetHeaderInternal(key, value); + } + // Sets the header value pair for |key| and |value|, if |key| does not exist. // If |key| already exists, the call is a no-op. // When comparing |key|, case is ignored. @@ -167,10 +173,15 @@ class NET_EXPORT HttpRequestHeaders { const std::string* request_line, NetLogCaptureMode capture_mode) const; + const HeaderVector& GetHeaderVector() const { return headers_; } + private: HeaderVector::iterator FindHeader(const base::StringPiece& key); HeaderVector::const_iterator FindHeader(const base::StringPiece& key) const; + void SetHeaderInternal(const base::StringPiece& key, + const base::StringPiece& value); + HeaderVector headers_; // Allow the copy construction and operator= to facilitate copying in diff --git a/chromium/net/http/http_response_headers.cc b/chromium/net/http/http_response_headers.cc index ea39c29309c..9ed221a3b0a 100644 --- a/chromium/net/http/http_response_headers.cc +++ b/chromium/net/http/http_response_headers.cc @@ -10,12 +10,12 @@ #include "net/http/http_response_headers.h" #include <algorithm> +#include <memory> #include <unordered_map> #include <utility> #include "base/format_macros.h" #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/pickle.h" #include "base/strings/string_number_conversions.h" diff --git a/chromium/net/http/http_response_headers_unittest.cc b/chromium/net/http/http_response_headers_unittest.cc index 8748de38753..6a4e6085ac4 100644 --- a/chromium/net/http/http_response_headers_unittest.cc +++ b/chromium/net/http/http_response_headers_unittest.cc @@ -671,6 +671,7 @@ TEST_P(ContentTypeTest, GetMimeType) { EXPECT_EQ(test.all_content_type, value); } +// clang-format off const ContentTypeTestData mimetype_tests[] = { { "HTTP/1.1 200 OK\n" "Content-type: text/html\n", @@ -714,12 +715,13 @@ const ContentTypeTestData mimetype_tests[] = { "text/html", true, "utf-8", true, "text/html;charset=utf-8, text/html" }, - // Test single quotes. + // Regression test for https://crbug.com/772350: + // Single quotes are not delimiters but must be treated as part of charset. { "HTTP/1.1 200 OK\n" "Content-type: text/html;charset='utf-8'\n" "Content-type: text/html\n", "text/html", true, - "utf-8", true, + "'utf-8'", true, "text/html;charset='utf-8', text/html" }, // Last charset wins if matching content-type. { "HTTP/1.1 200 OK\n" @@ -766,16 +768,16 @@ const ContentTypeTestData mimetype_tests[] = { "text/html ; charset=utf-8 ; bar=iso-8859-1" }, // Comma embeded in quotes. { "HTTP/1.1 200 OK\n" - "Content-type: text/html ; charset='utf-8,text/plain' ;\n", + "Content-type: text/html ; charset=\"utf-8,text/plain\" ;\n", "text/html", true, "utf-8,text/plain", true, - "text/html ; charset='utf-8,text/plain' ;" }, + "text/html ; charset=\"utf-8,text/plain\" ;" }, // Charset with leading spaces. { "HTTP/1.1 200 OK\n" - "Content-type: text/html ; charset= 'utf-8' ;\n", + "Content-type: text/html ; charset= \"utf-8\" ;\n", "text/html", true, "utf-8", true, - "text/html ; charset= 'utf-8' ;" }, + "text/html ; charset= \"utf-8\" ;" }, // Media type comments in mime-type. { "HTTP/1.1 200 OK\n" "Content-type: text/html (html)\n", @@ -801,6 +803,7 @@ const ContentTypeTestData mimetype_tests[] = { "", false, "*/*" }, }; +// clang-format on INSTANTIATE_TEST_CASE_P(HttpResponseHeaders, ContentTypeTest, diff --git a/chromium/net/http/http_response_info.cc b/chromium/net/http/http_response_info.cc index 561177797b1..e2fe9a5036f 100644 --- a/chromium/net/http/http_response_info.cc +++ b/chromium/net/http/http_response_info.cc @@ -446,6 +446,7 @@ bool HttpResponseInfo::DidUseQuic() const { case CONNECTION_INFO_QUIC_39: case CONNECTION_INFO_QUIC_40: case CONNECTION_INFO_QUIC_41: + case CONNECTION_INFO_QUIC_42: return true; case NUM_OF_CONNECTION_INFOS: NOTREACHED(); @@ -498,6 +499,8 @@ std::string HttpResponseInfo::ConnectionInfoToString( return "http/2+quic/40"; case CONNECTION_INFO_QUIC_41: return "http/2+quic/41"; + case CONNECTION_INFO_QUIC_42: + return "http/2+quic/42"; case CONNECTION_INFO_HTTP0_9: return "http/0.9"; case CONNECTION_INFO_HTTP1_0: diff --git a/chromium/net/http/http_response_info.h b/chromium/net/http/http_response_info.h index ef4d4274a69..7b4eb273b75 100644 --- a/chromium/net/http/http_response_info.h +++ b/chromium/net/http/http_response_info.h @@ -53,6 +53,7 @@ class NET_EXPORT HttpResponseInfo { CONNECTION_INFO_QUIC_39 = 17, CONNECTION_INFO_QUIC_40 = 18, CONNECTION_INFO_QUIC_41 = 19, + CONNECTION_INFO_QUIC_42 = 20, NUM_OF_CONNECTION_INFOS, }; diff --git a/chromium/net/http/http_security_headers_unittest.cc b/chromium/net/http/http_security_headers_unittest.cc index 2ea5d0a6c90..1171e333269 100644 --- a/chromium/net/http/http_security_headers_unittest.cc +++ b/chromium/net/http/http_security_headers_unittest.cc @@ -20,6 +20,10 @@ namespace net { namespace { +namespace test_default { +#include "net/http/transport_security_state_static_unittest_default.h" +} + HashValue GetTestHashValue(uint8_t label, HashValueTag tag) { HashValue hash_value(tag); memset(hash_value.data(), label, hash_value.size()); @@ -88,6 +92,10 @@ bool ParseAsHPKPHeader(const std::string& value, } class HttpSecurityHeadersTest : public testing::Test { + public: + ~HttpSecurityHeadersTest() override { + SetTransportSecurityStateSourceForTesting(nullptr); + } }; @@ -652,19 +660,14 @@ TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) { TestValidPKPHeaders(HASH_VALUE_SHA256); } -#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) -#define MAYBE_UpdateDynamicPKPOnly DISABLED_UpdateDynamicPKPOnly -#else -#define MAYBE_UpdateDynamicPKPOnly UpdateDynamicPKPOnly -#endif +TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) { + SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource); -TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPOnly) { TransportSecurityState state; TransportSecurityState::STSState static_sts_state; TransportSecurityState::PKPState static_pkp_state; - // docs.google.com has preloaded pins. - std::string domain = "docs.google.com"; + std::string domain = "no-rejected-pins-pkp.preloaded.test"; state.enable_static_pins_ = true; EXPECT_TRUE( state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); @@ -676,7 +679,7 @@ TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPOnly) { HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA256); std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256); std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA256); - GURL report_uri("http://google.com"); + GURL report_uri("http://report-uri.test/pkp"); std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin + ";report-uri=\"" + report_uri.spec() + "\""; @@ -727,19 +730,14 @@ TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPOnly) { base::ContainsValue(new_dynamic_pkp_state.spki_hashes, backup_hash)); } -#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) -#define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0 -#else -#define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0 -#endif +TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { + SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource); -TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) { TransportSecurityState state; TransportSecurityState::STSState static_sts_state; TransportSecurityState::PKPState static_pkp_state; - // docs.google.com has preloaded pins. - std::string domain = "docs.google.com"; + std::string domain = "no-rejected-pins-pkp.preloaded.test"; state.enable_static_pins_ = true; ASSERT_TRUE( state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); @@ -811,19 +809,14 @@ TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) { // Tests that when a static HSTS and a static HPKP entry are present, adding a // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a // dynamic HPKP entry could not affect the HSTS entry for the site. -#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) -#define MAYBE_NoClobberPins DISABLED_NoClobberPins -#else -#define MAYBE_NoClobberPins NoClobberPins -#endif +TEST_F(HttpSecurityHeadersTest, NoClobberPins) { + SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource); -TEST_F(HttpSecurityHeadersTest, MAYBE_NoClobberPins) { TransportSecurityState state; TransportSecurityState::STSState sts_state; TransportSecurityState::PKPState pkp_state; - // accounts.google.com has preloaded pins. - std::string domain = "accounts.google.com"; + std::string domain = "hsts-hpkp-preloaded.test"; state.enable_static_pins_ = true; // Retrieve the static STS and PKP states as it is by default, including its diff --git a/chromium/net/http/http_server_properties.cc b/chromium/net/http/http_server_properties.cc index a1289cae280..b28084586ad 100644 --- a/chromium/net/http/http_server_properties.cc +++ b/chromium/net/http/http_server_properties.cc @@ -86,14 +86,14 @@ AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( base::Time expiration) { DCHECK_EQ(alternative_service.protocol, kProtoHTTP2); return AlternativeServiceInfo(alternative_service, expiration, - QuicVersionVector()); + QuicTransportVersionVector()); } // static AlternativeServiceInfo AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) { + const QuicTransportVersionVector& advertised_versions) { DCHECK_EQ(alternative_service.protocol, kProtoQUIC); return AlternativeServiceInfo(alternative_service, expiration, advertised_versions); @@ -106,7 +106,7 @@ AlternativeServiceInfo::~AlternativeServiceInfo() {} AlternativeServiceInfo::AlternativeServiceInfo( const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) + const QuicTransportVersionVector& advertised_versions) : alternative_service_(alternative_service), expiration_(expiration) { if (alternative_service_.protocol == kProtoQUIC) { advertised_versions_ = advertised_versions; diff --git a/chromium/net/http/http_server_properties.h b/chromium/net/http/http_server_properties.h index bdcbfc51d16..698340322c5 100644 --- a/chromium/net/http/http_server_properties.h +++ b/chromium/net/http/http_server_properties.h @@ -131,7 +131,7 @@ class NET_EXPORT_PRIVATE AlternativeServiceInfo { static AlternativeServiceInfo CreateQuicAlternativeServiceInfo( const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions); + const QuicTransportVersionVector& advertised_versions); AlternativeServiceInfo(); ~AlternativeServiceInfo(); @@ -170,7 +170,8 @@ class NET_EXPORT_PRIVATE AlternativeServiceInfo { expiration_ = expiration; } - void set_advertised_versions(const QuicVersionVector& advertised_versions) { + void set_advertised_versions( + const QuicTransportVersionVector& advertised_versions) { if (alternative_service_.protocol != kProtoQUIC) return; @@ -190,14 +191,14 @@ class NET_EXPORT_PRIVATE AlternativeServiceInfo { base::Time expiration() const { return expiration_; } - const QuicVersionVector& advertised_versions() const { + const QuicTransportVersionVector& advertised_versions() const { return advertised_versions_; } private: AlternativeServiceInfo(const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions); + const QuicTransportVersionVector& advertised_versions); AlternativeService alternative_service_; base::Time expiration_; @@ -206,7 +207,7 @@ class NET_EXPORT_PRIVATE AlternativeServiceInfo { // by Chrome. If empty, defaults to versions used by the current instance of // the netstack. // This list MUST be sorted in ascending order. - QuicVersionVector advertised_versions_; + QuicTransportVersionVector advertised_versions_; }; struct NET_EXPORT SupportsQuic { @@ -328,7 +329,7 @@ class NET_EXPORT HttpServerProperties { const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) = 0; + const QuicTransportVersionVector& advertised_versions) = 0; // Set alternative services for |origin|. Previous alternative services for // |origin| are discarded. diff --git a/chromium/net/http/http_server_properties_impl.cc b/chromium/net/http/http_server_properties_impl.cc index e614a783f76..523a4b0b425 100644 --- a/chromium/net/http/http_server_properties_impl.cc +++ b/chromium/net/http/http_server_properties_impl.cc @@ -383,7 +383,7 @@ bool HttpServerPropertiesImpl::SetQuicAlternativeService( const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) { + const QuicTransportVersionVector& advertised_versions) { DCHECK(alternative_service.protocol == kProtoQUIC); return SetAlternativeServices( diff --git a/chromium/net/http/http_server_properties_impl.h b/chromium/net/http/http_server_properties_impl.h index 6bde8224c9f..9a0dfa36eef 100644 --- a/chromium/net/http/http_server_properties_impl.h +++ b/chromium/net/http/http_server_properties_impl.h @@ -8,7 +8,6 @@ #include <stddef.h> #include <stdint.h> -#include <deque> #include <map> #include <set> #include <string> @@ -108,7 +107,7 @@ class NET_EXPORT HttpServerPropertiesImpl const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) override; + const QuicTransportVersionVector& advertised_versions) override; bool SetAlternativeServices(const url::SchemeHostPort& origin, const AlternativeServiceInfoVector& alternative_service_info_vector) override; diff --git a/chromium/net/http/http_server_properties_manager.cc b/chromium/net/http/http_server_properties_manager.cc index db96b915dfb..30361742ee8 100644 --- a/chromium/net/http/http_server_properties_manager.cc +++ b/chromium/net/http/http_server_properties_manager.cc @@ -7,12 +7,9 @@ #include <utility> #include "base/bind.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" -#include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" -#include "base/threading/thread_task_runner_handle.h" #include "base/values.h" #include "net/base/ip_address.h" #include "net/base/port_util.h" @@ -89,11 +86,20 @@ void AddAlternativeServiceFieldsToDictionaryValue( } std::unique_ptr<base::Value> NetLogCallback( - const base::Value& http_server_properties_dict, + const base::Value* http_server_properties_dict, NetLogCaptureMode capture_mode) { - return std::make_unique<base::Value>(http_server_properties_dict.Clone()); + return http_server_properties_dict->CreateDeepCopy(); } +// A local or temporary data structure to hold preferences for a server. +// This is used only in UpdatePrefs. +struct ServerPref { + bool supports_spdy = false; + const AlternativeServiceInfoVector* alternative_service_info_vector = nullptr; + const SupportsQuic* supports_quic = nullptr; + const ServerNetworkStats* server_network_stats = nullptr; +}; + } // namespace //////////////////////////////////////////////////////////////////////////////// @@ -102,77 +108,30 @@ std::unique_ptr<base::Value> NetLogCallback( HttpServerPropertiesManager::PrefDelegate::~PrefDelegate() {} HttpServerPropertiesManager::HttpServerPropertiesManager( - PrefDelegate* pref_delegate, - scoped_refptr<base::SingleThreadTaskRunner> pref_task_runner, - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner, - NetLog* net_log) - : HttpServerPropertiesManager(pref_delegate, - std::move(pref_task_runner), - std::move(network_task_runner), - net_log, - nullptr) {} - -HttpServerPropertiesManager::HttpServerPropertiesManager( - PrefDelegate* pref_delegate, - scoped_refptr<base::SingleThreadTaskRunner> pref_task_runner, - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner, + std::unique_ptr<PrefDelegate> pref_delegate, NetLog* net_log, base::TickClock* clock) - : pref_task_runner_(std::move(pref_task_runner)), - pref_delegate_(pref_delegate), - setting_prefs_(false), + : pref_delegate_(std::move(pref_delegate)), clock_(clock ? clock : &default_clock_), - is_initialized_(false), - network_task_runner_(std::move(network_task_runner)), net_log_( NetLogWithSource::Make(net_log, NetLogSourceType::HTTP_SERVER_PROPERTIES)) { - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(pref_delegate_); DCHECK(clock_); - pref_weak_ptr_factory_.reset( - new base::WeakPtrFactory<HttpServerPropertiesManager>(this)); - pref_weak_ptr_ = pref_weak_ptr_factory_->GetWeakPtr(); - pref_cache_update_timer_.reset(new base::OneShotTimer); - pref_cache_update_timer_->SetTaskRunner(pref_task_runner_); + pref_delegate_->StartListeningForUpdates( base::Bind(&HttpServerPropertiesManager::OnHttpServerPropertiesChanged, base::Unretained(this))); -} - -HttpServerPropertiesManager::~HttpServerPropertiesManager() { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); - network_weak_ptr_factory_.reset(); -} - -void HttpServerPropertiesManager::InitializeOnNetworkSequence() { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); net_log_.BeginEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_INITIALIZATION); - network_weak_ptr_factory_.reset( - new base::WeakPtrFactory<HttpServerPropertiesManager>(this)); http_server_properties_impl_.reset(new HttpServerPropertiesImpl(clock_)); - - network_prefs_update_timer_.reset(new base::OneShotTimer); - network_prefs_update_timer_->SetTaskRunner(network_task_runner_); - // UpdateCacheFromPrefsOnPrefSequence() will post a task to network thread to - // update server properties. SetInitialized() will be run after that task is - // run as |network_task_runner_| is single threaded. - pref_task_runner_->PostTaskAndReply( - FROM_HERE, - base::Bind( - &HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence, - pref_weak_ptr_), - base::Bind(&HttpServerPropertiesManager::SetInitialized, - network_weak_ptr_factory_->GetWeakPtr())); } -void HttpServerPropertiesManager::ShutdownOnPrefSequence() { - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); - // Cancel any pending updates, and stop listening for pref change updates. - pref_cache_update_timer_->Stop(); - pref_weak_ptr_factory_.reset(); - pref_delegate_->StopListeningForUpdates(); +HttpServerPropertiesManager::~HttpServerPropertiesManager() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + // Flush settings on destruction. + UpdatePrefsFromCache(); } // static @@ -187,63 +146,59 @@ void HttpServerPropertiesManager::SetVersion( } void HttpServerPropertiesManager::Clear() { - Clear(base::Closure()); -} - -void HttpServerPropertiesManager::Clear(const base::Closure& completion) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->Clear(); - UpdatePrefsFromCacheOnNetworkSequence(completion); + UpdatePrefsFromCache(); } bool HttpServerPropertiesManager::SupportsRequestPriority( const url::SchemeHostPort& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->SupportsRequestPriority(server); } bool HttpServerPropertiesManager::GetSupportsSpdy( const url::SchemeHostPort& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetSupportsSpdy(server); } void HttpServerPropertiesManager::SetSupportsSpdy( const url::SchemeHostPort& server, bool support_spdy) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool old_support_spdy = http_server_properties_impl_->GetSupportsSpdy(server); http_server_properties_impl_->SetSupportsSpdy(server, support_spdy); bool new_support_spdy = http_server_properties_impl_->GetSupportsSpdy(server); if (old_support_spdy != new_support_spdy) - ScheduleUpdatePrefsOnNetworkSequence(SUPPORTS_SPDY); + ScheduleUpdatePrefs(SUPPORTS_SPDY); } bool HttpServerPropertiesManager::RequiresHTTP11(const HostPortPair& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->RequiresHTTP11(server); } void HttpServerPropertiesManager::SetHTTP11Required( const HostPortPair& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->SetHTTP11Required(server); - ScheduleUpdatePrefsOnNetworkSequence(HTTP_11_REQUIRED); + ScheduleUpdatePrefs(HTTP_11_REQUIRED); } void HttpServerPropertiesManager::MaybeForceHTTP11(const HostPortPair& server, SSLConfig* ssl_config) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->MaybeForceHTTP11(server, ssl_config); } AlternativeServiceInfoVector HttpServerPropertiesManager::GetAlternativeServiceInfos( const url::SchemeHostPort& origin) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetAlternativeServiceInfos(origin); } @@ -251,11 +206,11 @@ bool HttpServerPropertiesManager::SetHttp2AlternativeService( const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); const bool changed = http_server_properties_impl_->SetHttp2AlternativeService( origin, alternative_service, expiration); if (changed) { - ScheduleUpdatePrefsOnNetworkSequence(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); } return changed; } @@ -264,12 +219,12 @@ bool HttpServerPropertiesManager::SetQuicAlternativeService( const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + const QuicTransportVersionVector& advertised_versions) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); const bool changed = http_server_properties_impl_->SetQuicAlternativeService( origin, alternative_service, expiration, advertised_versions); if (changed) { - ScheduleUpdatePrefsOnNetworkSequence(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); } return changed; } @@ -277,49 +232,48 @@ bool HttpServerPropertiesManager::SetQuicAlternativeService( bool HttpServerPropertiesManager::SetAlternativeServices( const url::SchemeHostPort& origin, const AlternativeServiceInfoVector& alternative_service_info_vector) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); const bool changed = http_server_properties_impl_->SetAlternativeServices( origin, alternative_service_info_vector); if (changed) { - ScheduleUpdatePrefsOnNetworkSequence(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); } return changed; } void HttpServerPropertiesManager::MarkAlternativeServiceBroken( const AlternativeService& alternative_service) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->MarkAlternativeServiceBroken( alternative_service); - ScheduleUpdatePrefsOnNetworkSequence(MARK_ALTERNATIVE_SERVICE_BROKEN); + ScheduleUpdatePrefs(MARK_ALTERNATIVE_SERVICE_BROKEN); } void HttpServerPropertiesManager::MarkAlternativeServiceRecentlyBroken( const AlternativeService& alternative_service) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->MarkAlternativeServiceRecentlyBroken( alternative_service); - ScheduleUpdatePrefsOnNetworkSequence( - MARK_ALTERNATIVE_SERVICE_RECENTLY_BROKEN); + ScheduleUpdatePrefs(MARK_ALTERNATIVE_SERVICE_RECENTLY_BROKEN); } bool HttpServerPropertiesManager::IsAlternativeServiceBroken( const AlternativeService& alternative_service) const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->IsAlternativeServiceBroken( alternative_service); } bool HttpServerPropertiesManager::WasAlternativeServiceRecentlyBroken( const AlternativeService& alternative_service) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->WasAlternativeServiceRecentlyBroken( alternative_service); } void HttpServerPropertiesManager::ConfirmAlternativeService( const AlternativeService& alternative_service) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool old_value = http_server_properties_impl_->IsAlternativeServiceBroken( alternative_service); http_server_properties_impl_->ConfirmAlternativeService(alternative_service); @@ -328,43 +282,43 @@ void HttpServerPropertiesManager::ConfirmAlternativeService( // For persisting, we only care about the value returned by // IsAlternativeServiceBroken. If that value changes, then call persist. if (old_value != new_value) - ScheduleUpdatePrefsOnNetworkSequence(CONFIRM_ALTERNATIVE_SERVICE); + ScheduleUpdatePrefs(CONFIRM_ALTERNATIVE_SERVICE); } const AlternativeServiceMap& HttpServerPropertiesManager::alternative_service_map() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->alternative_service_map(); } std::unique_ptr<base::Value> HttpServerPropertiesManager::GetAlternativeServiceInfoAsValue() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetAlternativeServiceInfoAsValue(); } bool HttpServerPropertiesManager::GetSupportsQuic( IPAddress* last_address) const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetSupportsQuic(last_address); } void HttpServerPropertiesManager::SetSupportsQuic(bool used_quic, const IPAddress& address) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); IPAddress old_last_quic_addr; http_server_properties_impl_->GetSupportsQuic(&old_last_quic_addr); http_server_properties_impl_->SetSupportsQuic(used_quic, address); IPAddress new_last_quic_addr; http_server_properties_impl_->GetSupportsQuic(&new_last_quic_addr); if (old_last_quic_addr != new_last_quic_addr) - ScheduleUpdatePrefsOnNetworkSequence(SET_SUPPORTS_QUIC); + ScheduleUpdatePrefs(SET_SUPPORTS_QUIC); } void HttpServerPropertiesManager::SetServerNetworkStats( const url::SchemeHostPort& server, ServerNetworkStats stats) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ServerNetworkStats old_stats; const ServerNetworkStats* old_stats_ptr = http_server_properties_impl_->GetServerNetworkStats(server); @@ -374,70 +328,70 @@ void HttpServerPropertiesManager::SetServerNetworkStats( ServerNetworkStats new_stats = *(http_server_properties_impl_->GetServerNetworkStats(server)); if (old_stats != new_stats) - ScheduleUpdatePrefsOnNetworkSequence(SET_SERVER_NETWORK_STATS); + ScheduleUpdatePrefs(SET_SERVER_NETWORK_STATS); } void HttpServerPropertiesManager::ClearServerNetworkStats( const url::SchemeHostPort& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool need_update = http_server_properties_impl_->GetServerNetworkStats(server) != nullptr; http_server_properties_impl_->ClearServerNetworkStats(server); if (need_update) - ScheduleUpdatePrefsOnNetworkSequence(CLEAR_SERVER_NETWORK_STATS); + ScheduleUpdatePrefs(CLEAR_SERVER_NETWORK_STATS); } const ServerNetworkStats* HttpServerPropertiesManager::GetServerNetworkStats( const url::SchemeHostPort& server) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetServerNetworkStats(server); } const ServerNetworkStatsMap& HttpServerPropertiesManager::server_network_stats_map() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->server_network_stats_map(); } bool HttpServerPropertiesManager::SetQuicServerInfo( const QuicServerId& server_id, const std::string& server_info) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool changed = http_server_properties_impl_->SetQuicServerInfo(server_id, server_info); if (changed) - ScheduleUpdatePrefsOnNetworkSequence(SET_QUIC_SERVER_INFO); + ScheduleUpdatePrefs(SET_QUIC_SERVER_INFO); return changed; } const std::string* HttpServerPropertiesManager::GetQuicServerInfo( const QuicServerId& server_id) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->GetQuicServerInfo(server_id); } const QuicServerInfoMap& HttpServerPropertiesManager::quic_server_info_map() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->quic_server_info_map(); } size_t HttpServerPropertiesManager::max_server_configs_stored_in_properties() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_ ->max_server_configs_stored_in_properties(); } void HttpServerPropertiesManager::SetMaxServerConfigsStoredInProperties( size_t max_server_configs_stored_in_properties) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return http_server_properties_impl_->SetMaxServerConfigsStoredInProperties( max_server_configs_stored_in_properties); } bool HttpServerPropertiesManager::IsInitialized() const { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return is_initialized_; } @@ -452,37 +406,46 @@ base::TimeDelta HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting() { return kUpdatePrefsDelay; } -// -// Update the HttpServerPropertiesImpl's cache with data from preferences. -// -void HttpServerPropertiesManager::ScheduleUpdateCacheOnPrefThread() { - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); +void HttpServerPropertiesManager::ScheduleUpdateCacheForTesting() { + ScheduleUpdateCache(); +} + +void HttpServerPropertiesManager::ScheduleUpdateCache() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Do not schedule a new update if there is already one scheduled. - if (pref_cache_update_timer_->IsRunning()) + if (pref_cache_update_timer_.IsRunning()) return; - pref_cache_update_timer_->Start( + if (!is_initialized_) { + UpdateCacheFromPrefs(); + return; + } + + pref_cache_update_timer_.Start( FROM_HERE, kUpdateCacheDelay, this, - &HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence); + &HttpServerPropertiesManager::UpdateCacheFromPrefs); } -void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { - // The preferences can only be read on the pref thread. - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); +void HttpServerPropertiesManager::UpdateCacheFromPrefs() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); - if (!pref_delegate_->HasServerProperties()) - return; + if (!is_initialized_) { + net_log_.EndEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_INITIALIZATION); + is_initialized_ = true; + } - bool detected_corrupted_prefs = false; - const base::DictionaryValue& http_server_properties_dict = + const base::DictionaryValue* http_server_properties_dict = pref_delegate_->GetServerProperties(); + // If there are no preferences set, do nothing. + if (!http_server_properties_dict) + return; - net_log_.AddEvent( - NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_CACHE, - base::Bind(&NetLogCallback, http_server_properties_dict.Clone())); + bool detected_corrupted_prefs = false; + net_log_.AddEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_CACHE, + base::Bind(&NetLogCallback, http_server_properties_dict)); int version = kMissingVersion; - if (!http_server_properties_dict.GetIntegerWithoutPathExpansion(kVersionKey, - &version)) { + if (!http_server_properties_dict->GetIntegerWithoutPathExpansion(kVersionKey, + &version)) { DVLOG(1) << "Missing version. Clearing all properties."; return; } @@ -503,7 +466,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { // ... // }, ... // }, - if (!http_server_properties_dict.GetDictionaryWithoutPathExpansion( + if (!http_server_properties_dict->GetDictionaryWithoutPathExpansion( kServersKey, &servers_dict)) { DVLOG(1) << "Malformed http_server_properties for servers."; return; @@ -533,7 +496,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { // ... // ], ... // }, - if (!http_server_properties_dict.GetListWithoutPathExpansion( + if (!http_server_properties_dict->GetListWithoutPathExpansion( kServersKey, &servers_list)) { DVLOG(1) << "Malformed http_server_properties for servers list."; return; @@ -541,7 +504,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { } std::unique_ptr<IPAddress> addr = std::make_unique<IPAddress>(); - ReadSupportsQuic(http_server_properties_dict, addr.get()); + ReadSupportsQuic(*http_server_properties_dict, addr.get()); // String is "scheme://host:port" tuple of spdy server. std::unique_ptr<SpdyServersMap> spdy_servers_map( @@ -579,7 +542,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { } } - if (!AddToQuicServerInfoMap(http_server_properties_dict, + if (!AddToQuicServerInfoMap(*http_server_properties_dict, quic_server_info_map.get())) { detected_corrupted_prefs = true; } @@ -590,7 +553,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { std::unique_ptr<RecentlyBrokenAlternativeServices> recently_broken_alternative_services; const base::ListValue* broken_alt_svc_list; - if (http_server_properties_dict.GetListWithoutPathExpansion( + if (http_server_properties_dict->GetListWithoutPathExpansion( kBrokenAlternativeServicesKey, &broken_alt_svc_list)) { broken_alternative_service_list = std::make_unique<BrokenAlternativeServiceList>(); @@ -617,17 +580,45 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence() { } } - network_task_runner_->PostTask( - FROM_HERE, - base::Bind( - &HttpServerPropertiesManager::UpdateCacheFromPrefsOnNetworkSequence, - base::Unretained(this), base::Passed(&spdy_servers_map), - base::Passed(&alternative_service_map), base::Passed(&addr), - base::Passed(&server_network_stats_map), - base::Passed(&quic_server_info_map), - base::Passed(&broken_alternative_service_list), - base::Passed(&recently_broken_alternative_services), - detected_corrupted_prefs)); + // Set the properties loaded from prefs on |http_server_properties_impl_|. + + UMA_HISTOGRAM_COUNTS_1M("Net.CountOfSpdyServers", spdy_servers_map->size()); + http_server_properties_impl_->SetSpdyServers(std::move(spdy_servers_map)); + + // Update the cached data and use the new alternative service list from + // preferences. + UMA_HISTOGRAM_COUNTS_1M("Net.CountOfAlternateProtocolServers", + alternative_service_map->size()); + http_server_properties_impl_->SetAlternativeServiceServers( + std::move(alternative_service_map)); + + http_server_properties_impl_->SetSupportsQuic(*addr); + + http_server_properties_impl_->SetServerNetworkStats( + std::move(server_network_stats_map)); + + UMA_HISTOGRAM_COUNTS_1000("Net.CountOfQuicServerInfos", + quic_server_info_map->size()); + + http_server_properties_impl_->SetQuicServerInfoMap( + std::move(quic_server_info_map)); + + if (recently_broken_alternative_services) { + DCHECK(broken_alternative_service_list); + + UMA_HISTOGRAM_COUNTS_1000("Net.CountOfBrokenAlternativeServices", + broken_alternative_service_list->size()); + UMA_HISTOGRAM_COUNTS_1000("Net.CountOfRecentlyBrokenAlternativeServices", + recently_broken_alternative_services->size()); + + http_server_properties_impl_->SetBrokenAndRecentlyBrokenAlternativeServices( + std::move(broken_alternative_service_list), + std::move(recently_broken_alternative_services)); + } + + // Update the prefs with what we have read (delete all corrupted prefs). + if (detected_corrupted_prefs) + ScheduleUpdatePrefs(DETECTED_CORRUPTED_PREFS); } bool HttpServerPropertiesManager::AddToBrokenAlternativeServices( @@ -828,7 +819,7 @@ bool HttpServerPropertiesManager::ParseAlternativeServiceInfoDictOfServer( << "server: " << server_str; return false; } - QuicVersionVector advertised_versions; + QuicTransportVersionVector advertised_versions; for (const auto& value : *versions_list) { int version; if (!value.GetAsInteger(&version)) { @@ -836,7 +827,7 @@ bool HttpServerPropertiesManager::ParseAlternativeServiceInfoDictOfServer( << server_str; return false; } - advertised_versions.push_back(QuicVersion(version)); + advertised_versions.push_back(QuicTransportVersion(version)); } alternative_service_info->set_advertised_versions(advertised_versions); } @@ -982,87 +973,26 @@ bool HttpServerPropertiesManager::AddToQuicServerInfoMap( return !detected_corrupted_prefs; } -void HttpServerPropertiesManager::UpdateCacheFromPrefsOnNetworkSequence( - std::unique_ptr<SpdyServersMap> spdy_servers_map, - std::unique_ptr<AlternativeServiceMap> alternative_service_map, - std::unique_ptr<IPAddress> last_quic_address, - std::unique_ptr<ServerNetworkStatsMap> server_network_stats_map, - std::unique_ptr<QuicServerInfoMap> quic_server_info_map, - std::unique_ptr<BrokenAlternativeServiceList> - broken_alternative_service_list, - std::unique_ptr<RecentlyBrokenAlternativeServices> - recently_broken_alternative_services, - bool detected_corrupted_prefs) { - // Preferences have the master data because admins might have pushed new - // preferences. Update the cached data with new data from preferences. - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); - - UMA_HISTOGRAM_COUNTS_1M("Net.CountOfSpdyServers", spdy_servers_map->size()); - http_server_properties_impl_->SetSpdyServers(std::move(spdy_servers_map)); - - // Update the cached data and use the new alternative service list from - // preferences. - UMA_HISTOGRAM_COUNTS_1M("Net.CountOfAlternateProtocolServers", - alternative_service_map->size()); - http_server_properties_impl_->SetAlternativeServiceServers( - std::move(alternative_service_map)); - - http_server_properties_impl_->SetSupportsQuic(*last_quic_address); - - http_server_properties_impl_->SetServerNetworkStats( - std::move(server_network_stats_map)); - - UMA_HISTOGRAM_COUNTS_1000("Net.CountOfQuicServerInfos", - quic_server_info_map->size()); - - http_server_properties_impl_->SetQuicServerInfoMap( - std::move(quic_server_info_map)); - - if (recently_broken_alternative_services) { - DCHECK(broken_alternative_service_list); - - UMA_HISTOGRAM_COUNTS_1000("Net.CountOfBrokenAlternativeServices", - broken_alternative_service_list->size()); - UMA_HISTOGRAM_COUNTS_1000("Net.CountOfRecentlyBrokenAlternativeServices", - recently_broken_alternative_services->size()); - - http_server_properties_impl_->SetBrokenAndRecentlyBrokenAlternativeServices( - std::move(broken_alternative_service_list), - std::move(recently_broken_alternative_services)); - } - - // Update the prefs with what we have read (delete all corrupted prefs). - if (detected_corrupted_prefs) - ScheduleUpdatePrefsOnNetworkSequence(DETECTED_CORRUPTED_PREFS); -} - // // Update Preferences with data from the cached data. // -void HttpServerPropertiesManager::ScheduleUpdatePrefsOnNetworkSequence( - Location location) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); +void HttpServerPropertiesManager::ScheduleUpdatePrefs(Location location) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Do not schedule a new update if there is already one scheduled. - if (network_prefs_update_timer_->IsRunning()) + if (network_prefs_update_timer_.IsRunning()) return; - network_prefs_update_timer_->Start( + network_prefs_update_timer_.Start( FROM_HERE, kUpdatePrefsDelay, this, - &HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkSequence); + &HttpServerPropertiesManager::UpdatePrefsFromCache); // TODO(rtenneti): Delete the following histogram after collecting some data. UMA_HISTOGRAM_ENUMERATION("Net.HttpServerProperties.UpdatePrefs", location, HttpServerPropertiesManager::NUM_LOCATIONS); } -// This is required so we can set this as the callback for a timer. -void HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkSequence() { - UpdatePrefsFromCacheOnNetworkSequence(base::Closure()); -} - -void HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkSequence( - const base::Closure& completion) { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); +void HttpServerPropertiesManager::UpdatePrefsFromCache() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // It is in MRU order. std::unique_ptr<std::vector<std::string>> spdy_servers = @@ -1177,44 +1107,13 @@ void HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkSequence( std::unique_ptr<IPAddress> last_quic_addr = std::make_unique<IPAddress>(); http_server_properties_impl_->GetSupportsQuic(last_quic_addr.get()); - // Update the preferences on the pref thread. - pref_task_runner_->PostTask( - FROM_HERE, - base::Bind(&HttpServerPropertiesManager::UpdatePrefsOnPrefThread, - pref_weak_ptr_, base::Passed(&spdy_servers), - base::Passed(&alternative_service_map), - base::Passed(&last_quic_addr), - base::Passed(&server_network_stats_map), - base::Passed(&quic_server_info_map), - base::Passed(&broken_alt_svc_list), - base::Passed(&recently_broken_alt_svcs), completion)); -} -// A local or temporary data structure to hold preferences for a server. -// This is used only in UpdatePrefsOnPrefThread. -struct ServerPref { - bool supports_spdy = false; - const AlternativeServiceInfoVector* alternative_service_info_vector = nullptr; - const SupportsQuic* supports_quic = nullptr; - const ServerNetworkStats* server_network_stats = nullptr; -}; - -// All maps and lists are in MRU order. -void HttpServerPropertiesManager::UpdatePrefsOnPrefThread( - std::unique_ptr<std::vector<std::string>> spdy_servers, - std::unique_ptr<AlternativeServiceMap> alternative_service_map, - std::unique_ptr<IPAddress> last_quic_address, - std::unique_ptr<ServerNetworkStatsMap> server_network_stats_map, - std::unique_ptr<QuicServerInfoMap> quic_server_info_map, - std::unique_ptr<BrokenAlternativeServiceList> - broken_alternative_service_list, - std::unique_ptr<RecentlyBrokenAlternativeServices> - recently_broken_alternative_services, - const base::Closure& completion) { + // Now update the prefs. + // TODO(mmenke): Should this be inlined above? typedef base::MRUCache<url::SchemeHostPort, ServerPref> ServerPrefMap; ServerPrefMap server_pref_map(ServerPrefMap::NO_AUTO_EVICT); - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Add servers that support spdy to server_pref_map in the MRU order. DCHECK(spdy_servers); @@ -1296,31 +1195,24 @@ void HttpServerPropertiesManager::UpdatePrefsOnPrefThread( std::move(servers_list)); SetVersion(&http_server_properties_dict, kVersionNumber); - DCHECK(last_quic_address); - SaveSupportsQuicToPrefs(*last_quic_address, &http_server_properties_dict); + DCHECK(last_quic_addr); + SaveSupportsQuicToPrefs(*last_quic_addr, &http_server_properties_dict); if (quic_server_info_map) { SaveQuicServerInfoMapToServerPrefs(*quic_server_info_map, &http_server_properties_dict); } - SaveBrokenAlternativeServicesToPrefs( - broken_alternative_service_list.get(), - recently_broken_alternative_services.get(), &http_server_properties_dict); + SaveBrokenAlternativeServicesToPrefs(broken_alt_svc_list.get(), + recently_broken_alt_svcs.get(), + &http_server_properties_dict); setting_prefs_ = true; pref_delegate_->SetServerProperties(http_server_properties_dict); setting_prefs_ = false; - net_log_.AddEvent( - NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_PREFS, - base::Bind(&NetLogCallback, http_server_properties_dict.Clone())); - // Note that |completion| will be fired after we have written everything to - // the Preferences, but likely before these changes are serialized to disk. - // This is not a problem though, as JSONPrefStore guarantees that this will - // happen, pretty soon, and even in the case we shut down immediately. - if (!completion.is_null()) - completion.Run(); + net_log_.AddEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_PREFS, + base::Bind(&NetLogCallback, &http_server_properties_dict)); } void HttpServerPropertiesManager::SaveAlternativeServiceToServerPrefs( @@ -1468,15 +1360,9 @@ void HttpServerPropertiesManager::SaveBrokenAlternativeServicesToPrefs( } void HttpServerPropertiesManager::OnHttpServerPropertiesChanged() { - DCHECK(pref_task_runner_->RunsTasksInCurrentSequence()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (!setting_prefs_) - ScheduleUpdateCacheOnPrefThread(); -} - -void HttpServerPropertiesManager::SetInitialized() { - DCHECK(network_task_runner_->RunsTasksInCurrentSequence()); - is_initialized_ = true; - net_log_.EndEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_INITIALIZATION); + ScheduleUpdateCache(); } } // namespace net diff --git a/chromium/net/http/http_server_properties_manager.h b/chromium/net/http/http_server_properties_manager.h index c53a835943f..1d415475ac0 100644 --- a/chromium/net/http/http_server_properties_manager.h +++ b/chromium/net/http/http_server_properties_manager.h @@ -15,9 +15,10 @@ #include "base/gtest_prod_util.h" #include "base/macros.h" #include "base/memory/weak_ptr.h" +#include "base/sequence_checker.h" #include "base/time/default_tick_clock.h" +#include "base/time/time.h" #include "base/timer/timer.h" -#include "base/values.h" #include "net/base/host_port_pair.h" #include "net/base/net_export.h" #include "net/http/http_server_properties.h" @@ -25,7 +26,7 @@ #include "net/log/net_log_with_source.h" namespace base { -class SingleThreadTaskRunner; +class DictionaryValue; } namespace net { @@ -37,97 +38,47 @@ class IPAddress; // The manager for creating and updating an HttpServerProperties (for example it // tracks if a server supports SPDY or not). -// -// This class interacts with both the pref thread, where notifications of pref -// changes are received from, and the network thread, which owns it, and it -// persists the changes from network stack whether server supports SPDY or not. -// -// There are two SingleThreadTaskRunners: -// |pref_task_runner_| should be bound with the pref thread and is used to post -// cache update to the pref thread; -// |network_task_runner_| should be bound with the network thread and is used -// to post pref update to the cache thread. -// -// It must be constructed with correct task runners passed in to set up -// |pref_task_runner_| and |network_task_runner| as well as the prefs listeners. -// -// ShutdownOnPrefSequence must be called from pref thread before destruction, to -// release the prefs listeners on the pref thread. -// -// Class requires that update tasks from the Pref thread can post safely to the -// network thread, so the destruction order must guarantee that if |this| -// exists in pref thread, then a potential destruction on network thread will -// come after any task posted to network thread from that method on pref thread. -// This is used to go through network thread before the actual update starts, -// and grab a WeakPtr. class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { public: - // Provides an interface to interface with persistent preferences storage - // implemented by the embedder. + // Provides an interface to interact with persistent preferences storage + // implemented by the embedder. The prefs are assumed not to have been loaded + // before HttpServerPropertiesManager construction. class NET_EXPORT PrefDelegate { public: virtual ~PrefDelegate(); - // Returns true if the pref system has data for the server properties. - virtual bool HasServerProperties() = 0; - // Returns the branch of the preferences system for the server properties. - virtual const base::DictionaryValue& GetServerProperties() const = 0; + // Returns nullptr if the pref system has no data for the server properties. + virtual const base::DictionaryValue* GetServerProperties() const = 0; // Sets the server properties to the given value. virtual void SetServerProperties(const base::DictionaryValue& value) = 0; - // Start and stop listening for external storage changes. There will only - // be one callback active at a time. + // Starts listening for external storage changes. There will only be one + // callback active at a time. The first time the |callback| is invoked is + // expected to mean the initial pref store values have been loaded. virtual void StartListeningForUpdates(const base::Closure& callback) = 0; - virtual void StopListeningForUpdates() = 0; }; // Create an instance of the HttpServerPropertiesManager. // - // Ownership of the PrefDelegate pointer is taken by this class. This is - // passed as a raw pointer rather than a scoped_refptr currently because - // the test uses gmock and it doesn't forward move semantics properly. - // - // There are two SingleThreadTaskRunners: - // |pref_task_runner| should be bound with the pref thread and is used to post - // cache update to the pref thread; - // |network_task_runner| should be bound with the network thread and is used - // to post pref update to the cache thread. + // Server propertise will be loaded from |pref_delegate| the first time it + // notifies the HttpServerPropertiesManager of an update, indicating the prefs + // have been loaded from disk. // // |clock| is used for setting expiration times and scheduling the // expiration of broken alternative services. If null, the default clock will // be used. - HttpServerPropertiesManager( - PrefDelegate* pref_delegate, - scoped_refptr<base::SingleThreadTaskRunner> pref_task_runner, - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner, - NetLog* net_log, - base::TickClock* clock); - - // Default clock will be used. - HttpServerPropertiesManager( - PrefDelegate* pref_delegate, - scoped_refptr<base::SingleThreadTaskRunner> pref_task_runner, - scoped_refptr<base::SingleThreadTaskRunner> network_task_runner, - NetLog* net_log); + HttpServerPropertiesManager(std::unique_ptr<PrefDelegate> pref_delegate, + NetLog* net_log, + base::TickClock* clock = nullptr); ~HttpServerPropertiesManager() override; - // Initialize on Network thread. - void InitializeOnNetworkSequence(); - - // Prepare for shutdown. Must be called on the Pref thread before destruction. - void ShutdownOnPrefSequence(); - // Helper function for unit tests to set the version in the dictionary. static void SetVersion(base::DictionaryValue* http_server_properties_dict, int version_number); - // Deletes all data. Works asynchronously, but if a |completion| callback is - // provided, it will be fired on the pref thread when everything is done. - void Clear(const base::Closure& completion); - // ---------------------------------- // HttpServerProperties methods: // ---------------------------------- @@ -150,7 +101,7 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { const url::SchemeHostPort& origin, const AlternativeService& alternative_service, base::Time expiration, - const QuicVersionVector& advertised_versions) override; + const QuicTransportVersionVector& advertised_versions) override; bool SetAlternativeServices(const url::SchemeHostPort& origin, const AlternativeServiceInfoVector& alternative_service_info_vector) override; @@ -187,8 +138,10 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { static base::TimeDelta GetUpdateCacheDelayForTesting(); static base::TimeDelta GetUpdatePrefsDelayForTesting(); + void ScheduleUpdateCacheForTesting(); + protected: - // The location where ScheduleUpdatePrefsOnNetworkSequence was called. + // The location where ScheduleUpdatePrefs was called. // Must be kept up to date with HttpServerPropertiesUpdatePrefsLocation in // histograms.xml. enum Location { @@ -216,58 +169,21 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { // These are used to delay updating of the cached data in // |http_server_properties_impl_| while the preferences are changing, and // execute only one update per simultaneous prefs changes. - void ScheduleUpdateCacheOnPrefThread(); + void ScheduleUpdateCache(); // Update cached prefs in |http_server_properties_impl_| with data from - // preferences. It gets the data on pref thread and calls - // UpdateSpdyServersFromPrefsOnNetworkThread() to perform the update on - // network thread. - virtual void UpdateCacheFromPrefsOnPrefSequence(); - - // Starts the update of cached prefs in |http_server_properties_impl_| on the - // network thread. Protected for testing. - void UpdateCacheFromPrefsOnNetworkSequence( - std::unique_ptr<SpdyServersMap> spdy_servers_map, - std::unique_ptr<AlternativeServiceMap> alternative_service_map, - std::unique_ptr<IPAddress> last_quic_address, - std::unique_ptr<ServerNetworkStatsMap> server_network_stats_map, - std::unique_ptr<QuicServerInfoMap> quic_server_info_map, - std::unique_ptr<BrokenAlternativeServiceList> - broken_alternative_service_list, - std::unique_ptr<RecentlyBrokenAlternativeServices> - recently_broken_alternative_services, - bool detected_corrupted_prefs); + // preferences. + void UpdateCacheFromPrefs(); // These are used to delay updating the preferences when cached data in // |http_server_properties_impl_| is changing, and execute only one update per // simultaneous changes. - // |location| specifies where this method is called from. Virtual for testing. - virtual void ScheduleUpdatePrefsOnNetworkSequence(Location location); + // |location| specifies where this method is called from. + void ScheduleUpdatePrefs(Location location); // Update prefs::kHttpServerProperties in preferences with the cached data - // from |http_server_properties_impl_|. This gets the data on network thread - // and posts a task (UpdatePrefsOnPrefThread) to update preferences on pref - // thread. - void UpdatePrefsFromCacheOnNetworkSequence(); - - // Same as above, but fires an optional |completion| callback on pref thread - // when finished. Virtual for testing. - virtual void UpdatePrefsFromCacheOnNetworkSequence( - const base::Closure& completion); - - // Update prefs::kHttpServerProperties preferences on pref thread. Executes an - // optional |completion| callback when finished. Protected for testing. - void UpdatePrefsOnPrefThread( - std::unique_ptr<std::vector<std::string>> spdy_servers, - std::unique_ptr<AlternativeServiceMap> alternative_service_map, - std::unique_ptr<IPAddress> last_quic_address, - std::unique_ptr<ServerNetworkStatsMap> server_network_stats_map, - std::unique_ptr<QuicServerInfoMap> quic_server_info_map, - std::unique_ptr<BrokenAlternativeServiceList> - broken_alternative_service_list, - std::unique_ptr<RecentlyBrokenAlternativeServices> - recently_broken_alternative_services, - const base::Closure& completion); + // from |http_server_properties_impl_|. + void UpdatePrefsFromCache(); private: FRIEND_TEST_ALL_PREFIXES(HttpServerPropertiesManagerTest, @@ -336,50 +252,30 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { recently_broken_alternative_services, base::DictionaryValue* http_server_properties_dict); - void SetInitialized(); - base::DefaultTickClock default_clock_; - // ----------- - // Pref thread - // ----------- - - const scoped_refptr<base::SingleThreadTaskRunner> pref_task_runner_; - - base::WeakPtr<HttpServerPropertiesManager> pref_weak_ptr_; - // Used to post cache update tasks. - std::unique_ptr<base::OneShotTimer> pref_cache_update_timer_; + base::OneShotTimer pref_cache_update_timer_; std::unique_ptr<PrefDelegate> pref_delegate_; - bool setting_prefs_; + // Set to true while modifying prefs, to avoid loading those prefs again as a + // result of them being changed by the changes just made by this class. + bool setting_prefs_ = false; base::TickClock* clock_; // Unowned - // -------------- - // Network thread - // -------------- - - // Whether InitializeOnNetworkSequence() has completed. - bool is_initialized_; - - const scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_; + // Set to true once the initial prefs have been loaded. + bool is_initialized_ = false; // Used to post |prefs::kHttpServerProperties| pref update tasks. - std::unique_ptr<base::OneShotTimer> network_prefs_update_timer_; + base::OneShotTimer network_prefs_update_timer_; std::unique_ptr<HttpServerPropertiesImpl> http_server_properties_impl_; - // Used to get |weak_ptr_| to self on the pref thread. - std::unique_ptr<base::WeakPtrFactory<HttpServerPropertiesManager>> - pref_weak_ptr_factory_; - - // Used to get |weak_ptr_| to self on the network thread. - std::unique_ptr<base::WeakPtrFactory<HttpServerPropertiesManager>> - network_weak_ptr_factory_; - const NetLogWithSource net_log_; + SEQUENCE_CHECKER(sequence_checker_); + DISALLOW_COPY_AND_ASSIGN(HttpServerPropertiesManager); }; diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc index bcac29d3c86..75fbb888fc9 100644 --- a/chromium/net/http/http_server_properties_manager_unittest.cc +++ b/chromium/net/http/http_server_properties_manager_unittest.cc @@ -4,14 +4,12 @@ #include "net/http/http_server_properties_manager.h" -#include <memory> #include <utility> #include "base/bind.h" #include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/macros.h" -#include "base/memory/ptr_util.h" #include "base/memory/ref_counted.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_number_conversions.h" @@ -45,24 +43,22 @@ class MockPrefDelegate : public net::HttpServerPropertiesManager::PrefDelegate { ~MockPrefDelegate() override {} // HttpServerPropertiesManager::PrefDelegate implementation. - bool HasServerProperties() override { return true; } - const base::DictionaryValue& GetServerProperties() const override { - return prefs_; + const base::DictionaryValue* GetServerProperties() const override { + return &prefs_; } void SetServerProperties(const base::DictionaryValue& value) override { prefs_.Clear(); prefs_.MergeDictionary(&value); + ++num_pref_updates_; if (!prefs_changed_callback_.is_null()) prefs_changed_callback_.Run(); + if (!extra_prefs_changed_callback_.is_null()) + extra_prefs_changed_callback_.Run(); } void StartListeningForUpdates(const base::Closure& callback) override { CHECK(prefs_changed_callback_.is_null()); prefs_changed_callback_ = callback; } - void StopListeningForUpdates() override { - CHECK(!prefs_changed_callback_.is_null()); - prefs_changed_callback_ = base::Closure(); - } void SetPrefs(const base::DictionaryValue& value) { // prefs_ = value; @@ -72,87 +68,25 @@ class MockPrefDelegate : public net::HttpServerPropertiesManager::PrefDelegate { prefs_changed_callback_.Run(); } - private: - base::DictionaryValue prefs_; - base::Closure prefs_changed_callback_; - - DISALLOW_COPY_AND_ASSIGN(MockPrefDelegate); -}; - -class TestingHttpServerPropertiesManager : public HttpServerPropertiesManager { - public: - TestingHttpServerPropertiesManager( - HttpServerPropertiesManager::PrefDelegate* pref_delegate, - scoped_refptr<TestMockTimeTaskRunner> pref_task_runner, - scoped_refptr<TestMockTimeTaskRunner> net_task_runner, - base::TickClock* clock) - : HttpServerPropertiesManager(pref_delegate, - pref_task_runner, - net_task_runner, - nullptr, - clock), - pref_task_runner_(std::move(pref_task_runner)), - net_task_runner_(std::move(net_task_runner)) { - // This call must run in the context of |net_task_runner_|. - TestMockTimeTaskRunner::ScopedContext scoped_context(net_task_runner_); - HttpServerPropertiesManager::InitializeOnNetworkSequence(); - } - - ~TestingHttpServerPropertiesManager() override {} - - // Make these methods public for testing. - using HttpServerPropertiesManager::ScheduleUpdateCacheOnPrefThread; - - void UpdateCacheFromPrefsOnUIConcrete() { - TestMockTimeTaskRunner::ScopedContext scoped_context(pref_task_runner_); - HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefSequence(); - } - - void UpdatePrefsFromCacheOnNetworkSequenceConcrete( - const base::Closure& callback) { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_task_runner_); - HttpServerPropertiesManager::UpdatePrefsFromCacheOnNetworkSequence( - callback); - } - - void ScheduleUpdatePrefsOnNetworkSequenceConcrete(Location location) { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_task_runner_); - HttpServerPropertiesManager::ScheduleUpdatePrefsOnNetworkSequence(location); + int GetAndClearNumPrefUpdates() { + int out = num_pref_updates_; + num_pref_updates_ = 0; + return out; } - void ScheduleUpdatePrefsOnNetworkSequenceDefault() { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_task_runner_); - // Picked a random Location as caller. - HttpServerPropertiesManager::ScheduleUpdatePrefsOnNetworkSequence( - DETECTED_CORRUPTED_PREFS); + // Additional callback to call when prefs are updated, used to check prefs are + // updated on destruction. + void set_extra_update_prefs_callback(const base::Closure& callback) { + extra_prefs_changed_callback_ = callback; } - MOCK_METHOD0(UpdateCacheFromPrefsOnPrefSequence, void()); - MOCK_METHOD1(UpdatePrefsFromCacheOnNetworkSequence, - void(const base::Closure&)); - MOCK_METHOD1(ScheduleUpdatePrefsOnNetworkSequence, void(Location location)); - MOCK_METHOD6(UpdateCacheFromPrefsOnNetworkSequence, - void(std::vector<std::string>* spdy_servers, - AlternativeServiceMap* alternative_service_map, - IPAddress* last_quic_address, - ServerNetworkStatsMap* server_network_stats_map, - QuicServerInfoMap* quic_server_info_map, - bool detected_corrupted_prefs)); - MOCK_METHOD6(UpdatePrefsOnPrefThread, - void(base::ListValue* spdy_server_list, - AlternativeServiceMap* alternative_service_map, - IPAddress* last_quic_address, - ServerNetworkStatsMap* server_network_stats_map, - QuicServerInfoMap* quic_server_info_map, - const base::Closure& completion)); - private: - // References to the underlying task runners, used to simulate running in - // their contexts where required. - scoped_refptr<TestMockTimeTaskRunner> pref_task_runner_; - scoped_refptr<TestMockTimeTaskRunner> net_task_runner_; + base::DictionaryValue prefs_; + base::Closure prefs_changed_callback_; + base::Closure extra_prefs_changed_callback_; + int num_pref_updates_ = 0; - DISALLOW_COPY_AND_ASSIGN(TestingHttpServerPropertiesManager); + DISALLOW_COPY_AND_ASSIGN(MockPrefDelegate); }; } // namespace @@ -169,71 +103,29 @@ class HttpServerPropertiesManagerTest : public testing::TestWithParam<int> { one_day_from_now_ = base::Time::Now() + base::TimeDelta::FromDays(1); advertised_versions_ = HttpNetworkSession::Params().quic_supported_versions; pref_delegate_ = new MockPrefDelegate; - net_test_task_runner_clock_ = net_test_task_runner_->GetMockTickClock(); - http_server_props_manager_.reset( - new StrictMock<TestingHttpServerPropertiesManager>( - pref_delegate_, pref_test_task_runner_.task_runner(), - net_test_task_runner_, net_test_task_runner_clock_.get())); + + net_test_task_runner_clock_ = test_task_runner_->GetMockTickClock(); + http_server_props_manager_ = std::make_unique<HttpServerPropertiesManager>( + base::WrapUnique(pref_delegate_), /*net_log=*/nullptr, + net_test_task_runner_clock_.get()); EXPECT_FALSE(http_server_props_manager_->IsInitialized()); - ExpectCacheUpdate(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->RunUntilIdle(); - net_test_task_runner_->RunUntilIdle(); + pref_delegate_->SetPrefs(base::DictionaryValue()); EXPECT_TRUE(http_server_props_manager_->IsInitialized()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); } void TearDown() override { - if (http_server_props_manager_.get()) - http_server_props_manager_->ShutdownOnPrefSequence(); // Run pending non-delayed tasks but don't FastForwardUntilNoTasksRemain() // as some delayed tasks may forever repost (e.g. because impl doesn't use a // mock clock and doesn't see timings as having expired, ref. // HttpServerPropertiesImpl:: // ScheduleBrokenAlternateProtocolMappingsExpiration()). - pref_test_task_runner_->RunUntilIdle(); - net_test_task_runner_->RunUntilIdle(); + test_task_runner_->RunUntilIdle(); http_server_props_manager_.reset(); } - void ExpectCacheUpdate() { - EXPECT_CALL(*http_server_props_manager_, - UpdateCacheFromPrefsOnPrefSequence()) - .WillOnce(Invoke(http_server_props_manager_.get(), - &TestingHttpServerPropertiesManager:: - UpdateCacheFromPrefsOnUIConcrete)); - } - - void ExpectScheduleUpdatePrefsOnNetworkSequence() { - EXPECT_CALL(*http_server_props_manager_, - ScheduleUpdatePrefsOnNetworkSequence(_)) - .WillOnce(Invoke(http_server_props_manager_.get(), - &TestingHttpServerPropertiesManager:: - ScheduleUpdatePrefsOnNetworkSequenceConcrete)); - } - - void ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(int times) { - EXPECT_CALL(*http_server_props_manager_, - ScheduleUpdatePrefsOnNetworkSequence(_)) - .Times(AtLeast(times)) - .WillRepeatedly( - Invoke(http_server_props_manager_.get(), - &TestingHttpServerPropertiesManager:: - ScheduleUpdatePrefsOnNetworkSequenceConcrete)); - } - - void ExpectPrefsUpdate(int times) { - EXPECT_CALL(*http_server_props_manager_, - UpdatePrefsFromCacheOnNetworkSequence(_)) - .Times(times) - .WillRepeatedly( - Invoke(http_server_props_manager_.get(), - &TestingHttpServerPropertiesManager:: - UpdatePrefsFromCacheOnNetworkSequenceConcrete)); - } - bool HasAlternativeService(const url::SchemeHostPort& server) { const AlternativeServiceInfoVector alternative_service_info_vector = http_server_props_manager_->GetAlternativeServiceInfos(server); @@ -241,20 +133,12 @@ class HttpServerPropertiesManagerTest : public testing::TestWithParam<int> { } MockPrefDelegate* pref_delegate_; // Owned by HttpServerPropertiesManager. - std::unique_ptr<TestingHttpServerPropertiesManager> - http_server_props_manager_; + std::unique_ptr<HttpServerPropertiesManager> http_server_props_manager_; base::Time one_day_from_now_; - QuicVersionVector advertised_versions_; - - // Overrides the main thread's message loop with a mock tick clock. Making the - // main thread the |pref_test_task_runner_| matches expectations better than - // having an independent TestMockTimeTaskRunner and makes tests easier to - // write. - base::ScopedMockTimeMessageLoopTaskRunner pref_test_task_runner_; + QuicTransportVersionVector advertised_versions_; - // Mock the net task runner as well. - scoped_refptr<TestMockTimeTaskRunner> net_test_task_runner_ = - new TestMockTimeTaskRunner; + // Overrides the main thread's message loop with a mock tick clock. + base::ScopedMockTimeMessageLoopTaskRunner test_task_runner_; std::unique_ptr<base::TickClock> net_test_task_runner_clock_; @@ -268,8 +152,6 @@ INSTANTIATE_TEST_CASE_P(/* no prefix */, TEST_P(HttpServerPropertiesManagerTest, SingleUpdateForTwoSpdyServerPrefChanges) { - ExpectCacheUpdate(); - // Set up the prefs for https://www.google.com and https://mail.google.com and // then set it twice. Only expect a single cache update. @@ -390,15 +272,9 @@ TEST_P(HttpServerPropertiesManagerTest, pref_delegate_->SetPrefs(http_server_properties_dict); pref_delegate_->SetPrefs(http_server_properties_dict); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + // Should be a delayed task to update the cache from the prefs file. + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); // Verify SupportsSpdy. EXPECT_TRUE( @@ -464,11 +340,6 @@ TEST_P(HttpServerPropertiesManagerTest, } TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { - ExpectCacheUpdate(); - // The prefs are automatically updated in the case corruption is detected. - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - auto server_pref_dict = std::make_unique<base::DictionaryValue>(); // Set supports_spdy for www.google.com:65536. @@ -525,17 +396,11 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { // Set up the pref. pref_delegate_->SetPrefs(http_server_properties_dict); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + // Prefs should have been overwritten, due to the bad data. + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Verify that nothing is set. HostPortPair google_host_port_pair = @@ -553,11 +418,6 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { } TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { - ExpectCacheUpdate(); - // The prefs are automatically updated in the case corruption is detected. - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - auto server_pref_dict = std::make_unique<base::DictionaryValue>(); // Set supports_spdy for www.google.com:80. @@ -598,17 +458,11 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { // Set up the pref. pref_delegate_->SetPrefs(http_server_properties_dict); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + // Prefs should have been overwritten, due to the bad data. + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Verify alternative service is not set. EXPECT_FALSE( @@ -616,31 +470,28 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { } TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - - // Post an update task to the network thread. SetSupportsSpdy calls - // ScheduleUpdatePrefsOnNetworkSequence. - // Add mail.google.com:443 as a supporting spdy server. url::SchemeHostPort spdy_server("https", "mail.google.com", 443); EXPECT_FALSE( http_server_props_manager_->SupportsRequestPriority(spdy_server)); http_server_props_manager_->SetSupportsSpdy(spdy_server, true); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // Setting the value to the same thing again should not trigger another pref + // update. http_server_props_manager_->SetSupportsSpdy(spdy_server, true); // Run the task. - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); + + // Setting the value to the same thing again should not trigger another pref + // update. + http_server_props_manager_->SetSupportsSpdy(spdy_server, true); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); EXPECT_TRUE(http_server_props_manager_->SupportsRequestPriority(spdy_server)); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); } // Regression test for crbug.com/670519. Test that there is only one pref update @@ -649,86 +500,64 @@ TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) { // completed. TEST_P(HttpServerPropertiesManagerTest, SinglePrefUpdateForTwoSpdyServerCacheChanges) { - ExpectPrefsUpdate(2); - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(3); - - // Post an update task to the network thread. SetSupportsSpdy calls - // ScheduleUpdatePrefsOnNetworkSequence with a delay of 60ms. + // Post an update task. SetSupportsSpdy calls ScheduleUpdatePrefs with a delay + // of 60ms. url::SchemeHostPort spdy_server("https", "mail.google.com", 443); EXPECT_FALSE( http_server_props_manager_->SupportsRequestPriority(spdy_server)); http_server_props_manager_->SetSupportsSpdy(spdy_server, true); - // The pref update task should be scheduled to network thread. - EXPECT_EQ(1u, net_test_task_runner_->GetPendingTaskCount()); + // The pref update task should be scheduled. + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Move forward the task runner short by 20ms. - net_test_task_runner_->FastForwardBy( + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting() - base::TimeDelta::FromMilliseconds(20)); // Set another spdy server to trigger another call to - // ScheduleUpdatePrefsOnNetworkSequence. There should be no new update posted - // to the network thread. + // ScheduleUpdatePrefs. There should be no new update posted. url::SchemeHostPort spdy_server2("https", "drive.google.com", 443); http_server_props_manager_->SetSupportsSpdy(spdy_server2, true); - EXPECT_EQ(1u, net_test_task_runner_->GetPendingTaskCount()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Move forward the extra 20ms. The pref update should be executed. - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMilliseconds(20)); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMilliseconds(20)); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); EXPECT_TRUE(http_server_props_manager_->SupportsRequestPriority(spdy_server)); EXPECT_TRUE( http_server_props_manager_->SupportsRequestPriority(spdy_server2)); // Set the third spdy server to trigger one more call to - // ScheduleUpdatePrefsOnNetworkSequence. A new update task should be posted to - // network thread now since the previous one is completed. + // ScheduleUpdatePrefs. A new update task should be posted now since the + // previous one is completed. url::SchemeHostPort spdy_server3("https", "maps.google.com", 443); http_server_props_manager_->SetSupportsSpdy(spdy_server3, true); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_EQ(1u, net_test_task_runner_->GetPendingTaskCount()); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Run the task. - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); } TEST_P(HttpServerPropertiesManagerTest, GetAlternativeServiceInfos) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); const AlternativeService alternative_service(kProtoHTTP2, "mail.google.com", 443); http_server_props_manager_->SetHttp2AlternativeService( spdy_server_mail, alternative_service, one_day_from_now_); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // ExpectScheduleUpdatePrefs() should be called only once. http_server_props_manager_->SetHttp2AlternativeService( spdy_server_mail, alternative_service, one_day_from_now_); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); AlternativeServiceInfoVector alternative_service_info_vector = http_server_props_manager_->GetAlternativeServiceInfos(spdy_server_mail); @@ -738,9 +567,6 @@ TEST_P(HttpServerPropertiesManagerTest, GetAlternativeServiceInfos) { } TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); AlternativeServiceInfoVector alternative_service_info_vector; @@ -756,20 +582,14 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) { alternative_service2, one_day_from_now_, advertised_versions_)); http_server_props_manager_->SetAlternativeServices( spdy_server_mail, alternative_service_info_vector); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // ExpectScheduleUpdatePrefs() should be called only once. http_server_props_manager_->SetAlternativeServices( spdy_server_mail, alternative_service_info_vector); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); AlternativeServiceInfoVector alternative_service_info_vector2 = http_server_props_manager_->GetAlternativeServiceInfos(spdy_server_mail); @@ -788,114 +608,83 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServicesEmpty) { http_server_props_manager_->SetAlternativeServices( spdy_server_mail, AlternativeServiceInfoVector()); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should not be called. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); } TEST_P(HttpServerPropertiesManagerTest, ConfirmAlternativeService) { - ExpectPrefsUpdate(1); - url::SchemeHostPort spdy_server_mail; AlternativeService alternative_service; - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); + spdy_server_mail = url::SchemeHostPort("http", "mail.google.com", 80); + EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); + alternative_service = AlternativeService(kProtoHTTP2, "mail.google.com", 443); - spdy_server_mail = url::SchemeHostPort("http", "mail.google.com", 80); - EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); - alternative_service = - AlternativeService(kProtoHTTP2, "mail.google.com", 443); + http_server_props_manager_->SetHttp2AlternativeService( + spdy_server_mail, alternative_service, one_day_from_now_); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - http_server_props_manager_->SetHttp2AlternativeService( - spdy_server_mail, alternative_service, one_day_from_now_); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - alternative_service)); - EXPECT_FALSE( - http_server_props_manager_->WasAlternativeServiceRecentlyBroken( - alternative_service)); + http_server_props_manager_->MarkAlternativeServiceBroken(alternative_service); + EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_TRUE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - http_server_props_manager_->MarkAlternativeServiceBroken( - alternative_service); - EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( - alternative_service)); - EXPECT_TRUE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( - alternative_service)); + // In addition to the pref update task, there's now a task to mark the + // alternative service as no longer broken. + EXPECT_EQ(2u, test_task_runner_->GetPendingTaskCount()); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - http_server_props_manager_->ConfirmAlternativeService(alternative_service); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - alternative_service)); - EXPECT_FALSE( - http_server_props_manager_->WasAlternativeServiceRecentlyBroken( - alternative_service)); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. - http_server_props_manager_->ConfirmAlternativeService(alternative_service); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - alternative_service)); - EXPECT_FALSE( - http_server_props_manager_->WasAlternativeServiceRecentlyBroken( - alternative_service)); - } + http_server_props_manager_->ConfirmAlternativeService(alternative_service); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); + + EXPECT_EQ(2u, test_task_runner_->GetPendingTaskCount()); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - alternative_service)); - EXPECT_FALSE( - http_server_props_manager_->WasAlternativeServiceRecentlyBroken( - alternative_service)); - } + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); + + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); } TEST_P(HttpServerPropertiesManagerTest, SupportsQuic) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - IPAddress address; EXPECT_FALSE(http_server_props_manager_->GetSupportsQuic(&address)); IPAddress actual_address(127, 0, 0, 1); http_server_props_manager_->SetSupportsQuic(true, actual_address); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // Another task should not be scheduled. http_server_props_manager_->SetSupportsQuic(true, actual_address); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); EXPECT_TRUE(http_server_props_manager_->GetSupportsQuic(&address)); EXPECT_EQ(actual_address, address); + + // Another task should not be scheduled. + http_server_props_manager_->SetSupportsQuic(true, actual_address); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); } TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - url::SchemeHostPort mail_server("http", "mail.google.com", 80); const ServerNetworkStats* stats = http_server_props_manager_->GetServerNetworkStats(mail_server); @@ -903,76 +692,64 @@ TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) { ServerNetworkStats stats1; stats1.srtt = base::TimeDelta::FromMicroseconds(10); http_server_props_manager_->SetServerNetworkStats(mail_server, stats1); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // Another task should not be scheduled. http_server_props_manager_->SetServerNetworkStats(mail_server, stats1); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + // Another task should not be scheduled. + http_server_props_manager_->SetServerNetworkStats(mail_server, stats1); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); const ServerNetworkStats* stats2 = http_server_props_manager_->GetServerNetworkStats(mail_server); EXPECT_EQ(10, stats2->srtt.ToInternalValue()); - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - http_server_props_manager_->ClearServerNetworkStats(mail_server); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_EQ(nullptr, http_server_props_manager_->GetServerNetworkStats(mail_server)); } TEST_P(HttpServerPropertiesManagerTest, QuicServerInfo) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequence(); - QuicServerId mail_quic_server_id("mail.google.com", 80); EXPECT_EQ(nullptr, http_server_props_manager_->GetQuicServerInfo(mail_quic_server_id)); std::string quic_server_info1("quic_server_info1"); http_server_props_manager_->SetQuicServerInfo(mail_quic_server_id, quic_server_info1); - // ExpectScheduleUpdatePrefsOnNetworkSequence() should be called only once. + // Another task should not be scheduled. http_server_props_manager_->SetQuicServerInfo(mail_quic_server_id, quic_server_info1); // Run the task. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); EXPECT_EQ(quic_server_info1, *http_server_props_manager_->GetQuicServerInfo( mail_quic_server_id)); + + // Another task should not be scheduled. + http_server_props_manager_->SetQuicServerInfo(mail_quic_server_id, + quic_server_info1); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); } TEST_P(HttpServerPropertiesManagerTest, Clear) { - ExpectPrefsUpdate(1); - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(5); - const url::SchemeHostPort spdy_server("https", "mail.google.com", 443); const IPAddress actual_address(127, 0, 0, 1); const QuicServerId mail_quic_server_id("mail.google.com", 80); @@ -981,38 +758,34 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) { 1234); const AlternativeService broken_alternative_service( kProtoHTTP2, "broken.google.com", 1234); - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - - AlternativeServiceInfoVector alt_svc_info_vector; - alt_svc_info_vector.push_back( - AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( - alternative_service, one_day_from_now_)); - alt_svc_info_vector.push_back( - AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( - broken_alternative_service, one_day_from_now_)); - http_server_props_manager_->SetAlternativeServices(spdy_server, - alt_svc_info_vector); - http_server_props_manager_->MarkAlternativeServiceBroken( - broken_alternative_service); - http_server_props_manager_->SetSupportsSpdy(spdy_server, true); - http_server_props_manager_->SetSupportsQuic(true, actual_address); - ServerNetworkStats stats; - stats.srtt = base::TimeDelta::FromMicroseconds(10); - http_server_props_manager_->SetServerNetworkStats(spdy_server, stats); - - http_server_props_manager_->SetQuicServerInfo(mail_quic_server_id, - quic_server_info1); - } + AlternativeServiceInfoVector alt_svc_info_vector; + alt_svc_info_vector.push_back( + AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( + alternative_service, one_day_from_now_)); + alt_svc_info_vector.push_back( + AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( + broken_alternative_service, one_day_from_now_)); + http_server_props_manager_->SetAlternativeServices(spdy_server, + alt_svc_info_vector); + + http_server_props_manager_->MarkAlternativeServiceBroken( + broken_alternative_service); + http_server_props_manager_->SetSupportsSpdy(spdy_server, true); + http_server_props_manager_->SetSupportsQuic(true, actual_address); + ServerNetworkStats stats; + stats.srtt = base::TimeDelta::FromMicroseconds(10); + http_server_props_manager_->SetServerNetworkStats(spdy_server, stats); + + http_server_props_manager_->SetQuicServerInfo(mail_quic_server_id, + quic_server_info1); // Advance time by just enough so that the prefs update task is executed but // not the task to expire the brokenness of |broken_alternative_service|. - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy( + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( broken_alternative_service)); @@ -1027,18 +800,10 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) { EXPECT_EQ(quic_server_info1, *http_server_props_manager_->GetQuicServerInfo( mail_quic_server_id)); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - - ExpectPrefsUpdate(1); - - // Clear http server data and run the ensuing non-delayed prefs update. - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - http_server_props_manager_->Clear(); - } - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->RunUntilIdle(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + // Clear http server data, which should instantly update prefs. + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + http_server_props_manager_->Clear(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( broken_alternative_service)); @@ -1051,15 +816,11 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) { EXPECT_EQ(nullptr, stats2); EXPECT_EQ(nullptr, http_server_props_manager_->GetQuicServerInfo(mail_quic_server_id)); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); } // https://crbug.com/444956: Add 200 alternative_service servers followed by // supports_quic and verify we have read supports_quic from prefs. TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { - ExpectCacheUpdate(); - auto servers_dict = std::make_unique<base::DictionaryValue>(); std::unique_ptr<base::ListValue> servers_list; if (GetParam() >= 4) @@ -1125,16 +886,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { // Set up the pref. pref_delegate_->SetPrefs(http_server_properties_dict); - - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + test_task_runner_->FastForwardUntilNoTasksRemain(); // Verify alternative service. for (int i = 1; i <= 200; ++i) { @@ -1161,8 +913,6 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { } TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(7); - const url::SchemeHostPort server_www("https", "www.google.com", 80); const url::SchemeHostPort server_mail("https", "mail.google.com", 80); @@ -1191,16 +941,10 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { ASSERT_TRUE(http_server_props_manager_->SetHttp2AlternativeService( server_mail, mail_alternative_service, expiration3)); - // #3 & #4: Mark alternate protocol broken/recently broken. - { - base::TestMockTimeTaskRunner::ScopedContext net_test_task_runner_context( - net_test_task_runner_); - - http_server_props_manager_->MarkAlternativeServiceBroken( - www_alternative_service2); - http_server_props_manager_->MarkAlternativeServiceRecentlyBroken( - mail_alternative_service); - } + http_server_props_manager_->MarkAlternativeServiceBroken( + www_alternative_service2); + http_server_props_manager_->MarkAlternativeServiceRecentlyBroken( + mail_alternative_service); // #5: Set ServerNetworkStats. ServerNetworkStats stats; @@ -1220,20 +964,16 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { base::Time time_before_prefs_update = base::Time::Now(); // Update Prefs. - // |net_test_task_runner_| has a remaining pending task to expire + // |test_task_runner_| has a remaining pending task to expire // |www_alternative_service2| in 5 minutes. Fast forward enough such // that the prefs update task is executed but not the task to expire // |broken_alternative_service|. - ExpectPrefsUpdate(1); - EXPECT_EQ(2u, net_test_task_runner_->GetPendingTaskCount()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy( + EXPECT_EQ(2u, test_task_runner_->GetPendingTaskCount()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting()); - EXPECT_EQ(1u, net_test_task_runner_->GetPendingTaskCount()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_EQ(1u, net_test_task_runner_->GetPendingTaskCount()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); base::Time time_after_prefs_update = base::Time::Now(); @@ -1248,7 +988,8 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { // A copy of |pref_delegate_|'s server dict will be created, and the broken // alternative service's "broken_until" field is removed and verified // separately. The rest of the server dict copy is verified afterwards. - base::Value server_value_copy = pref_delegate_->GetServerProperties().Clone(); + base::Value server_value_copy = + pref_delegate_->GetServerProperties()->Clone(); // Extract and remove the "broken_until" string for "www.google.com:1234". base::DictionaryValue* server_dict; @@ -1313,39 +1054,34 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { TEST_P(HttpServerPropertiesManagerTest, SingleCacheUpdateForMultipleUpdatesScheduled) { + EXPECT_EQ(0u, test_task_runner_->GetPendingTaskCount()); // Update cache. - ExpectCacheUpdate(); - - EXPECT_EQ(0u, pref_test_task_runner_->GetPendingTaskCount()); - // Update cache. - http_server_props_manager_->ScheduleUpdateCacheOnPrefThread(); - EXPECT_EQ(1u, pref_test_task_runner_->GetPendingTaskCount()); + http_server_props_manager_->ScheduleUpdateCacheForTesting(); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Move forward the task runner short by 20ms. - pref_test_task_runner_->FastForwardBy( + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdateCacheDelayForTesting() - base::TimeDelta::FromMilliseconds(20)); // Schedule a new cache update within the time window should be a no-op. - http_server_props_manager_->ScheduleUpdateCacheOnPrefThread(); - EXPECT_EQ(1u, pref_test_task_runner_->GetPendingTaskCount()); + http_server_props_manager_->ScheduleUpdateCacheForTesting(); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Move forward the task runner the extra 20ms, now the cache update should be // executed. - pref_test_task_runner_->FastForwardBy(base::TimeDelta::FromMilliseconds(20)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMilliseconds(20)); // Since this test has no pref corruption, there shouldn't be any pref update. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); // Schedule one more cache update. The task should be successfully scheduled - // on pref task runner. - ExpectCacheUpdate(); - http_server_props_manager_->ScheduleUpdateCacheOnPrefThread(); - EXPECT_EQ(1u, pref_test_task_runner_->GetPendingTaskCount()); - - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); + // on the task runner. + http_server_props_manager_->ScheduleUpdateCacheForTesting(); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); } TEST_P(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) { @@ -1419,69 +1155,54 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotLoadAltSvcForInsecureOrigins) { // Do not persist expired alternative service entries to disk. TEST_P(HttpServerPropertiesManagerTest, DoNotPersistExpiredAlternativeService) { - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(2); - - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - - AlternativeServiceInfoVector alternative_service_info_vector; + AlternativeServiceInfoVector alternative_service_info_vector; - const AlternativeService broken_alternative_service( - kProtoHTTP2, "broken.example.com", 443); - const base::Time time_one_day_later = - base::Time::Now() + base::TimeDelta::FromDays(1); - alternative_service_info_vector.push_back( - AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( - broken_alternative_service, time_one_day_later)); - // #1: MarkAlternativeServiceBroken(). - http_server_props_manager_->MarkAlternativeServiceBroken( - broken_alternative_service); - - const AlternativeService expired_alternative_service( - kProtoHTTP2, "expired.example.com", 443); - const base::Time time_one_day_ago = - base::Time::Now() - base::TimeDelta::FromDays(1); - alternative_service_info_vector.push_back( - AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( - expired_alternative_service, time_one_day_ago)); - - const AlternativeService valid_alternative_service( - kProtoHTTP2, "valid.example.com", 443); - alternative_service_info_vector.push_back( - AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( - valid_alternative_service, time_one_day_later)); - - const url::SchemeHostPort server("https", "www.example.com", 443); - // #2: SetAlternativeServices(). - ASSERT_TRUE(http_server_props_manager_->SetAlternativeServices( - server, alternative_service_info_vector)); - } + const AlternativeService broken_alternative_service( + kProtoHTTP2, "broken.example.com", 443); + const base::Time time_one_day_later = + base::Time::Now() + base::TimeDelta::FromDays(1); + alternative_service_info_vector.push_back( + AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( + broken_alternative_service, time_one_day_later)); + // #1: MarkAlternativeServiceBroken(). + http_server_props_manager_->MarkAlternativeServiceBroken( + broken_alternative_service); + + const AlternativeService expired_alternative_service( + kProtoHTTP2, "expired.example.com", 443); + const base::Time time_one_day_ago = + base::Time::Now() - base::TimeDelta::FromDays(1); + alternative_service_info_vector.push_back( + AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( + expired_alternative_service, time_one_day_ago)); - // Update cache. - ExpectPrefsUpdate(1); + const AlternativeService valid_alternative_service(kProtoHTTP2, + "valid.example.com", 443); + alternative_service_info_vector.push_back( + AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( + valid_alternative_service, time_one_day_later)); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + const url::SchemeHostPort server("https", "www.example.com", 443); + // #2: SetAlternativeServices(). + ASSERT_TRUE(http_server_props_manager_->SetAlternativeServices( + server, alternative_service_info_vector)); // |net_test_task_runner_| has a remaining pending task to expire // |broken_alternative_service| at |time_one_day_later|. Fast forward enough // such that the prefs update task is executed but not the task to expire // |broken_alternative_service|. - EXPECT_EQ(2U, net_test_task_runner_->GetPendingTaskCount()); - net_test_task_runner_->FastForwardBy( + EXPECT_EQ(2U, test_task_runner_->GetPendingTaskCount()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting()); - EXPECT_EQ(1U, net_test_task_runner_->GetPendingTaskCount()); - - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_EQ(1U, net_test_task_runner_->GetPendingTaskCount()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(1U, test_task_runner_->GetPendingTaskCount()); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); - const base::DictionaryValue& pref_dict = + const base::DictionaryValue* pref_dict = pref_delegate_->GetServerProperties(); const base::ListValue* servers_list = nullptr; - ASSERT_TRUE(pref_dict.GetListWithoutPathExpansion("servers", &servers_list)); + ASSERT_TRUE(pref_dict->GetListWithoutPathExpansion("servers", &servers_list)); base::ListValue::const_iterator it = servers_list->begin(); const base::DictionaryValue* server_pref_dict; ASSERT_TRUE(it->GetAsDictionary(&server_pref_dict)); @@ -1551,110 +1272,16 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) { EXPECT_EQ(one_day_from_now_, alternative_service_info_vector[0].expiration()); } -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdateCache0) { - // Post an update task to the UI thread. - http_server_props_manager_->ScheduleUpdateCacheOnPrefThread(); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - http_server_props_manager_.reset(); - // Run the task after shutdown and deletion. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); -} - -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdateCache1) { - // Post an update task. - http_server_props_manager_->ScheduleUpdateCacheOnPrefThread(); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - // Run the task after shutdown, but before deletion. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); +// Make sure prefs are updated on destruction. +TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsOnShutdown) { + int pref_updates = 0; + pref_delegate_->set_extra_update_prefs_callback( + base::Bind([](int* updates) { (*updates)++; }, &pref_updates)); http_server_props_manager_.reset(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); -} - -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdateCache2) { - http_server_props_manager_->UpdateCacheFromPrefsOnUIConcrete(); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - // There should be no tasks to run. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - http_server_props_manager_.reset(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); -} - -// -// Tests for shutdown when updating prefs. -// -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdatePrefs0) { - // Post an update task to the IO thread. - http_server_props_manager_->ScheduleUpdatePrefsOnNetworkSequenceDefault(); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - http_server_props_manager_.reset(); - // Run the task after shutdown and deletion. - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); -} - -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdatePrefs1) { - ExpectPrefsUpdate(1); - // Post an update task. - http_server_props_manager_->ScheduleUpdatePrefsOnNetworkSequenceDefault(); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - // Run the task after shutdown, but before deletion. - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - http_server_props_manager_.reset(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); -} - -TEST_P(HttpServerPropertiesManagerTest, ShutdownWithPendingUpdatePrefs2) { - // This posts a task to the UI thread. - http_server_props_manager_->UpdatePrefsFromCacheOnNetworkSequenceConcrete( - base::Closure()); - // Shutdown comes before the task is executed. - http_server_props_manager_->ShutdownOnPrefSequence(); - // Run the task after shutdown, but before deletion. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - http_server_props_manager_.reset(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(1, pref_updates); } TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(5); - const url::SchemeHostPort server_www("https", "www.google.com", 80); const url::SchemeHostPort server_mail("https", "mail.google.com", 80); @@ -1664,7 +1291,8 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { AlternativeService quic_alternative_service1(kProtoQUIC, "", 443); base::Time expiration1; ASSERT_TRUE(base::Time::FromUTCString("2036-12-01 10:00:00", &expiration1)); - QuicVersionVector advertised_versions = {QUIC_VERSION_37, QUIC_VERSION_35}; + QuicTransportVersionVector advertised_versions = {QUIC_VERSION_37, + QUIC_VERSION_35}; alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( quic_alternative_service1, expiration1, advertised_versions)); @@ -1702,14 +1330,10 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { http_server_props_manager_->SetSupportsQuic(true, actual_address); // Update Prefs. - ExpectPrefsUpdate(1); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Verify preferences with correct advertised version field. const char expected_json[] = @@ -1727,7 +1351,7 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { "\"address\":\"127.0.0.1\",\"used_quic\":true},\"version\":5}"; const base::Value* http_server_properties = - &pref_delegate_->GetServerProperties(); + pref_delegate_->GetServerProperties(); std::string preferences_json; EXPECT_TRUE( base::JSONWriter::Write(*http_server_properties, &preferences_json)); @@ -1774,7 +1398,7 @@ TEST_P(HttpServerPropertiesManagerTest, ReadAdvertisedVersionsFromPref) { EXPECT_EQ(123, alternative_service_info_vector[1].alternative_service().port); EXPECT_EQ(base::Time::Max(), alternative_service_info_vector[1].expiration()); // Verify advertised versions. - const QuicVersionVector loaded_advertised_versions = + const QuicTransportVersionVector loaded_advertised_versions = alternative_service_info_vector[1].advertised_versions(); EXPECT_EQ(2u, loaded_advertised_versions.size()); EXPECT_EQ(QUIC_VERSION_35, loaded_advertised_versions[0]); @@ -1783,8 +1407,6 @@ TEST_P(HttpServerPropertiesManagerTest, ReadAdvertisedVersionsFromPref) { TEST_P(HttpServerPropertiesManagerTest, UpdatePrefWhenAdvertisedVersionsChange) { - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(4); - const url::SchemeHostPort server_www("https", "www.google.com", 80); // #1: Set alternate protocol. @@ -1810,14 +1432,10 @@ TEST_P(HttpServerPropertiesManagerTest, http_server_props_manager_->SetSupportsQuic(true, actual_address); // Update Prefs. - ExpectPrefsUpdate(1); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Verify preferences with correct advertised version field. const char expected_json[] = @@ -1830,7 +1448,7 @@ TEST_P(HttpServerPropertiesManagerTest, "{\"address\":\"127.0.0.1\",\"used_quic\":true},\"version\":5}"; const base::Value* http_server_properties = - &pref_delegate_->GetServerProperties(); + pref_delegate_->GetServerProperties(); std::string preferences_json; EXPECT_TRUE( base::JSONWriter::Write(*http_server_properties, &preferences_json)); @@ -1840,7 +1458,8 @@ TEST_P(HttpServerPropertiesManagerTest, // AlternativeService. AlternativeServiceInfoVector alternative_service_info_vector_2; // Quic alternative service set with two advertised QUIC versions. - QuicVersionVector advertised_versions = {QUIC_VERSION_37, QUIC_VERSION_35}; + QuicTransportVersionVector advertised_versions = {QUIC_VERSION_37, + QUIC_VERSION_35}; alternative_service_info_vector_2.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( quic_alternative_service1, expiration1, advertised_versions)); @@ -1848,14 +1467,10 @@ TEST_P(HttpServerPropertiesManagerTest, server_www, alternative_service_info_vector_2)); // Update Prefs. - ExpectPrefsUpdate(1); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Verify preferences updated with new advertised versions. const char expected_json_updated[] = @@ -1873,7 +1488,8 @@ TEST_P(HttpServerPropertiesManagerTest, // #3: Set AlternativeService with same advertised_versions. AlternativeServiceInfoVector alternative_service_info_vector_3; // A same set of QUIC versions but listed in a different order. - QuicVersionVector advertised_versions_2 = {QUIC_VERSION_35, QUIC_VERSION_37}; + QuicTransportVersionVector advertised_versions_2 = {QUIC_VERSION_35, + QUIC_VERSION_37}; alternative_service_info_vector_3.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( quic_alternative_service1, expiration1, advertised_versions_2)); @@ -1881,37 +1497,31 @@ TEST_P(HttpServerPropertiesManagerTest, server_www, alternative_service_info_vector_3)); // No Prefs update. - EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_FALSE(test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); } TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(3); - AlternativeService cached_broken_service(kProtoQUIC, "cached_broken", 443); AlternativeService cached_broken_service2(kProtoQUIC, "cached_broken2", 443); AlternativeService cached_recently_broken_service(kProtoQUIC, "cached_rbroken", 443); - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); + http_server_props_manager_->MarkAlternativeServiceBroken( + cached_broken_service); + http_server_props_manager_->MarkAlternativeServiceBroken( + cached_broken_service2); + http_server_props_manager_->MarkAlternativeServiceRecentlyBroken( + cached_recently_broken_service); - http_server_props_manager_->MarkAlternativeServiceBroken( - cached_broken_service); - http_server_props_manager_->MarkAlternativeServiceBroken( - cached_broken_service2); - http_server_props_manager_->MarkAlternativeServiceRecentlyBroken( - cached_recently_broken_service); - } - ExpectPrefsUpdate(1); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); // Run the prefs update task but not the expiration task for // |cached_broken_service|. - net_test_task_runner_->FastForwardBy( + test_task_runner_->FastForwardBy( HttpServerPropertiesManager::GetUpdatePrefsDelayForTesting()); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); // Load the |pref_delegate_| with some JSON to verify updating the cache from // prefs. For the broken alternative services "www.google.com:1234" and @@ -1964,15 +1574,11 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { pref_delegate_->SetPrefs(*server_dict); - ExpectCacheUpdate(); - EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); - pref_test_task_runner_->FastForwardUntilNoTasksRemain(); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); // Run the cache update task but not the expiration task for // |cached_broken_service|. - net_test_task_runner_->FastForwardBy( - net_test_task_runner_->NextPendingTaskDelay()); - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardBy(test_task_runner_->NextPendingTaskDelay()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); // // Verify alternative service info for https://www.google.com @@ -2037,14 +1643,14 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { // expiration time should still be 5 minutes due to being marked broken. // |prefs_broken_service|'s expiration time should be approximately 1 day from // now which comes from the prefs. - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(4)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(4)); EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( cached_broken_service)); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( cached_broken_service2)); EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( prefs_broken_service)); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromDays(1)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromDays(1)); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( cached_broken_service)); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( @@ -2070,8 +1676,6 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { // |cached_broken_service| should have broken-count 2 from prefs. // |cached_broken_service2| should have broken-count 1 from being marked // broken. - ExpectScheduleUpdatePrefsOnNetworkSequenceRepeatedly(4); - ExpectPrefsUpdate(4); EXPECT_TRUE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( prefs_broken_service)); @@ -2085,89 +1689,78 @@ TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { // broken. Since |prefs_broken_service| had no broken_count specified in the // prefs, a broken_count value of 1 should have been assumed by // |http_server_props_manager_|. - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - http_server_props_manager_->MarkAlternativeServiceBroken( - prefs_broken_service); - } - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(10) - - base::TimeDelta::FromInternalValue(1)); + http_server_props_manager_->MarkAlternativeServiceBroken( + prefs_broken_service); + EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(10) - + base::TimeDelta::FromInternalValue(1)); EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( prefs_broken_service)); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( prefs_broken_service)); // Make sure |cached_recently_broken_service| has the right expiration delay // when marked broken. - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); - http_server_props_manager_->MarkAlternativeServiceBroken( - cached_recently_broken_service); - } - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(40) - - base::TimeDelta::FromInternalValue(1)); + http_server_props_manager_->MarkAlternativeServiceBroken( + cached_recently_broken_service); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(40) - + base::TimeDelta::FromInternalValue(1)); EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( cached_recently_broken_service)); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( cached_recently_broken_service)); // Make sure |cached_broken_service| has the right expiration delay when // marked broken. - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); http_server_props_manager_->MarkAlternativeServiceBroken( cached_broken_service); - } - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(20) - - base::TimeDelta::FromInternalValue(1)); - EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( - cached_broken_service)); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - cached_broken_service)); - // Make sure |cached_broken_service2| has the right expiration delay when - // marked broken. - { - TestMockTimeTaskRunner::ScopedContext scoped_context(net_test_task_runner_); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(20) - + base::TimeDelta::FromInternalValue(1)); + EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( + cached_broken_service)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + cached_broken_service)); + // Make sure |cached_broken_service2| has the right expiration delay when + // marked broken. http_server_props_manager_->MarkAlternativeServiceBroken( cached_broken_service2); - } - EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(10) - - base::TimeDelta::FromInternalValue(1)); - EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( - cached_broken_service2)); - net_test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); - EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( - cached_broken_service2)); - - Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); - - // - // Verify ServerNetworkStats. - // - const ServerNetworkStats* server_network_stats = - http_server_props_manager_->GetServerNetworkStats( - url::SchemeHostPort("https", "mail.google.com", 80)); - EXPECT_TRUE(server_network_stats); - EXPECT_EQ(server_network_stats->srtt, base::TimeDelta::FromInternalValue(42)); - - // - // Verify QUIC server info. - // - const std::string* quic_server_info = - http_server_props_manager_->GetQuicServerInfo( - QuicServerId("mail.google.com", 80)); - EXPECT_EQ("quic_server_info1", *quic_server_info); - - // - // Verify supports QUIC. - // - IPAddress actual_address(127, 0, 0, 1); - EXPECT_TRUE(http_server_props_manager_->GetSupportsQuic(&actual_address)); + EXPECT_TRUE(test_task_runner_->HasPendingTask()); + test_task_runner_->FastForwardBy(base::TimeDelta::FromMinutes(10) - + base::TimeDelta::FromInternalValue(1)); + EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( + cached_broken_service2)); + test_task_runner_->FastForwardBy(base::TimeDelta::FromInternalValue(1)); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + cached_broken_service2)); + + // + // Verify ServerNetworkStats. + // + const ServerNetworkStats* server_network_stats = + http_server_props_manager_->GetServerNetworkStats( + url::SchemeHostPort("https", "mail.google.com", 80)); + EXPECT_TRUE(server_network_stats); + EXPECT_EQ(server_network_stats->srtt, + base::TimeDelta::FromInternalValue(42)); + + // + // Verify QUIC server info. + // + const std::string* quic_server_info = + http_server_props_manager_->GetQuicServerInfo( + QuicServerId("mail.google.com", 80)); + EXPECT_EQ("quic_server_info1", *quic_server_info); + + // + // Verify supports QUIC. + // + IPAddress actual_address(127, 0, 0, 1); + EXPECT_TRUE(http_server_props_manager_->GetSupportsQuic(&actual_address)); + EXPECT_EQ(4, pref_delegate_->GetAndClearNumPrefUpdates()); } } // namespace net diff --git a/chromium/net/http/http_stream_factory.cc b/chromium/net/http/http_stream_factory.cc index 4c21ffcef89..51741ffda85 100644 --- a/chromium/net/http/http_stream_factory.cc +++ b/chromium/net/http/http_stream_factory.cc @@ -52,10 +52,11 @@ void HttpStreamFactory::ProcessAlternativeServices( continue; } // Check if QUIC version is supported. Filter supported QUIC versions. - QuicVersionVector advertised_versions; + QuicTransportVersionVector advertised_versions; if (protocol == kProtoQUIC && !alternative_service_entry.version.empty()) { bool match_found = false; - for (QuicVersion supported : session->params().quic_supported_versions) { + for (QuicTransportVersion supported : + session->params().quic_supported_versions) { for (uint16_t advertised : alternative_service_entry.version) { if (supported == advertised) { match_found = true; diff --git a/chromium/net/http/http_stream_factory_impl.cc b/chromium/net/http/http_stream_factory_impl.cc index 7f2ea145f1e..d44bbe61d3e 100644 --- a/chromium/net/http/http_stream_factory_impl.cc +++ b/chromium/net/http/http_stream_factory_impl.cc @@ -8,7 +8,6 @@ #include <utility> #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/stl_util.h" #include "base/strings/string_util.h" diff --git a/chromium/net/http/http_stream_factory_impl_job.cc b/chromium/net/http/http_stream_factory_impl_job.cc index 80c600d93f2..4dfee7ffa98 100644 --- a/chromium/net/http/http_stream_factory_impl_job.cc +++ b/chromium/net/http/http_stream_factory_impl_job.cc @@ -12,10 +12,8 @@ #include "base/feature_list.h" #include "base/location.h" #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" -#include "base/profiler/scoped_tracker.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" @@ -162,7 +160,7 @@ HttpStreamFactoryImpl::Job::Job(Delegate* delegate, HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, const ProxyServer& alternative_proxy_server, bool enable_ip_based_pooling, NetLog* net_log) @@ -426,6 +424,11 @@ SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey( bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const { DCHECK(!using_quic_); + if (proxy_info_.is_direct() && + session_->http_server_properties()->RequiresHTTP11(destination_)) { + return false; + } + // We need to make sure that if a spdy session was created for // https://somehost/ that we don't use that session for http://somehost:443/. // The only time we can use an existing session is if the request URL is @@ -543,7 +546,6 @@ void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() { int HttpStreamFactoryImpl::Job::OnHostResolution( SpdySessionPool* spdy_session_pool, const SpdySessionKey& spdy_session_key, - const GURL& origin_url, bool enable_ip_based_pooling, const AddressList& addresses, const NetLogWithSource& net_log) { @@ -551,7 +553,7 @@ int HttpStreamFactoryImpl::Job::OnHostResolution( // ClientSocketPoolManager will be destroyed in the same callback that // destroys the SpdySessionPool. return spdy_session_pool->FindAvailableSession( - spdy_session_key, origin_url, enable_ip_based_pooling, net_log) + spdy_session_key, enable_ip_based_pooling, net_log) ? ERR_SPDY_SESSION_ALREADY_EXISTS : OK; } @@ -843,10 +845,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() { } int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { - // TODO(pkasting): Remove ScopedTracker below once crbug.com/462812 is fixed. - tracked_objects::ScopedTracker tracking_profile( - FROM_HERE_WITH_EXPLICIT_FUNCTION( - "462812 HttpStreamFactoryImpl::Job::DoInitConnection")); DCHECK(!connection_->is_initialized()); if (using_quic_ && !proxy_info_.is_quic() && !proxy_info_.is_direct()) { @@ -923,12 +921,17 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { return rv; } - // Check first if we have a spdy session for this group. If so, then go - // straight to using that. + // Check first if there is a pushed stream matching the request, or an HTTP/2 + // connection this request can pool to. If so, then go straight to using + // that. if (CanUseExistingSpdySession()) { base::WeakPtr<SpdySession> spdy_session = - session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key_, origin_url_, enable_ip_based_pooling_, net_log_); + session_->spdy_session_pool()->push_promise_index()->Find( + spdy_session_key_, origin_url_); + if (!spdy_session) { + spdy_session = session_->spdy_session_pool()->FindAvailableSession( + spdy_session_key_, enable_ip_based_pooling_, net_log_); + } if (spdy_session) { // If we're preconnecting, but we already have a SpdySession, we don't // actually need to preconnect any sockets, so we're done. @@ -960,7 +963,8 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { GetSocketGroup(), destination_, request_info_.extra_headers, request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy_, server_ssl_config_, proxy_ssl_config_, - request_info_.privacy_mode, net_log_, num_streams_); + request_info_.privacy_mode, net_log_, num_streams_, + request_info_.motivation); } // If we can't use a SPDY session, don't bother checking for one after @@ -968,7 +972,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ? base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(), - spdy_session_key_, origin_url_, enable_ip_based_pooling_) + spdy_session_key_, enable_ip_based_pooling_) : OnHostResolutionCallback(); if (delegate_->for_websockets()) { SSLConfig websocket_server_ssl_config = server_ssl_config_; @@ -1002,7 +1006,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { // probably an IP pooled connection. existing_spdy_session_ = session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key_, origin_url_, enable_ip_based_pooling_, net_log_); + spdy_session_key_, enable_ip_based_pooling_, net_log_); if (existing_spdy_session_) { using_spdy_ = true; next_state_ = STATE_CREATE_STREAM; @@ -1156,10 +1160,6 @@ int HttpStreamFactoryImpl::Job::SetSpdyHttpStreamOrBidirectionalStreamImpl( } int HttpStreamFactoryImpl::Job::DoCreateStream() { - // TODO(pkasting): Remove ScopedTracker below once crbug.com/462811 is fixed. - tracked_objects::ScopedTracker tracking_profile( - FROM_HERE_WITH_EXPLICIT_FUNCTION( - "462811 HttpStreamFactoryImpl::Job::DoCreateStream")); DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_); DCHECK(!using_quic_); @@ -1172,12 +1172,6 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() { destination_.HostForURL()); } - // We only set the socket motivation if we're the first to use - // this socket. Is there a race for two SPDY requests? We really - // need to plumb this through to the connect level. - if (connection_->socket() && !connection_->is_reused()) - SetSocketMotivation(); - if (!using_spdy_) { DCHECK(!expect_spdy_); // We may get ftp scheme when fetching ftp resources through proxy. @@ -1200,10 +1194,19 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() { CHECK(!stream_.get()); + // It is possible that a pushed stream has been opened by a server since last + // time Job checked above. + if (!existing_spdy_session_) { + existing_spdy_session_ = + session_->spdy_session_pool()->push_promise_index()->Find( + spdy_session_key_, origin_url_); + } + // It is also possible that an HTTP/2 connection has been established since + // last time Job checked above. if (!existing_spdy_session_) { existing_spdy_session_ = session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key_, origin_url_, enable_ip_based_pooling_, net_log_); + spdy_session_key_, enable_ip_based_pooling_, net_log_); } if (existing_spdy_session_.get()) { // We picked up an existing session, so we don't need our socket. @@ -1300,14 +1303,6 @@ void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection( next_state_ = STATE_INIT_CONNECTION; } -void HttpStreamFactoryImpl::Job::SetSocketMotivation() { - if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED) - connection_->socket()->SetSubresourceSpeculation(); - else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED) - connection_->socket()->SetOmniboxSpeculation(); - // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED). -} - void HttpStreamFactoryImpl::Job::InitSSLConfig(SSLConfig* ssl_config, bool is_proxy) const { if (!is_proxy) { @@ -1491,7 +1486,7 @@ HttpStreamFactoryImpl::JobFactory::CreateAltSvcJob( HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, bool enable_ip_based_pooling, NetLog* net_log) { return std::make_unique<HttpStreamFactoryImpl::Job>( diff --git a/chromium/net/http/http_stream_factory_impl_job.h b/chromium/net/http/http_stream_factory_impl_job.h index ec804910439..3fdec071b95 100644 --- a/chromium/net/http/http_stream_factory_impl_job.h +++ b/chromium/net/http/http_stream_factory_impl_job.h @@ -190,7 +190,7 @@ class HttpStreamFactoryImpl::Job { HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, const ProxyServer& alternative_proxy_server, bool enable_ip_based_pooling, NetLog* net_log); @@ -400,7 +400,6 @@ class HttpStreamFactoryImpl::Job { // session is found, and OK otherwise. static int OnHostResolution(SpdySessionPool* spdy_session_pool, const SpdySessionKey& spdy_session_key, - const GURL& origin_url, bool enable_ip_based_pooling, const AddressList& addresses, const NetLogWithSource& net_log); @@ -448,9 +447,9 @@ class HttpStreamFactoryImpl::Job { // True if Job uses QUIC. const bool using_quic_; - // QuicVersion that should be used to connect to the QUIC server if Job uses - // QUIC. - QuicVersion quic_version_; + // QuicTransportVersion that should be used to connect to the QUIC server if + // Job uses QUIC. + QuicTransportVersion quic_version_; // True if Alternative Service protocol field requires that HTTP/2 is used. // In this case, Job fails if it cannot pool to an existing SpdySession and @@ -543,7 +542,7 @@ class HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, bool enable_ip_based_pooling, NetLog* net_log); diff --git a/chromium/net/http/http_stream_factory_impl_job_controller.cc b/chromium/net/http/http_stream_factory_impl_job_controller.cc index ca52a77b2c3..fd6d73fc7fe 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller.cc +++ b/chromium/net/http/http_stream_factory_impl_job_controller.cc @@ -7,7 +7,6 @@ #include <string> #include <utility> -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" @@ -802,7 +801,7 @@ int HttpStreamFactoryImpl::JobController::DoCreateJobs() { // Create an alternative job if alternative service is set up for this domain. alternative_service_info_ = GetAlternativeServiceInfoFor(request_info_, delegate_, stream_type_); - QuicVersion quic_version = QUIC_VERSION_UNSUPPORTED; + QuicTransportVersion quic_version = QUIC_VERSION_UNSUPPORTED; if (alternative_service_info_.protocol() == kProtoQUIC) { quic_version = SelectQuicVersion(alternative_service_info_.advertised_versions()); @@ -984,7 +983,8 @@ void HttpStreamFactoryImpl::JobController::OnAlternativeProxyJobFailed( // Need to mark alt proxy as broken regardless of whether the job is bound. ProxyDelegate* proxy_delegate = session_->context().proxy_delegate; - if (proxy_delegate) { + if (proxy_delegate && net_error != ERR_NETWORK_CHANGED && + net_error != ERR_INTERNET_DISCONNECTED) { proxy_delegate->OnAlternativeProxyBroken( alternative_job_->alternative_proxy_server()); } @@ -1000,7 +1000,7 @@ void HttpStreamFactoryImpl::JobController::ReportBrokenAlternativeService() { if (error_to_report == ERR_NETWORK_CHANGED || error_to_report == ERR_INTERNET_DISCONNECTED) { - // No need to mark alternative service or proxy as broken. + // No need to mark alternative service as broken. return; } @@ -1171,15 +1171,15 @@ HttpStreamFactoryImpl::JobController::GetAlternativeServiceInfoInternal( return first_alternative_service_info; } -QuicVersion HttpStreamFactoryImpl::JobController::SelectQuicVersion( - const QuicVersionVector& advertised_versions) { - const QuicVersionVector& supported_versions = +QuicTransportVersion HttpStreamFactoryImpl::JobController::SelectQuicVersion( + const QuicTransportVersionVector& advertised_versions) { + const QuicTransportVersionVector& supported_versions = session_->params().quic_supported_versions; if (advertised_versions.empty()) return supported_versions[0]; - for (const QuicVersion& supported : supported_versions) { - for (const QuicVersion& advertised : advertised_versions) { + for (const QuicTransportVersion& supported : supported_versions) { + for (const QuicTransportVersion& advertised : advertised_versions) { if (supported == advertised) { DCHECK_NE(QUIC_VERSION_UNSUPPORTED, supported); return supported; diff --git a/chromium/net/http/http_stream_factory_impl_job_controller.h b/chromium/net/http/http_stream_factory_impl_job_controller.h index 32ca2626daf..24a4da31d05 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller.h +++ b/chromium/net/http/http_stream_factory_impl_job_controller.h @@ -277,12 +277,13 @@ class HttpStreamFactoryImpl::JobController HttpStreamRequest::Delegate* delegate, HttpStreamRequest::StreamType stream_type); - // Returns a QuicVersion that has been advertised in |advertised_versions| - // and is supported. If more than one QuicVersions are supported, the first - // matched in the supported versions will be returned. If no mutually - // supported version is found, QUIC_VERSION_UNSUPPORTED_VERSION will be - // returned. - QuicVersion SelectQuicVersion(const QuicVersionVector& advertised_versions); + // Returns a QuicTransportVersion that has been advertised in + // |advertised_versions| and is supported. If more than one + // QuicTransportVersions are supported, the first matched in the supported + // versions will be returned. If no mutually supported version is found, + // QUIC_VERSION_UNSUPPORTED_VERSION will be returned. + QuicTransportVersion SelectQuicVersion( + const QuicTransportVersionVector& advertised_versions); // Remove session from the SpdySessionRequestMap. void RemoveRequestFromSpdySessionRequestMap(); diff --git a/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc b/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc index 3ac43982b30..70c853fc6c0 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc @@ -321,7 +321,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, ProxyResolutionFailsSync) { proxy_config.set_pac_mandatory(true); session_deps_.proxy_service.reset(new ProxyService( std::make_unique<ProxyConfigServiceFixed>(proxy_config), - base::WrapUnique(new FailingProxyResolverFactory), nullptr)); + std::make_unique<FailingProxyResolverFactory>(), nullptr)); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); @@ -1562,6 +1562,53 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, FailAlternativeProxy) { EXPECT_TRUE(HttpStreamFactoryImplPeer::IsJobControllerDeleted(factory_)); } +// Verifies that if the alternative proxy server job fails due to network +// disconnection, then the proxy delegate is not notified. +TEST_F(HttpStreamFactoryImplJobControllerTest, + InternetDisconnectedAlternativeProxy) { + quic_data_ = std::make_unique<MockQuicData>(); + quic_data_->AddConnect(SYNCHRONOUS, ERR_INTERNET_DISCONNECTED); + tcp_data_ = std::make_unique<SequencedSocketData>(nullptr, 0, nullptr, 0); + tcp_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK)); + SSLSocketDataProvider ssl_data(ASYNC, OK); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data); + + UseAlternativeProxy(); + + HttpRequestInfo request_info; + request_info.method = "GET"; + request_info.url = GURL("http://mail.example.org/"); + Initialize(request_info); + EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); + + // Enable delayed TCP and set time delay for waiting job. + QuicStreamFactory* quic_stream_factory = session_->quic_stream_factory(); + quic_stream_factory->set_require_confirmation(false); + ServerNetworkStats stats1; + stats1.srtt = base::TimeDelta::FromMicroseconds(300 * 1000); + session_->http_server_properties()->SetServerNetworkStats( + url::SchemeHostPort(GURL("https://myproxy.org")), stats1); + + request_ = + job_controller_->Start(&request_delegate_, nullptr, net_log_.bound(), + HttpStreamRequest::HTTP_STREAM, DEFAULT_PRIORITY); + EXPECT_TRUE(job_controller_->main_job()); + EXPECT_TRUE(job_controller_->alternative_job()); + + EXPECT_CALL(request_delegate_, OnStreamReadyImpl(_, _, _)); + + base::RunLoop().RunUntilIdle(); + + EXPECT_FALSE(job_controller_->alternative_job()); + EXPECT_TRUE(job_controller_->main_job()); + + // The alternative proxy server should not be marked as bad. + EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_valid()); + EXPECT_EQ(1, test_proxy_delegate()->get_alternative_proxy_invocations()); + request_.reset(); + EXPECT_TRUE(HttpStreamFactoryImplPeer::IsJobControllerDeleted(factory_)); +} + TEST_F(HttpStreamFactoryImplJobControllerTest, AlternativeProxyServerJobFailsAfterMainJobSucceeds) { base::HistogramTester histogram_tester; @@ -2170,7 +2217,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, GetAlternativeServiceInfoFor) { // Set alternative service with no advertised version. session_->http_server_properties()->SetQuicAlternativeService( - server, alternative_service, expiration, QuicVersionVector()); + server, alternative_service, expiration, QuicTransportVersionVector()); AlternativeServiceInfo alt_svc_info = JobControllerPeer::GetAlternativeServiceInfoFor( @@ -2181,7 +2228,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, GetAlternativeServiceInfoFor) { // Set alternative service for the same server with the same list of versions // that is supported. - QuicVersionVector supported_versions = + QuicTransportVersionVector supported_versions = session_->params().quic_supported_versions; ASSERT_TRUE(session_->http_server_properties()->SetQuicAlternativeService( server, alternative_service, expiration, supported_versions)); @@ -2192,9 +2239,9 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, GetAlternativeServiceInfoFor) { std::sort(supported_versions.begin(), supported_versions.end()); EXPECT_EQ(supported_versions, alt_svc_info.advertised_versions()); - QuicVersion unsupported_version_1(QUIC_VERSION_UNSUPPORTED); - QuicVersion unsupported_version_2(QUIC_VERSION_UNSUPPORTED); - for (const QuicVersion& version : AllSupportedVersions()) { + QuicTransportVersion unsupported_version_1(QUIC_VERSION_UNSUPPORTED); + QuicTransportVersion unsupported_version_2(QUIC_VERSION_UNSUPPORTED); + for (const QuicTransportVersion& version : AllSupportedTransportVersions()) { if (std::find(supported_versions.begin(), supported_versions.end(), version) != supported_versions.end()) continue; @@ -2209,7 +2256,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, GetAlternativeServiceInfoFor) { // Set alternative service for the same server with two QUIC versions: // - one unsupported version: |unsupported_version_1|, // - one supported version: session_->params().quic_supported_versions[0]. - QuicVersionVector mixed_quic_versions = { + QuicTransportVersionVector mixed_quic_versions = { unsupported_version_1, session_->params().quic_supported_versions[0]}; ASSERT_TRUE(session_->http_server_properties()->SetQuicAlternativeService( server, alternative_service, expiration, mixed_quic_versions)); diff --git a/chromium/net/http/http_stream_factory_impl_request_unittest.cc b/chromium/net/http/http_stream_factory_impl_request_unittest.cc index 151049de35c..612b136d851 100644 --- a/chromium/net/http/http_stream_factory_impl_request_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_request_unittest.cc @@ -4,10 +4,8 @@ #include "net/http/http_stream_factory_impl_request.h" -#include <memory> #include <utility> -#include "base/memory/ptr_util.h" #include "base/run_loop.h" #include "net/http/http_stream_factory_impl.h" #include "net/http/http_stream_factory_impl_job.h" diff --git a/chromium/net/http/http_stream_factory_impl_unittest.cc b/chromium/net/http/http_stream_factory_impl_unittest.cc index 3d0a9126f57..5c3a0a09cf4 100644 --- a/chromium/net/http/http_stream_factory_impl_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_unittest.cc @@ -352,6 +352,7 @@ void PreconnectHelperForURL(int num_streams, request.method = "GET"; request.url = url; request.load_flags = 0; + request.motivation = HttpRequestInfo::PRECONNECT_MOTIVATED; session->http_stream_factory()->PreconnectStreams(num_streams, request); mock_factory->WaitForPreconnects(); @@ -377,6 +378,10 @@ class CapturePreconnectsSocketPool : public ParentPool { return last_num_streams_; } + base::Optional<HttpRequestInfo::RequestMotivation> last_motivation() const { + return last_motivation_; + } + // Resets |last_num_streams_| to its default value. void reset_last_num_streams() { last_num_streams_ = -1; } @@ -394,8 +399,10 @@ class CapturePreconnectsSocketPool : public ParentPool { void RequestSockets(const std::string& group_name, const void* socket_params, int num_sockets, - const NetLogWithSource& net_log) override { + const NetLogWithSource& net_log, + HttpRequestInfo::RequestMotivation motivation) override { last_num_streams_ = num_sockets; + last_motivation_ = motivation; } void CancelRequest(const std::string& group_name, @@ -427,6 +434,7 @@ class CapturePreconnectsSocketPool : public ParentPool { private: int last_num_streams_; + base::Optional<HttpRequestInfo::RequestMotivation> last_motivation_; }; typedef CapturePreconnectsSocketPool<TransportClientSocketPool> @@ -646,6 +654,26 @@ TEST_F(HttpStreamFactoryTest, PreconnectUnsafePort) { EXPECT_EQ(-1, transport_conn_pool->last_num_streams()); } +// Verify that preconnects correctly set motivation for the SocketPool. +TEST_F(HttpStreamFactoryTest, PreconnectSetsMotivation) { + SpdySessionDependencies session_deps(ProxyService::CreateDirect()); + std::unique_ptr<HttpNetworkSession> session( + SpdySessionDependencies::SpdyCreateSession(&session_deps)); + HttpNetworkSessionPeer peer(session.get()); + CapturePreconnectsTransportSocketPool* transport_conn_pool = + new CapturePreconnectsTransportSocketPool( + session_deps.host_resolver.get(), session_deps.cert_verifier.get(), + session_deps.transport_security_state.get(), + session_deps.cert_transparency_verifier.get(), + session_deps.ct_policy_enforcer.get()); + auto mock_pool_manager = std::make_unique<MockClientSocketPoolManager>(); + mock_pool_manager->SetTransportSocketPool(transport_conn_pool); + peer.SetClientSocketPoolManager(std::move(mock_pool_manager)); + PreconnectHelperForURL(1, GURL("http://www.google.com"), session.get()); + EXPECT_EQ(HttpRequestInfo::PRECONNECT_MOTIVATED, + transport_conn_pool->last_motivation()); +} + TEST_F(HttpStreamFactoryTest, JobNotifiesProxy) { const char* kProxyString = "PROXY bad:99; PROXY maybe:80; DIRECT"; SpdySessionDependencies session_deps( @@ -2208,7 +2236,7 @@ TEST_F(HttpStreamFactoryTest, RequestBidirectionalStreamImpl) { class HttpStreamFactoryBidirectionalQuicTest : public ::testing::Test, - public ::testing::WithParamInterface<QuicVersion> { + public ::testing::WithParamInterface<QuicTransportVersion> { protected: HttpStreamFactoryBidirectionalQuicTest() : default_url_(kDefaultUrl), @@ -2238,7 +2266,8 @@ class HttpStreamFactoryBidirectionalQuicTest void Initialize() { params_.enable_quic = true; - params_.quic_supported_versions = test::SupportedVersions(GetParam()); + params_.quic_supported_versions = + test::SupportedTransportVersions(GetParam()); HttpNetworkSession::Context session_context; session_context.http_server_properties = &http_server_properties_; @@ -2316,7 +2345,7 @@ class HttpStreamFactoryBidirectionalQuicTest INSTANTIATE_TEST_CASE_P(Version, HttpStreamFactoryBidirectionalQuicTest, - ::testing::ValuesIn(AllSupportedVersions())); + ::testing::ValuesIn(AllSupportedTransportVersions())); TEST_P(HttpStreamFactoryBidirectionalQuicTest, RequestBidirectionalStreamImplQuicAlternative) { diff --git a/chromium/net/http/http_stream_factory_test_util.cc b/chromium/net/http/http_stream_factory_test_util.cc index 8333f70411f..fff12f7e88c 100644 --- a/chromium/net/http/http_stream_factory_test_util.cc +++ b/chromium/net/http/http_stream_factory_test_util.cc @@ -27,7 +27,7 @@ MockHttpStreamFactoryImplJob::MockHttpStreamFactoryImplJob( HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, const ProxyServer& alternative_proxy_server, bool enable_ip_based_pooling, NetLog* net_log) @@ -98,7 +98,7 @@ std::unique_ptr<HttpStreamFactoryImpl::Job> TestJobFactory::CreateAltSvcJob( HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, bool enable_ip_based_pooling, NetLog* net_log) { auto alternative_job = std::make_unique<MockHttpStreamFactoryImplJob>( diff --git a/chromium/net/http/http_stream_factory_test_util.h b/chromium/net/http/http_stream_factory_test_util.h index 736fda1e85e..238cc508744 100644 --- a/chromium/net/http/http_stream_factory_test_util.h +++ b/chromium/net/http/http_stream_factory_test_util.h @@ -118,7 +118,7 @@ class MockHttpStreamFactoryImplJob : public HttpStreamFactoryImpl::Job { HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, const ProxyServer& alternative_proxy_server, bool enable_ip_based_pooling, NetLog* net_log); @@ -162,7 +162,7 @@ class TestJobFactory : public HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, NextProto alternative_protocol, - QuicVersion quic_version, + QuicTransportVersion quic_version, bool enable_ip_based_pooling, NetLog* net_log) override; diff --git a/chromium/net/http/http_stream_parser.cc b/chromium/net/http/http_stream_parser.cc index 7da5adaf13d..1d5dec4926f 100644 --- a/chromium/net/http/http_stream_parser.cc +++ b/chromium/net/http/http_stream_parser.cc @@ -10,7 +10,6 @@ #include "base/compiler_specific.h" #include "base/logging.h" #include "base/metrics/histogram_macros.h" -#include "base/profiler/scoped_tracker.h" #include "base/strings/string_util.h" #include "base/values.h" #include "net/base/io_buffer.h" @@ -448,11 +447,6 @@ int HttpStreamParser::DoLoop(int result) { } int HttpStreamParser::DoSendHeaders() { - // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed. - tracked_objects::ScopedTracker tracking_profile( - FROM_HERE_WITH_EXPLICIT_FUNCTION( - "424359 HttpStreamParser::DoSendHeaders")); - int bytes_remaining = request_headers_->BytesRemaining(); DCHECK_GT(bytes_remaining, 0); diff --git a/chromium/net/http/http_stream_parser_unittest.cc b/chromium/net/http/http_stream_parser_unittest.cc index 7a16d42391c..0ad717f10b1 100644 --- a/chromium/net/http/http_stream_parser_unittest.cc +++ b/chromium/net/http/http_stream_parser_unittest.cc @@ -7,7 +7,6 @@ #include <stdint.h> #include <algorithm> -#include <memory> #include <string> #include <utility> #include <vector> @@ -15,7 +14,6 @@ #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/files/scoped_temp_dir.h" -#include "base/memory/ptr_util.h" #include "base/memory/ref_counted.h" #include "base/run_loop.h" #include "base/strings/string_piece.h" diff --git a/chromium/net/http/http_util.cc b/chromium/net/http/http_util.cc index 98abf9631d6..b73f6516808 100644 --- a/chromium/net/http/http_util.cc +++ b/chromium/net/http/http_util.cc @@ -127,7 +127,8 @@ void HttpUtil::ParseContentType(const std::string& content_type_str, charset_val = content_type_str.find_first_not_of(HTTP_LWS, charset_val); charset_val = std::min(charset_val, charset_end); char first_char = content_type_str[charset_val]; - if (first_char == '"' || first_char == '\'') { + // RFC 7231 Section 3.1.1.1 allows double quotes around charset. + if (first_char == '"') { charset_end = FindStringEnd(content_type_str, charset_val, first_char); ++charset_val; DCHECK(charset_end >= charset_val); diff --git a/chromium/net/http/http_util_unittest.cc b/chromium/net/http/http_util_unittest.cc index d0b78023332..ee27ba65b3f 100644 --- a/chromium/net/http/http_util_unittest.cc +++ b/chromium/net/http/http_util_unittest.cc @@ -726,6 +726,7 @@ TEST(HttpUtilTest, GenerateAcceptLanguageHeader) { // HttpResponseHeadersTest.GetMimeType also tests ParseContentType. TEST(HttpUtilTest, ParseContentType) { + // clang-format off const struct { const char* const content_type; const char* const expected_mime_type; @@ -793,8 +794,23 @@ TEST(HttpUtilTest, ParseContentType) { false, "WebKit-ada-df-dsf-adsfadsfs" }, + { "text/html; charset=\"utf-8\"", + "text/html", + "utf-8", + true, + "" + }, + // Regression test for https://crbug.com/772350: + // Single quotes are not delimiters but must be treated as part of charset. + { "text/html; charset='utf-8'", + "text/html", + "'utf-8'", + true, + "" + }, // TODO(abarth): Add more interesting test cases. }; + // clang-format on for (size_t i = 0; i < arraysize(tests); ++i) { std::string mime_type; std::string charset; diff --git a/chromium/net/http/mock_allow_http_auth_preferences.cc b/chromium/net/http/mock_allow_http_auth_preferences.cc index 37539e56ee6..afa600d7cad 100644 --- a/chromium/net/http/mock_allow_http_auth_preferences.cc +++ b/chromium/net/http/mock_allow_http_auth_preferences.cc @@ -3,12 +3,13 @@ // found in the LICENSE file. #include "net/http/mock_allow_http_auth_preferences.h" +#include "build/build_config.h" namespace net { MockAllowHttpAuthPreferences::MockAllowHttpAuthPreferences() : HttpAuthPreferences(std::vector<std::string>() -#if defined(OS_POSIX) && !defined(OS_ANDROID) +#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) , std::string() #endif diff --git a/chromium/net/http/mock_http_cache.cc b/chromium/net/http/mock_http_cache.cc index fcafea32c0d..7846cf80906 100644 --- a/chromium/net/http/mock_http_cache.cc +++ b/chromium/net/http/mock_http_cache.cc @@ -5,11 +5,11 @@ #include "net/http/mock_http_cache.h" #include <limits> +#include <memory> #include <utility> #include "base/bind.h" #include "base/location.h" -#include "base/memory/ptr_util.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/completion_callback.h" diff --git a/chromium/net/http/transport_security_persister.cc b/chromium/net/http/transport_security_persister.cc index edd8724b8ed..c4fe8c05fd7 100644 --- a/chromium/net/http/transport_security_persister.cc +++ b/chromium/net/http/transport_security_persister.cc @@ -15,7 +15,6 @@ #include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/location.h" -#include "base/memory/ptr_util.h" #include "base/sequenced_task_runner.h" #include "base/task_runner_util.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/http/transport_security_state.cc b/chromium/net/http/transport_security_state.cc index b8d57e4546f..5af15d92ef4 100644 --- a/chromium/net/http/transport_security_state.cc +++ b/chromium/net/http/transport_security_state.cc @@ -12,7 +12,6 @@ #include "base/build_time.h" #include "base/json/json_writer.h" #include "base/logging.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" #include "base/stl_util.h" @@ -394,19 +393,19 @@ class HuffmanDecoder { // PreloadResult is the result of resolving a specific name in the preloaded // data. struct PreloadResult { - uint32_t pinset_id; + uint32_t pinset_id = 0; // hostname_offset contains the number of bytes from the start of the given // hostname where the name of the matching entry starts. - size_t hostname_offset; - bool sts_include_subdomains; - bool pkp_include_subdomains; - bool force_https; - bool has_pins; - bool expect_ct; - uint32_t expect_ct_report_uri_id; - bool expect_staple; - bool expect_staple_include_subdomains; - uint32_t expect_staple_report_uri_id; + size_t hostname_offset = 0; + bool sts_include_subdomains = false; + bool pkp_include_subdomains = false; + bool force_https = false; + bool has_pins = false; + bool expect_ct = false; + uint32_t expect_ct_report_uri_id = 0; + bool expect_staple = false; + bool expect_staple_include_subdomains = false; + uint32_t expect_staple_report_uri_id = 0; }; // DecodeHSTSPreloadRaw resolves |hostname| in the preloaded data. It returns @@ -520,37 +519,51 @@ bool DecodeHSTSPreloadRaw(const std::string& search_hostname, if (c == kEndOfString) { PreloadResult tmp; - if (!reader.Next(&tmp.sts_include_subdomains) || - !reader.Next(&tmp.force_https) || !reader.Next(&tmp.has_pins)) { + bool is_simple_entry; + if (!reader.Next(&is_simple_entry)) { return false; } - tmp.pkp_include_subdomains = tmp.sts_include_subdomains; - - if (tmp.has_pins) { - if (!reader.Read(4, &tmp.pinset_id) || - (!tmp.sts_include_subdomains && - !reader.Next(&tmp.pkp_include_subdomains))) { + // Simple entries only configure HSTS with IncludeSubdomains and use a + // compact serialization format where the other policy flags are + // omitted. The omitted flags are assumed to be 0 and the associated + // policies are disabled. + if (is_simple_entry) { + tmp.force_https = true; + tmp.sts_include_subdomains = true; + } else { + if (!reader.Next(&tmp.sts_include_subdomains) || + !reader.Next(&tmp.force_https) || !reader.Next(&tmp.has_pins)) { return false; } - } - if (!reader.Next(&tmp.expect_ct)) - return false; + tmp.pkp_include_subdomains = tmp.sts_include_subdomains; - if (tmp.expect_ct) { - if (!reader.Read(4, &tmp.expect_ct_report_uri_id)) - return false; - } + if (tmp.has_pins) { + if (!reader.Read(4, &tmp.pinset_id) || + (!tmp.sts_include_subdomains && + !reader.Next(&tmp.pkp_include_subdomains))) { + return false; + } + } - if (!reader.Next(&tmp.expect_staple)) - return false; - tmp.expect_staple_include_subdomains = false; - if (tmp.expect_staple) { - if (!reader.Next(&tmp.expect_staple_include_subdomains)) + if (!reader.Next(&tmp.expect_ct)) return false; - if (!reader.Read(4, &tmp.expect_staple_report_uri_id)) + + if (tmp.expect_ct) { + if (!reader.Read(4, &tmp.expect_ct_report_uri_id)) + return false; + } + + if (!reader.Next(&tmp.expect_staple)) return false; + tmp.expect_staple_include_subdomains = false; + if (tmp.expect_staple) { + if (!reader.Next(&tmp.expect_staple_include_subdomains)) + return false; + if (!reader.Read(4, &tmp.expect_staple_report_uri_id)) + return false; + } } tmp.hostname_offset = hostname_offset; @@ -1481,7 +1494,9 @@ void TransportSecurityState::ProcessExpectCTHeader( base::TimeDelta max_age; bool enforce; GURL report_uri; - if (!ParseExpectCTHeader(value, &max_age, &enforce, &report_uri)) + bool parsed = ParseExpectCTHeader(value, &max_age, &enforce, &report_uri); + UMA_HISTOGRAM_BOOLEAN("Net.ExpectCTHeader.ParseSuccess", parsed); + if (!parsed) return; // Do not persist Expect-CT headers if the connection was not chained to a // public root or did not comply with CT policy. diff --git a/chromium/net/http/transport_security_state_static.json b/chromium/net/http/transport_security_state_static.json index 4349812ab4d..698980a564b 100644 --- a/chromium/net/http/transport_security_state_static.json +++ b/chromium/net/http/transport_security_state_static.json @@ -232,6 +232,15 @@ "COMODOECCCertificationAuthority" ], "report_uri": "https://log.ncsccs.com/report/hpkp" + }, + { + "name": "tumblr", + "static_spki_hashes": [ + "DigiCertEVRoot", + "DigiCertSHA2HighAssuranceServerCA", + "TumblrBackup" + ], + "report_uri": "https://cspreports.srvcs.tumblr.com/hpkp" } ], @@ -244,9 +253,14 @@ { "name": "preloaded-expect-staple-include-subdomains.badssl.com", "expect_staple": true, "expect_staple_report_uri": "https://report.badssl.com/expect-staple", "include_subdomains_for_expect_staple": true }, // eTLDs - // At the moment, this only includes a Google-owned gTLD, + // At the moment, this only includes Google-owned gTLDs, // but other gTLDs and eTLDs are welcome to preload if they are interested. { "name": "google", "include_subdomains": true, "mode": "force-https", "pins": "google" }, + { "name": "dev", "include_subdomains": true, "mode": "force-https" }, + { "name": "foo", "include_subdomains": true, "mode": "force-https" }, + { "name": "page", "include_subdomains": true, "mode": "force-https" }, + { "name": "app", "include_subdomains": true, "mode": "force-https" }, + { "name": "chrome", "include_subdomains": true, "mode": "force-https" }, // Google domains using Expect-CT. { "name": "mail.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" }, @@ -326,6 +340,7 @@ { "name": "google-analytics.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, { "name": "stats.g.doubleclick.net", "include_subdomains": true, "mode": "force-https", "pins": "google" }, { "name": "chromiumbugs.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, + { "name": "youtube.com", "mode": "force-https", "include_subdomains": true, "pins": "google" }, { "name": "webfilings.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, { "name": "webfilings-eu.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, @@ -589,7 +604,6 @@ { "name": "static.googleadsserving.cn", "include_subdomains": true, "pins": "google" }, { "name": "urchin.com", "include_subdomains": true, "pins": "google" }, { "name": "www.googlegroups.com", "include_subdomains": true, "pins": "google", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" }, - { "name": "youtube.com", "include_subdomains": true, "pins": "google" }, { "name": "youtu.be", "include_subdomains": true, "pins": "google" }, { "name": "youtube-nocookie.com", "include_subdomains": true, "pins": "google" }, { "name": "ytimg.com", "include_subdomains": true, "pins": "google" }, @@ -3381,7 +3395,6 @@ { "name": "uploadbeta.com", "include_subdomains": true, "mode": "force-https" }, { "name": "wholebites.com", "include_subdomains": true, "mode": "force-https" }, { "name": "wikipedia.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "woresite.jp", "include_subdomains": true, "mode": "force-https" }, { "name": "agonswim.com", "include_subdomains": true, "mode": "force-https" }, { "name": "appharbor.com", "include_subdomains": true, "mode": "force-https" }, { "name": "armory.consulting", "include_subdomains": true, "mode": "force-https" }, @@ -4996,7 +5009,6 @@ { "name": "sandbagexpress.com", "include_subdomains": true, "mode": "force-https" }, { "name": "schelberts.de", "include_subdomains": true, "mode": "force-https" }, { "name": "selfici.cz", "include_subdomains": true, "mode": "force-https" }, - { "name": "simply-premium.com", "include_subdomains": true, "mode": "force-https" }, { "name": "slovakiana.sk", "include_subdomains": true, "mode": "force-https" }, { "name": "sniep.net", "include_subdomains": true, "mode": "force-https" }, { "name": "solsystems.ru", "include_subdomains": true, "mode": "force-https" }, @@ -6152,7 +6164,6 @@ { "name": "esko.bar", "include_subdomains": true, "mode": "force-https" }, { "name": "esocweb.com", "include_subdomains": true, "mode": "force-https" }, { "name": "ethanfaust.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "ethlan.fr", "include_subdomains": true, "mode": "force-https" }, { "name": "eulerpi.io", "include_subdomains": true, "mode": "force-https" }, { "name": "euph.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "everwaking.com", "include_subdomains": true, "mode": "force-https" }, @@ -10400,7 +10411,6 @@ { "name": "pagetoimage.com", "include_subdomains": true, "mode": "force-https" }, { "name": "painosso.org", "include_subdomains": true, "mode": "force-https" }, { "name": "paisaone.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "pajowu.de", "include_subdomains": true, "mode": "force-https" }, { "name": "paperturn.com", "include_subdomains": true, "mode": "force-https" }, { "name": "paperwork.co.za", "include_subdomains": true, "mode": "force-https" }, { "name": "paragreen.net", "include_subdomains": true, "mode": "force-https" }, @@ -10827,7 +10837,6 @@ { "name": "square-src.de", "include_subdomains": true, "mode": "force-https" }, { "name": "squeezemetrics.com", "include_subdomains": true, "mode": "force-https" }, { "name": "srchub.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "srv47.de", "include_subdomains": true, "mode": "force-https" }, { "name": "ssl247.co.uk", "include_subdomains": true, "mode": "force-https" }, { "name": "ssl247.com.mx", "include_subdomains": true, "mode": "force-https" }, { "name": "ssl247.de", "include_subdomains": true, "mode": "force-https" }, @@ -11678,7 +11687,6 @@ { "name": "geeklair.net", "include_subdomains": true, "mode": "force-https" }, { "name": "gamerslair.org", "include_subdomains": true, "mode": "force-https" }, { "name": "gamepad.vg", "include_subdomains": true, "mode": "force-https" }, - { "name": "gersting.net", "include_subdomains": true, "mode": "force-https" }, { "name": "gameisbest.jp", "include_subdomains": true, "mode": "force-https" }, { "name": "geneau.net", "include_subdomains": true, "mode": "force-https" }, { "name": "gameparade.de", "include_subdomains": true, "mode": "force-https" }, @@ -11700,7 +11708,6 @@ { "name": "groupebaillargeon.com", "include_subdomains": true, "mode": "force-https" }, { "name": "grokker.com", "include_subdomains": true, "mode": "force-https" }, { "name": "gtchipsi.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "greiners.net", "include_subdomains": true, "mode": "force-https" }, { "name": "grieg.com", "include_subdomains": true, "mode": "force-https" }, { "name": "gryffin.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "gycis.me", "include_subdomains": true, "mode": "force-https" }, @@ -11897,7 +11904,6 @@ { "name": "loveyounastya.com", "include_subdomains": true, "mode": "force-https" }, { "name": "magicball.co", "include_subdomains": true, "mode": "force-https" }, { "name": "lzkill.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "lwl-foej-bewerbung.de", "include_subdomains": true, "mode": "force-https" }, { "name": "luohua.im", "include_subdomains": true, "mode": "force-https" }, { "name": "luoh.cc", "include_subdomains": true, "mode": "force-https" }, { "name": "mailing-jbgg.com", "include_subdomains": true, "mode": "force-https" }, @@ -12094,7 +12100,6 @@ { "name": "potpourrifestival.de", "include_subdomains": true, "mode": "force-https" }, { "name": "prgslab.net", "include_subdomains": true, "mode": "force-https" }, { "name": "prettytunesapp.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "prescriptiondrugs.com", "include_subdomains": true, "mode": "force-https" }, { "name": "proxybay.tv", "include_subdomains": true, "mode": "force-https" }, { "name": "proslimdiets.com", "include_subdomains": true, "mode": "force-https" }, { "name": "priolkar.com", "include_subdomains": true, "mode": "force-https" }, @@ -12262,7 +12267,6 @@ { "name": "stargatepartners.com", "include_subdomains": true, "mode": "force-https" }, { "name": "stayokhotelscdc-mailing.com", "include_subdomains": true, "mode": "force-https" }, { "name": "stevenhumphrey.uk", "include_subdomains": true, "mode": "force-https" }, - { "name": "stig.io", "include_subdomains": true, "mode": "force-https" }, { "name": "stillblackhat.id", "include_subdomains": true, "mode": "force-https" }, { "name": "stpatricksguild.com", "include_subdomains": true, "mode": "force-https" }, { "name": "stardanceacademy.net", "include_subdomains": true, "mode": "force-https" }, @@ -13320,7 +13324,6 @@ { "name": "anthonyavon.com", "include_subdomains": true, "mode": "force-https" }, { "name": "anystack.xyz", "include_subdomains": true, "mode": "force-https" }, { "name": "apis.world", "include_subdomains": true, "mode": "force-https" }, - { "name": "aponkral.net", "include_subdomains": true, "mode": "force-https" }, { "name": "aponkralsunucu.com", "include_subdomains": true, "mode": "force-https" }, { "name": "appelboomdefilm.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "applelife.ru", "include_subdomains": true, "mode": "force-https" }, @@ -13654,7 +13657,6 @@ { "name": "draugr.de", "include_subdomains": true, "mode": "force-https" }, { "name": "drewgle.net", "include_subdomains": true, "mode": "force-https" }, { "name": "drivercopilot.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "drivya.com", "include_subdomains": true, "mode": "force-https" }, { "name": "dronografia.es", "include_subdomains": true, "mode": "force-https" }, { "name": "dubaieveningsafari.com", "include_subdomains": true, "mode": "force-https" }, { "name": "duch.cloud", "include_subdomains": true, "mode": "force-https" }, @@ -13713,7 +13715,6 @@ { "name": "eurekaarchitecture.com", "include_subdomains": true, "mode": "force-https" }, { "name": "euren.se", "include_subdomains": true, "mode": "force-https" }, { "name": "european-agency.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "eurotravelstar.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "evanhandgraaf.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "evelyndayman.com", "include_subdomains": true, "mode": "force-https" }, { "name": "evlear.com", "include_subdomains": true, "mode": "force-https" }, @@ -14103,7 +14104,6 @@ { "name": "lattyware.com", "include_subdomains": true, "mode": "force-https" }, { "name": "lauftrainer-ausbildung.com", "include_subdomains": true, "mode": "force-https" }, { "name": "lavita.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "lavoieducoeur.be", "include_subdomains": true, "mode": "force-https" }, { "name": "lawrencemurgatroyd.com", "include_subdomains": true, "mode": "force-https" }, { "name": "lazerus.net", "include_subdomains": true, "mode": "force-https" }, { "name": "lebanesearmy.gov.lb", "include_subdomains": true, "mode": "force-https" }, @@ -14135,7 +14135,6 @@ { "name": "lolicon.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "lolkot.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "loopower.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "loveismore.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "lovelivewiki.com", "include_subdomains": true, "mode": "force-https" }, { "name": "lowhangingfruitgrabber.com", "include_subdomains": true, "mode": "force-https" }, { "name": "loxis.be", "include_subdomains": true, "mode": "force-https" }, @@ -16953,7 +16952,6 @@ { "name": "britton-photography.com", "include_subdomains": true, "mode": "force-https" }, { "name": "bqp.io", "include_subdomains": true, "mode": "force-https" }, { "name": "bitstorm.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "azbuki.by", "include_subdomains": true, "mode": "force-https" }, { "name": "backpacker.dating", "include_subdomains": true, "mode": "force-https" }, { "name": "bluepostbox.de", "include_subdomains": true, "mode": "force-https" }, { "name": "black-khat.com", "include_subdomains": true, "mode": "force-https" }, @@ -17183,7 +17181,6 @@ { "name": "elmar-kraamzorg.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "dyrkar.com", "include_subdomains": true, "mode": "force-https" }, { "name": "especificosba.com.ar", "include_subdomains": true, "mode": "force-https" }, - { "name": "everpcpc.com", "include_subdomains": true, "mode": "force-https" }, { "name": "ehito.ovh", "include_subdomains": true, "mode": "force-https" }, { "name": "enaah.de", "include_subdomains": true, "mode": "force-https" }, { "name": "enersec.co.uk", "include_subdomains": true, "mode": "force-https" }, @@ -17365,7 +17362,6 @@ { "name": "herbweb.net", "include_subdomains": true, "mode": "force-https" }, { "name": "hexe.net", "include_subdomains": true, "mode": "force-https" }, { "name": "herbweb.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "hornblasters.com", "include_subdomains": true, "mode": "force-https" }, { "name": "hbdesign.work", "include_subdomains": true, "mode": "force-https" }, { "name": "hunter.io", "include_subdomains": true, "mode": "force-https" }, { "name": "hilnu.tk", "include_subdomains": true, "mode": "force-https" }, @@ -17425,7 +17421,6 @@ { "name": "johnvanhese.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "joshharmon.me", "include_subdomains": true, "mode": "force-https" }, { "name": "homecoming.city", "include_subdomains": true, "mode": "force-https" }, - { "name": "idecode.net", "include_subdomains": true, "mode": "force-https" }, { "name": "ioover.net", "include_subdomains": true, "mode": "force-https" }, { "name": "jinja.ai", "include_subdomains": true, "mode": "force-https" }, { "name": "hirte-digital.de", "include_subdomains": true, "mode": "force-https" }, @@ -18579,7 +18574,6 @@ { "name": "car24portal.de", "include_subdomains": true, "mode": "force-https" }, { "name": "casc.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "chonghe.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "christiangaetano.com", "include_subdomains": true, "mode": "force-https" }, { "name": "caletka.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "ciderclub.com", "include_subdomains": true, "mode": "force-https" }, { "name": "cbintermountainrealty.com", "include_subdomains": true, "mode": "force-https" }, @@ -18626,7 +18620,6 @@ { "name": "clipclip.com", "include_subdomains": true, "mode": "force-https" }, { "name": "chewey.de", "include_subdomains": true, "mode": "force-https" }, { "name": "chokladfantasi.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "chrisu3050.at", "include_subdomains": true, "mode": "force-https" }, { "name": "celina-reads.de", "include_subdomains": true, "mode": "force-https" }, { "name": "chenky.com", "include_subdomains": true, "mode": "force-https" }, { "name": "clickgram.biz", "include_subdomains": true, "mode": "force-https" }, @@ -18682,7 +18675,6 @@ { "name": "cocodemy.com", "include_subdomains": true, "mode": "force-https" }, { "name": "content-design.de", "include_subdomains": true, "mode": "force-https" }, { "name": "countryattire.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "creditstar.lt", "include_subdomains": true, "mode": "force-https" }, { "name": "cubekrowd.net", "include_subdomains": true, "mode": "force-https" }, { "name": "dalingk.com", "include_subdomains": true, "mode": "force-https" }, { "name": "crescent.gr.jp", "include_subdomains": true, "mode": "force-https" }, @@ -19347,7 +19339,6 @@ { "name": "keinefilterblase.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kirillpokrovsky.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kourpe.online", "include_subdomains": true, "mode": "force-https" }, - { "name": "itpros.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "katja-nikolic-design.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kalterersee.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "karlstabo.se", "include_subdomains": true, "mode": "force-https" }, @@ -21099,7 +21090,6 @@ { "name": "bush41.org", "include_subdomains": true, "mode": "force-https" }, { "name": "channellife.com.au", "include_subdomains": true, "mode": "force-https" }, { "name": "channellife.co.nz", "include_subdomains": true, "mode": "force-https" }, - { "name": "coerthas.com", "include_subdomains": true, "mode": "force-https" }, { "name": "chrpaul.de", "include_subdomains": true, "mode": "force-https" }, { "name": "baitulongbaycruises.com", "include_subdomains": true, "mode": "force-https" }, { "name": "co-yutaka.com", "include_subdomains": true, "mode": "force-https" }, @@ -21438,7 +21428,6 @@ { "name": "f43.me", "include_subdomains": true, "mode": "force-https" }, { "name": "fcsic.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "fairedeseconomies.info", "include_subdomains": true, "mode": "force-https" }, - { "name": "ffxiv.cc", "include_subdomains": true, "mode": "force-https" }, { "name": "centralfor.me", "include_subdomains": true, "mode": "force-https" }, { "name": "esaborit.ddns.net", "include_subdomains": true, "mode": "force-https" }, { "name": "fiareapp.red", "include_subdomains": true, "mode": "force-https" }, @@ -21708,7 +21697,6 @@ { "name": "ifightsurveillance.com", "include_subdomains": true, "mode": "force-https" }, { "name": "ifightsurveillance.net", "include_subdomains": true, "mode": "force-https" }, { "name": "hotelaustria-wien.at", "include_subdomains": true, "mode": "force-https" }, - { "name": "hydaelyn.com", "include_subdomains": true, "mode": "force-https" }, { "name": "htaps.com", "include_subdomains": true, "mode": "force-https" }, { "name": "http2.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "hotel-rosner.at", "include_subdomains": true, "mode": "force-https" }, @@ -21924,7 +21912,6 @@ { "name": "kodiaklabs.org", "include_subdomains": true, "mode": "force-https" }, { "name": "kiddyboom.ua", "include_subdomains": true, "mode": "force-https" }, { "name": "jutlander.dk", "include_subdomains": true, "mode": "force-https" }, - { "name": "katzen.me", "include_subdomains": true, "mode": "force-https" }, { "name": "jonkermedia.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "julian-witusch.de", "include_subdomains": true, "mode": "force-https" }, { "name": "knutur.is", "include_subdomains": true, "mode": "force-https" }, @@ -22017,7 +22004,6 @@ { "name": "lifecoach.tw", "include_subdomains": true, "mode": "force-https" }, { "name": "lonesomecosmonaut.com", "include_subdomains": true, "mode": "force-https" }, { "name": "kyoto-tomikawa.jp", "include_subdomains": true, "mode": "force-https" }, - { "name": "lega3.dk", "include_subdomains": true, "mode": "force-https" }, { "name": "lidl-gewinnspiel.de", "include_subdomains": true, "mode": "force-https" }, { "name": "lebens-fluss.at", "include_subdomains": true, "mode": "force-https" }, { "name": "legadental.com", "include_subdomains": true, "mode": "force-https" }, @@ -22173,7 +22159,6 @@ { "name": "mjhsc.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "millanova.wedding", "include_subdomains": true, "mode": "force-https" }, { "name": "mbardot.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "moeyi.xyz", "include_subdomains": true, "mode": "force-https" }, { "name": "michael-steinhauer.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "michaelsulzer.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "mht-travel.com", "include_subdomains": true, "mode": "force-https" }, @@ -22280,7 +22265,6 @@ { "name": "nalepte.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "newbieboss.com", "include_subdomains": true, "mode": "force-https" }, { "name": "neko-nyan.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "newbietech.cn", "include_subdomains": true, "mode": "force-https" }, { "name": "nautsch.de", "include_subdomains": true, "mode": "force-https" }, { "name": "nadejeproninu.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "mariannenan.nl", "include_subdomains": true, "mode": "force-https" }, @@ -23186,7 +23170,6 @@ { "name": "valoremtax.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "winbuzzer.com", "include_subdomains": true, "mode": "force-https" }, { "name": "viafinance.cz", "include_subdomains": true, "mode": "force-https" }, - { "name": "warflame.net", "include_subdomains": true, "mode": "force-https" }, { "name": "windholz.us", "include_subdomains": true, "mode": "force-https" }, { "name": "windwoodmedia.com", "include_subdomains": true, "mode": "force-https" }, { "name": "windwoodweb.com", "include_subdomains": true, "mode": "force-https" }, @@ -23352,7 +23335,6 @@ { "name": "3dproteinimaging.com", "include_subdomains": true, "mode": "force-https" }, { "name": "762.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "9651678.ru", "include_subdomains": true, "mode": "force-https" }, - { "name": "a.ai", "include_subdomains": true, "mode": "force-https" }, { "name": "a3workshop.swiss", "include_subdomains": true, "mode": "force-https" }, { "name": "abdullah.pw", "include_subdomains": true, "mode": "force-https" }, { "name": "abhisharma.me", "include_subdomains": true, "mode": "force-https" }, @@ -23825,7 +23807,6 @@ { "name": "isthnew.com", "include_subdomains": true, "mode": "force-https" }, { "name": "it-cave.com", "include_subdomains": true, "mode": "force-https" }, { "name": "jacobi-server.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "jadefalcons.de", "include_subdomains": true, "mode": "force-https" }, { "name": "jahanaisamu.com", "include_subdomains": true, "mode": "force-https" }, { "name": "jamberrynails.co.uk", "include_subdomains": true, "mode": "force-https" }, { "name": "jan-bucher.ch", "include_subdomains": true, "mode": "force-https" }, @@ -24431,7 +24412,6 @@ { "name": "xenoworld.de", "include_subdomains": true, "mode": "force-https" }, { "name": "xeonlab.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xeonlab.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "xn--0kqx72g4gftob.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xn--cck7f515h.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xn--cctsgy36bnvprwpekc.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xn--jbs-tna.de", "include_subdomains": true, "mode": "force-https" }, @@ -25564,7 +25544,6 @@ { "name": "eintragsservice24.de", "include_subdomains": true, "mode": "force-https" }, { "name": "eisaev.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "ejgconsultancy.co.uk", "include_subdomains": true, "mode": "force-https" }, - { "name": "ejone.co", "include_subdomains": true, "mode": "force-https" }, { "name": "ekonbenefits.com", "include_subdomains": true, "mode": "force-https" }, { "name": "eldritchfiction.net", "include_subdomains": true, "mode": "force-https" }, { "name": "elektro-adam.de", "include_subdomains": true, "mode": "force-https" }, @@ -25821,7 +25800,6 @@ { "name": "fulilingyu.info", "include_subdomains": true, "mode": "force-https" }, { "name": "fuliwang.info", "include_subdomains": true, "mode": "force-https" }, { "name": "fullmatch.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "funandnatural.shop", "include_subdomains": true, "mode": "force-https" }, { "name": "funfunmstdn.tokyo", "include_subdomains": true, "mode": "force-https" }, { "name": "fungame.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "funspins.com", "include_subdomains": true, "mode": "force-https" }, @@ -25906,7 +25884,6 @@ { "name": "glasslikes.com", "include_subdomains": true, "mode": "force-https" }, { "name": "glenhuntlyapartments.com.au", "include_subdomains": true, "mode": "force-https" }, { "name": "globalbridge-japan.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "globalchat.pk", "include_subdomains": true, "mode": "force-https" }, { "name": "globalchokepoints.org", "include_subdomains": true, "mode": "force-https" }, { "name": "globaltennis.ca", "include_subdomains": true, "mode": "force-https" }, { "name": "globalvisions-events.com", "include_subdomains": true, "mode": "force-https" }, @@ -26003,10 +25980,8 @@ { "name": "handgelenkbandage-test.de", "include_subdomains": true, "mode": "force-https" }, { "name": "handsandall.com", "include_subdomains": true, "mode": "force-https" }, { "name": "handymanlondonplease.co.uk", "include_subdomains": true, "mode": "force-https" }, - { "name": "hanglage.de", "include_subdomains": true, "mode": "force-https" }, { "name": "hangtenseo.com", "include_subdomains": true, "mode": "force-https" }, { "name": "hanksservice.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "hanover.edu", "include_subdomains": true, "mode": "force-https" }, { "name": "happycarb.de", "include_subdomains": true, "mode": "force-https" }, { "name": "happydoq.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "hapsfordmill.co.uk", "include_subdomains": true, "mode": "force-https" }, @@ -26117,7 +26092,6 @@ { "name": "htsure.ma", "include_subdomains": true, "mode": "force-https" }, { "name": "httpsecured.net", "include_subdomains": true, "mode": "force-https" }, { "name": "huangguancq.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "hub-reisen.de", "include_subdomains": true, "mode": "force-https" }, { "name": "huduser.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "hulsoft.co.uk", "include_subdomains": true, "mode": "force-https" }, { "name": "human-clone.com", "include_subdomains": true, "mode": "force-https" }, @@ -26141,7 +26115,6 @@ { "name": "hyperreal.biz", "include_subdomains": true, "mode": "force-https" }, { "name": "hypersomnia.com", "include_subdomains": true, "mode": "force-https" }, { "name": "hyperthymia.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "hypnosegosert.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "hysg.me", "include_subdomains": true, "mode": "force-https" }, { "name": "iadttaveras.com", "include_subdomains": true, "mode": "force-https" }, { "name": "ialis.me", "include_subdomains": true, "mode": "force-https" }, @@ -26318,7 +26291,6 @@ { "name": "jgwb.de", "include_subdomains": true, "mode": "force-https" }, { "name": "jgwb.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "jhollandtranslations.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "jikegu.com", "include_subdomains": true, "mode": "force-https" }, { "name": "jinshavip.com", "include_subdomains": true, "mode": "force-https" }, { "name": "jiogo.com", "include_subdomains": true, "mode": "force-https" }, { "name": "jiyue.com", "include_subdomains": true, "mode": "force-https" }, @@ -26417,7 +26389,6 @@ { "name": "kiekko.pro", "include_subdomains": true, "mode": "force-https" }, { "name": "kiel-kind.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kikbb.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "kikura.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kineto.space", "include_subdomains": true, "mode": "force-https" }, { "name": "kingclass.cn", "include_subdomains": true, "mode": "force-https" }, { "name": "kingdomcrc.org", "include_subdomains": true, "mode": "force-https" }, @@ -26448,7 +26419,6 @@ { "name": "kooponline.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "kori.ml", "include_subdomains": true, "mode": "force-https" }, { "name": "korono.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "kosmetik-grothe.de", "include_subdomains": true, "mode": "force-https" }, { "name": "kotomei.moe", "include_subdomains": true, "mode": "force-https" }, { "name": "kovaldo.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "kovals.sk", "include_subdomains": true, "mode": "force-https" }, @@ -26742,7 +26712,6 @@ { "name": "meat.org.uk", "include_subdomains": true, "mode": "force-https" }, { "name": "meathealth.com", "include_subdomains": true, "mode": "force-https" }, { "name": "mecanicadom.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "medicalwikis.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "mediweed.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "meeko.cc", "include_subdomains": true, "mode": "force-https" }, { "name": "meinstartinsleben.com", "include_subdomains": true, "mode": "force-https" }, @@ -26908,7 +26877,6 @@ { "name": "mygeotrip.com", "include_subdomains": true, "mode": "force-https" }, { "name": "mygreatjob.eu", "include_subdomains": true, "mode": "force-https" }, { "name": "mygymer.ch", "include_subdomains": true, "mode": "force-https" }, - { "name": "mylittlemoppet.com", "include_subdomains": true, "mode": "force-https" }, { "name": "mylocalsearch.co.uk", "include_subdomains": true, "mode": "force-https" }, { "name": "mymed.de", "include_subdomains": true, "mode": "force-https" }, { "name": "mymed.eu", "include_subdomains": true, "mode": "force-https" }, @@ -27199,7 +27167,6 @@ { "name": "perspektivwechsel-coaching.de", "include_subdomains": true, "mode": "force-https" }, { "name": "petangen.se", "include_subdomains": true, "mode": "force-https" }, { "name": "petcarvers.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "petrkajzar.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "peuf.shop", "include_subdomains": true, "mode": "force-https" }, { "name": "peyote.org", "include_subdomains": true, "mode": "force-https" }, { "name": "pferdeeinstreu-kaufen.com", "include_subdomains": true, "mode": "force-https" }, @@ -27283,7 +27250,6 @@ { "name": "portalcentric.net", "include_subdomains": true, "mode": "force-https" }, { "name": "portalisapres.cl", "include_subdomains": true, "mode": "force-https" }, { "name": "portugalsko.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "porzgmbh.de", "include_subdomains": true, "mode": "force-https" }, { "name": "positionus.io", "include_subdomains": true, "mode": "force-https" }, { "name": "positive.com.cy", "include_subdomains": true, "mode": "force-https" }, { "name": "post-darwinian.com", "include_subdomains": true, "mode": "force-https" }, @@ -27897,7 +27863,6 @@ { "name": "system.cf", "include_subdomains": true, "mode": "force-https" }, { "name": "system12.pl", "include_subdomains": true, "mode": "force-https" }, { "name": "systemd.ch", "include_subdomains": true, "mode": "force-https" }, - { "name": "sytpartners.com", "include_subdomains": true, "mode": "force-https" }, { "name": "szyndler.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "tac-volley.com", "include_subdomains": true, "mode": "force-https" }, { "name": "tacoma-games.com", "include_subdomains": true, "mode": "force-https" }, @@ -27951,7 +27916,6 @@ { "name": "telly.site", "include_subdomains": true, "mode": "force-https" }, { "name": "tenable.com.au", "include_subdomains": true, "mode": "force-https" }, { "name": "tengu.cloud", "include_subdomains": true, "mode": "force-https" }, - { "name": "tenmm.com", "include_subdomains": true, "mode": "force-https" }, { "name": "tenthousandcoffees.com", "include_subdomains": true, "mode": "force-https" }, { "name": "teranacreative.com", "include_subdomains": true, "mode": "force-https" }, { "name": "teranga.ch", "include_subdomains": true, "mode": "force-https" }, @@ -28328,7 +28292,6 @@ { "name": "whitehathackers.com.br", "include_subdomains": true, "mode": "force-https" }, { "name": "whitejaguars.com", "include_subdomains": true, "mode": "force-https" }, { "name": "whiterabbit.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "whyy.eu.org", "include_subdomains": true, "mode": "force-https" }, { "name": "wiapply.com", "include_subdomains": true, "mode": "force-https" }, { "name": "wiebetaaltdat.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "wificafehosting.com", "include_subdomains": true, "mode": "force-https" }, @@ -28392,7 +28355,6 @@ { "name": "x0r.be", "include_subdomains": true, "mode": "force-https" }, { "name": "x1616.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "x23.eu", "include_subdomains": true, "mode": "force-https" }, - { "name": "x2c0.net", "include_subdomains": true, "mode": "force-https" }, { "name": "xbc.nz", "include_subdomains": true, "mode": "force-https" }, { "name": "xenosphere.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "xfd3.de", "include_subdomains": true, "mode": "force-https" }, @@ -28473,7 +28435,6 @@ { "name": "zavetaji.lv", "include_subdomains": true, "mode": "force-https" }, { "name": "zcgram.com", "include_subdomains": true, "mode": "force-https" }, { "name": "zdorovayasimya.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "zdravotnickainformatika.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "zelfmoord.ga", "include_subdomains": true, "mode": "force-https" }, { "name": "zenghx.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "zero-x-baadf00d.com", "include_subdomains": true, "mode": "force-https" }, @@ -29303,7 +29264,6 @@ { "name": "cydetec.com", "include_subdomains": true, "mode": "force-https" }, { "name": "curvesandwords.com", "include_subdomains": true, "mode": "force-https" }, { "name": "coroasdefloresonline.com.br", "include_subdomains": true, "mode": "force-https" }, - { "name": "creditstar.es", "include_subdomains": true, "mode": "force-https" }, { "name": "crox.co", "include_subdomains": true, "mode": "force-https" }, { "name": "cqn.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "cryptofan.org", "include_subdomains": true, "mode": "force-https" }, @@ -31909,7 +31869,6 @@ { "name": "swisscannabis.club", "include_subdomains": true, "mode": "force-https" }, { "name": "thebakingclass.com", "include_subdomains": true, "mode": "force-https" }, { "name": "sweetair.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "thaimooc.org", "include_subdomains": true, "mode": "force-https" }, { "name": "tekstschrijvers.net", "include_subdomains": true, "mode": "force-https" }, { "name": "thekrewserver.com", "include_subdomains": true, "mode": "force-https" }, { "name": "theosophie-afrique.org", "include_subdomains": true, "mode": "force-https" }, @@ -32496,7 +32455,6 @@ { "name": "10ppm.com", "include_subdomains": true, "mode": "force-https" }, { "name": "8887999.com", "include_subdomains": true, "mode": "force-https" }, { "name": "233abc.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "acasundayschool.com", "include_subdomains": true, "mode": "force-https" }, { "name": "aaomidi.com", "include_subdomains": true, "mode": "force-https" }, { "name": "acat.io", "include_subdomains": true, "mode": "force-https" }, { "name": "420java.com", "include_subdomains": true, "mode": "force-https" }, @@ -33290,7 +33248,6 @@ { "name": "hamking.tk", "include_subdomains": true, "mode": "force-https" }, { "name": "flyspace.ml", "include_subdomains": true, "mode": "force-https" }, { "name": "grupomakben.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "harlan.cc", "include_subdomains": true, "mode": "force-https" }, { "name": "gruenderlehrstuhl.de", "include_subdomains": true, "mode": "force-https" }, { "name": "gzom.ru", "include_subdomains": true, "mode": "force-https" }, { "name": "health-match.com.au", "include_subdomains": true, "mode": "force-https" }, @@ -33495,7 +33452,6 @@ { "name": "kakoo.nl", "include_subdomains": true, "mode": "force-https" }, { "name": "kd.net.nz", "include_subdomains": true, "mode": "force-https" }, { "name": "kakoomedia.nl", "include_subdomains": true, "mode": "force-https" }, - { "name": "konjin.cn", "include_subdomains": true, "mode": "force-https" }, { "name": "jpdeharenne.be", "include_subdomains": true, "mode": "force-https" }, { "name": "judc-ge.ch", "include_subdomains": true, "mode": "force-https" }, { "name": "ivystech.com", "include_subdomains": true, "mode": "force-https" }, @@ -33551,7 +33507,6 @@ { "name": "letsgowhilewereyoung.com", "include_subdomains": true, "mode": "force-https" }, { "name": "konicaprinterdriver.com", "include_subdomains": true, "mode": "force-https" }, { "name": "k3nny.fr", "include_subdomains": true, "mode": "force-https" }, - { "name": "ldvsoft.net", "include_subdomains": true, "mode": "force-https" }, { "name": "lanre.org", "include_subdomains": true, "mode": "force-https" }, { "name": "lifemstyle.com", "include_subdomains": true, "mode": "force-https" }, { "name": "kts-thueringen.de", "include_subdomains": true, "mode": "force-https" }, @@ -33669,7 +33624,6 @@ { "name": "manova.cz", "include_subdomains": true, "mode": "force-https" }, { "name": "luzeshomologadas.com.br", "include_subdomains": true, "mode": "force-https" }, { "name": "marianwehlus.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "martensen.me", "include_subdomains": true, "mode": "force-https" }, { "name": "matcha-iga.jp", "include_subdomains": true, "mode": "force-https" }, { "name": "mayavi.co.in", "include_subdomains": true, "mode": "force-https" }, { "name": "lunasqu.ee", "include_subdomains": true, "mode": "force-https" }, @@ -33792,7 +33746,6 @@ { "name": "nba.download", "include_subdomains": true, "mode": "force-https" }, { "name": "montanana.com", "include_subdomains": true, "mode": "force-https" }, { "name": "myfunworld.de", "include_subdomains": true, "mode": "force-https" }, - { "name": "muthai.in.th", "include_subdomains": true, "mode": "force-https" }, { "name": "nba.gs", "include_subdomains": true, "mode": "force-https" }, { "name": "muzgra.in", "include_subdomains": true, "mode": "force-https" }, { "name": "mehhh.xyz", "include_subdomains": true, "mode": "force-https" }, @@ -34657,7 +34610,6 @@ { "name": "wikibulz.com", "include_subdomains": true, "mode": "force-https" }, { "name": "windowwellcovers.com", "include_subdomains": true, "mode": "force-https" }, { "name": "torontocorporatelimo.services", "include_subdomains": true, "mode": "force-https" }, - { "name": "xfack.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xlfblog.com", "include_subdomains": true, "mode": "force-https" }, { "name": "xlan.be", "include_subdomains": true, "mode": "force-https" }, { "name": "xiangblog.com", "include_subdomains": true, "mode": "force-https" }, @@ -35009,6 +34961,3018 @@ { "name": "rdns.cc", "include_subdomains": true, "mode": "force-https" }, { "name": "veslosada.com", "include_subdomains": true, "mode": "force-https" }, { "name": "www-8522.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "10og.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "2333.press", "include_subdomains": true, "mode": "force-https" }, + { "name": "3fl.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "4baby.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "4xlabs.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "8522club.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "88laohu.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "abona24.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "accbay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "accommodation-berry.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "actionsack.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "agrarking.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "agrarshop4u.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "aldien.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "aliantsoft.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "allpointsblog.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alternador.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "americandistribuidora.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "anchovy.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "anime1.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "antenasmundosat.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "apcemporium.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "apk.li", "include_subdomains": true, "mode": "force-https" }, + { "name": "apn-dz.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "aquarium-supplement.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "arcenergy.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "arcobalabs.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "arian.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "artsinthevalley.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "atlantahairsurgeon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "atwonline.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "auntie-eileens.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "automatethis.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "ayor.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "ayor.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "banksiaparkcottages.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "barsashop.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "bati-alu.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "bearcosports.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "bellavistaoutdoor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bemvindoaolar.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "big-fluglaerm-hamburg.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bonnieradvocaten.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "borisschapira.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "brucemartin.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "bt123.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "budgetlovers.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "bypass.sh", "include_subdomains": true, "mode": "force-https" }, + { "name": "cestasedelicias.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "chentianyi.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "chillebever.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "chocolate13tilias.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "churrasqueirafacil.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "cirurgicalucena.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "civilg20.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "clinicaferrusbratos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "club-reduc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "coderme.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "comflores.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "comodesinflamarlashemorroides.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "comorecuperaratumujerpdf.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "conformax.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "connectedcare.md", "include_subdomains": true, "mode": "force-https" }, + { "name": "corporatecomputingsolutions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cosmeticosdelivery.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "creativeapple.ltd", "include_subdomains": true, "mode": "force-https" }, + { "name": "d.nf", "include_subdomains": true, "mode": "force-https" }, + { "name": "d.nr", "include_subdomains": true, "mode": "force-https" }, + { "name": "dbq.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "deliver.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "denisewakeman.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "deprobe.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "dev-talk.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "digitaljungle.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "dimeponline.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "din-tools.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dingcc.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "do.gd", "include_subdomains": true, "mode": "force-https" }, + { "name": "dracox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dyyn.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "e-cottage.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "educatoys.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "emporiodosperfumes.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "equinecoaching.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "equipeferramentas.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "equityflows.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "esite.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "esprit-cloture.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "faciledireto.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "fameuxhosting.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "fatdoge.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "feld.design", "include_subdomains": true, "mode": "force-https" }, + { "name": "fernangp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fhg90.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fitseven.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "fl0000.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fl010.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fl0666.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "flunschi.goip.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "flyspace.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "forbiddenhistory.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "fr0zenbits.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "frugalfamilyhome.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gallicrooster.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "geaskb.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "geleia-real.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "giftmaniabrilhos.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "globalprojetores.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "great.nagoya", "include_subdomains": true, "mode": "force-https" }, + { "name": "grouphomes.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "gym-old.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "halitopuroprodutos.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "hanys.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "haogoodair.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "hashinteractive.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "heartview.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "helpstarloja.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "homesandal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hotcandlestick.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "howardwatts.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "hulpbijmarketing.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "huskyduvercors.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ineed.com.mt", "include_subdomains": true, "mode": "force-https" }, + { "name": "injust.eu.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "injust.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "insho.fashion", "include_subdomains": true, "mode": "force-https" }, + { "name": "instafind.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "iosnoops.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ishamf.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "istore.lt", "include_subdomains": true, "mode": "force-https" }, + { "name": "itrack.in.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "ivanilla.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "jamaat.hk", "include_subdomains": true, "mode": "force-https" }, + { "name": "jerseylvi2013.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "jiaqiang.vip", "include_subdomains": true, "mode": "force-https" }, + { "name": "jingjo.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "jmotion.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "kakie-kolesa.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangaroovalleykayaks.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangaroovalleymuseum.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangaroovalleyolives.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangaroovalleyshow.org.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangaroovalleywoodcrafts.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "karlsmithmn.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "kazamasion.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kenrogers.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "kingstclinic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "korosiprogram.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "kousaku.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "kvcc.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "kvpc.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "laboiteanem.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakedavid.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "laymans911.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "leipziger-triathlon.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lennartheinrich.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lheinrich.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lheinrich.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "librazy.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "lifesafety.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "lingerielovers.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "littlenina.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "littlepigcreek.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "lojaterrazul.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "lojavalcapelli.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "ls-reallife.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lukasfunk.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "macedopesca.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "macleodnc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "magyarokegyhelyen.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "manududu.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "marilynmartin.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "mathijskingma.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "maury-moteurs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "medeinos.lt", "include_subdomains": true, "mode": "force-https" }, + { "name": "mediafocus.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "memiux.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mexicom.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "microcomploja.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "mika.cat", "include_subdomains": true, "mode": "force-https" }, + { "name": "mimbeim.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "minimbah.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "mittagonggardencentre.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "modaexecutiva.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "moderntld.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mona-antenna.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "movie4kto.stream", "include_subdomains": true, "mode": "force-https" }, + { "name": "mundoarabe.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "mundokinderland.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "mwainc.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "myamend.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mygeneral.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "mylatestnews.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "mytruecare.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "myupdatestar.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myupdatestudio.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myupdatesystems.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nairobibusinessreview.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "naoar.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "neowlan.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "netlentes.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "netmagicas.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "networkposting.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nexusbyte.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "nkb.in.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "nordnetz-hamburg.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "notadd.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "notadd.store", "include_subdomains": true, "mode": "force-https" }, + { "name": "nutrivisa.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "nycoyote.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "officiants.wedding", "include_subdomains": true, "mode": "force-https" }, + { "name": "oleodecopayba.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "opcaobolsas.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "oticasaopaulo.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "oxro.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "panoxadrez.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "paradigi.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "patric-lenhart.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pepemodelismo.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "petofiprogram.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "piatabrasil.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "pinnacles.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "piraten-bv-nord.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pixeame.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "placasonline.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "pnukee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pomardaserra.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pontodogame.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "portalkla.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "powerdent.net.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelogica.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "prestonandsons.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "productived.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "provitec.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pwm.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "qwe7002.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "radicalsub.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "randy.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "raraflora.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "rbran.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rdfz.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "realitea.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "remedioparaherpes.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "revistapequenosolhares.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "rial.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "rimax.vn", "include_subdomains": true, "mode": "force-https" }, + { "name": "rivermist.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "robspeed.rocks", "include_subdomains": true, "mode": "force-https" }, + { "name": "rockuse.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "rohanbassett.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rpine.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "rtsr.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "rubymartin.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "salishseawhalewatching.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "samsungxoa.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sberbank.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "schatmeester.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "selbys.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "semiocast.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "servicevie.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shgt.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "shobhanayogsadan.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shotpixonline.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "simonsaxon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sinuelovirtual.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "sion.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "slpower.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "smackhappy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sohamroy.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "solicafe.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "soundedj.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "spaziobenedetti.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "spaziopervoi.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "ssenberg.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "stainedglass.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "stairlin.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stannahtrapliften.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "steplogictalent.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stilettomoda.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "stonemanbrasil.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "streamthemeeting.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "subwayz.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "sussexwebdesigns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sussexwebdesigns.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "swissid.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "talltreeskv.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "tdrcartuchos.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "teknemodus.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "tempdomain.ml", "include_subdomains": true, "mode": "force-https" }, + { "name": "test02.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "texture.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "thiscode.works", "include_subdomains": true, "mode": "force-https" }, + { "name": "thrivesummit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobias.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "tokoindo.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "topnotchendings.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tougetu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.com.pt", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "transfersummit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tropicalserver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tsedryk.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyroremotes.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "ucac.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "umsapi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "uniformebateriasheliar.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "uniformehope.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "urlachershop.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "valleycode.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vcti.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "viladochurrasco.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "visitkangaroovalley.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "vitra-vcare.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "vividlumen.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vwsoft.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "webbx.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "webless.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "welcome-werkstatt.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "welcome-werkstatt.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "wellcomp.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "wiiaam.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wireless-emergency-stop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wisak.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "wombatalla.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "wowaffixes.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "xehost.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xmiui.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--jywq5uqwqxhd2onsij.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--n8jtcugp92n4wc738f.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--xz1a.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--yj8h0m.ws", "include_subdomains": true, "mode": "force-https" }, + { "name": "xpjcunkuan.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "yeu.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "zecrypto.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zhaoxixiangban.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "zoorigin.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "00220022.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "100rembourse.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "1391kj.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1395kj.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1396.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "1396.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "1er-secours.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "247medplan.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "4mybaby.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "69mentor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "7delights.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "7delights.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "8tuffbeers.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "aalstmotors-usedcars.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "ac0g.dyndns.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "actu-film.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adelightfulglow.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "admins.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "advocate-europe.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "aero-pioneer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "aerotheque.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "agencymanager.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "agrekov.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "ajdiaz.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "akiba-server.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "alexischaussy.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "allmend-ru.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "alloutatl.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "amandasage.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "ambrosius.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "amg-microwave.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "amin.one", "include_subdomains": true, "mode": "force-https" }, + { "name": "amua.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "andel.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewpeng.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "angeloventuri.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "antirepressionbayarea.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "anyfood.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "appartement-evolene.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "apponic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "apps4inter.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "araro.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "areaclienti.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "arenns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "arislight.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "arminc.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "artmaxi.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "asge-handel.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "astroscopy.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "astural.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "atelierssud.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "atelierssud.swiss", "include_subdomains": true, "mode": "force-https" }, + { "name": "august.black", "include_subdomains": true, "mode": "force-https" }, + { "name": "autozane.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "avidcruiser.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "aviv.nyc", "include_subdomains": true, "mode": "force-https" }, + { "name": "ayatk.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "b9110.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "badai.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "bahnbonus-praemienwelt.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bandally.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "basilicaknights.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "bass-pro.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "bat909.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bcnet.com.hk", "include_subdomains": true, "mode": "force-https" }, + { "name": "beehive.govt.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "ben2.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "bengalurugifts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "benjaminpiquet.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "bergevoet-fa.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "bernadetteanderes.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "besthotsales.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bet-99.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "beyondtodaymediagroup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bfrailwayclub.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "bilimoe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bingobank.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "bitcoinkarlsruhe.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bititrain.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bizpare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bkhpilates.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "blenneros.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "blogpentrusuflet.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "bluemeda.web.id", "include_subdomains": true, "mode": "force-https" }, + { "name": "bobstronomie.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "bodymusclejournal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bonamihome.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "bonesserver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "booox.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "booox.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "booox.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "booter.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "botlab.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "bouchonville-knifemaker.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bourqu.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "bowlsheet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "boz.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "bqr.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "brasilien.guide", "include_subdomains": true, "mode": "force-https" }, + { "name": "breathedreamgo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bretcarmichael.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bricolajeux.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "britishsciencefestival.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "bs.sb", "include_subdomains": true, "mode": "force-https" }, + { "name": "btku.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "businessmodeler.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "butikvip.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "bynder.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "capitainebaggy.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "casa-mea-inteligenta.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "catchief.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cdbf.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "cenatorium.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "centurialeonina.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "certmonitor.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "ceso-saco.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "charlesjay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chdgaming.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "cheltik.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "choe.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "chrisnicholas.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "chrisvicmall.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ciansc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cielly.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cifop-numerique.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "clairegold.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "clauseriksen.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "clayandcottonkirkwood.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "codejunkie.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "codespromo.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "compliance-management.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "compuplast.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "convexset.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "coonelnel.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "counselling.network", "include_subdomains": true, "mode": "force-https" }, + { "name": "creativelaw.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "crosspeakoms.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "crowdcloud.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "curamail.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "cyph.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "dailybunda.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dam74.com.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "danyabanya.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "darlastudio66.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dasgeestig.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "datakick.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "datascience.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "datenschutzgrundverordnung.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "datingticino.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "ddel.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "de-mail.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "deeparamaraj.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "denis-martinez.photos", "include_subdomains": true, "mode": "force-https" }, + { "name": "digicert-support.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "digital2web.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dingcc.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "disanteimpianti.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "discoverwellness.center", "include_subdomains": true, "mode": "force-https" }, + { "name": "dismail.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "divenwa.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "donfelino.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "donmaldeamores.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "doriangirod.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "dotnetsandbox.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "doyoutax.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "doze-cloud.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "dreamhack.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "drivewithstatetransit.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "dronebotworkshop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dureuil.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "dusmomente.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dustyspokesbnb.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "dwgf.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "easy-factures.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "easyadsnbanners.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "echodio.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ecovision.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "ecrandouble.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "eellak.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "electricgatemotorgermiston.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "elinevanhaaften.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "elistor6100.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "elixir.bzh", "include_subdomains": true, "mode": "force-https" }, + { "name": "elvisripley.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "enamae.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "enlazaresbueno.cl", "include_subdomains": true, "mode": "force-https" }, + { "name": "entaurus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "eoitek.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "equinox.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "erath.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "esb111.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "espacio-cultural.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "evelienzorgt.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "everlong.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "evileden.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "extreme-players.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ezakazivanje.rs", "include_subdomains": true, "mode": "force-https" }, + { "name": "f-hd.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "f8842.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fafatiger.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fallofthecitadel.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fam-stemmer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fameng.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "felistirnavia.sk", "include_subdomains": true, "mode": "force-https" }, + { "name": "fieldwork-paysage.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "firetotheprisons.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "flopy.club", "include_subdomains": true, "mode": "force-https" }, + { "name": "flucto.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "flyboyfpv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "flytoadventures.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "forgotten-legends.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "forum-bonn.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "foshanshequ.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fotikpro.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "freims.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "frydrychit.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "funoverip.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "fxopen.my", "include_subdomains": true, "mode": "force-https" }, + { "name": "fzx750.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "gaines-sodiamex.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "gamoice.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "geekclubbooks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "geertdegraaf.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "gehreslaw.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "genia-life.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "gfoss.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "gfoss.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "ginijony.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gisgov.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "gitep.org.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "glavsudexpertiza.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "globalventil.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gosciencegirls.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gourmetfestival.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "gozadentro.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gpdimaranathasiantar.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "grailians.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "grandeto.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "grapee.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "greatislandarts.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "gregorkofler.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "grenadiercorps-kaarst.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "grenadiere-kaarst.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "grenadierkorps-kaarst.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "grenadierkorps.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "grothoff.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "guides-peche64.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gustaff.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "gymnaserenens.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "gyre.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "gyrenens.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "haloobaloo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "harald-pfeiffer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "haven-staging.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "haven.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "hcoe.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "helenelefauconnier.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "helpekwendenihospital.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hendric.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "hgfa.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "hhgdo.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "hhidr.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "hialatv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hidedd.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "highlatitudestravel.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hill.selfip.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "hippo.ge", "include_subdomains": true, "mode": "force-https" }, + { "name": "hlacosedora.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hoast.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "hoflerlawfirm.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "holistichealer.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "hollandguns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "homeownersassociationmanagementla.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hong.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "hontoir.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "hoopertechnicalsolutions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "houtinee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "howmanymilesfrom.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hqwebhosting.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "htlball.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "hua-in.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "humanesources.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "huzurmetal.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "hybridiyhdistys.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "hybridklubben.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "ibrainmedicine.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "icmhd.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "idatha.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ifort.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "ima-tourcoing.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "imgul.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "immo-passion.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "independencerecovery.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "inexlog.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "ingo-schlueter.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ingoschlueter.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "inter-corporate.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "intraobes.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ioslo.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "ip3office.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "iplantom.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ipo-times.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "islandpumpandtank.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ispringcloud.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "ittop-gabon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ivanpolchenko.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "izumi.tv", "include_subdomains": true, "mode": "force-https" }, + { "name": "jakewalker.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "james-parker.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "janada.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "jeremy-chen.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "jevisite.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "jinmaguoji.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jm22.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "joespaintingpgh.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jokerice.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "jons.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ju1ro.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "juandesouza.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jurassicgolf.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "juristeo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jvanerp.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "jxir.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "kainetsoft.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kangzaber.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kanis.ag", "include_subdomains": true, "mode": "force-https" }, + { "name": "katyusha.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kdbx.online", "include_subdomains": true, "mode": "force-https" }, + { "name": "kinetiq.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kitegarage.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "kiteschoolschellinkhout.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "kiteschoolwijkaanzee.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "kj1391.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kj1396.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kj1397.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "klustermedia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kneblinghausen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "knightsweep.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "koddsson.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "komintek.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "kotori.love", "include_subdomains": true, "mode": "force-https" }, + { "name": "kplnet.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kram.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "krumberconsulting.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kwedo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kxah35.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kylerwood.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "l7world.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "la-maison.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "lars.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "larsbauer.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "laurenlobue.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "leevealdc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lernplattform-akademie.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lhconsult.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "liautard.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "limodo-shop.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "listen.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "livekortti.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "llslb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lockr.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "logiciel-entreprise-seurann.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "love4taylor.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "lovemysafetynet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lsys.ac", "include_subdomains": true, "mode": "force-https" }, + { "name": "luftreiniger.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "lukasschauer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lunight.ml", "include_subdomains": true, "mode": "force-https" }, + { "name": "macustar.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "madeinchezmoi.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "madesurveying.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "magnoliastrong.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "makemejob.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "marti201.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "marykatrinaphotography.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "matomeathena.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "matthewtester.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "maxhorvath.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mayoristassexshop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mazda-thermote.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mcuexchange.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "meincoach.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "melonstudios.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "meruri.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "miaoubox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "miboulot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mikevesch.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "minimaltimer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mir.pe", "include_subdomains": true, "mode": "force-https" }, + { "name": "mklpedia.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "mokeedev.review", "include_subdomains": true, "mode": "force-https" }, + { "name": "molti.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "montas.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "morepay.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "mosaic-design.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "moube.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "mrpropop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mubiflex.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "multimail.work", "include_subdomains": true, "mode": "force-https" }, + { "name": "multivpn.com.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "my-contract.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "my-contract.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "my-contract.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "my-host.ovh", "include_subdomains": true, "mode": "force-https" }, + { "name": "mybb.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "myday.eu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myhair.asia", "include_subdomains": true, "mode": "force-https" }, + { "name": "myspa.asia", "include_subdomains": true, "mode": "force-https" }, + { "name": "nataldigital.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nathumarket.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "natives-team.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "nawroth.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "neavision.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "nerot.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "neuch.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "nezrouge-est-vaudois.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "ngiemboon.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "nico.st", "include_subdomains": true, "mode": "force-https" }, + { "name": "niess.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "nightbutterflies.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nijikata.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nikz.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "nkautoservice.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "nosyu.pe.kr", "include_subdomains": true, "mode": "force-https" }, + { "name": "nova-wd.org.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "noyocenter.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "nrev.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "nuamooreaindonesia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oakington.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "obamalibrary.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "obrienlab.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oc-sa.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "octohedralpvp.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "officium.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "ogis.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "ohchouette.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ohd.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "okanaganrailtrail.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "olmsted.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "onebigcow.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "onix.eu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "onlineweblearning.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "open-source.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "opencluster.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "openwifi.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "originalniknihy.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "owngeek.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "padzilla.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pagedesignhub.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pagedesignpro.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pagedesignshop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "paichai.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "passionatehorsemanship.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pastorsuico.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "paul-bronski.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pawsomebox.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "payssaintgilles.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "pcipac.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "penticton.photography", "include_subdomains": true, "mode": "force-https" }, + { "name": "peoplelikemeapp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "performaride.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "periodismoactual.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "persjrp.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "petwall.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "pgcpbc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "philippbirkholz.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pingworks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pingworks.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pingworks.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "pingworks.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "pixelurbia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pizzacook.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "pizzeria-mehrhoog.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "planbox.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "plitu.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pluggedhead.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pomocniczy.eu.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "popi.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "posoiu.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "postpot.co.kr", "include_subdomains": true, "mode": "force-https" }, + { "name": "prescriptionrex.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "primordialsnooze.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "principalstest.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "probiv.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "prof.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "projectx.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "projest.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "promolover.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "proplan.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "provence-appartements.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pscleaningsolutions.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "purrfect-box.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "pwi.agency", "include_subdomains": true, "mode": "force-https" }, + { "name": "qhse-professionals.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "qualite-ecole-et-formation.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "quality-life.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "quanterra.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "quantor.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "r-ay.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "ragnaroktop.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "ram.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "rambii.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "random-samplings.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "randombit.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "recantoshop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "recantoshop.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "redair.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "renascentia.asia", "include_subdomains": true, "mode": "force-https" }, + { "name": "renaultclubticino.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "report-incident.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "republic.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "restoruns.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "rivercruiseadvisor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "robinflikkema.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "roeldevries.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "rootsbar.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "rosesciences.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "roussos.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "rove3d.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rtc.fun", "include_subdomains": true, "mode": "force-https" }, + { "name": "ruby-auf-schienen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ruigomes.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "ruitershoponline.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "rulutv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ryssland.guide", "include_subdomains": true, "mode": "force-https" }, + { "name": "s0923.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sabatek.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "saco-ceso.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sallysubs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sandburner.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "santmark.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "saxojoe.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "sb-tuning.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "scriptum.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "scswam.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "seatshare.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "secutrans.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "seraph.tokyo", "include_subdomains": true, "mode": "force-https" }, + { "name": "serrano-chris.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "serw.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "setuid0.kr", "include_subdomains": true, "mode": "force-https" }, + { "name": "severine-trousselard.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sevinci.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "sexshopsgay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sgthotshot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sheepfriends.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shipinsight.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shoprsc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shrinidhiclinic.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "silashes.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "silentmode.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "simmis.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "simon-mueller.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "simpbx.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "sinkip.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sinomod.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sistimiki-anaparastasi.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "skol.bzh", "include_subdomains": true, "mode": "force-https" }, + { "name": "smartlogreturns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "smartlogstock.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "smartlogtower.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sneakypaw.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "snelbv.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "ss.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stage4.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "starlim.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "static-assets.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "stefan-schlueter.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "steyaert.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "stikkie.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "stl.news", "include_subdomains": true, "mode": "force-https" }, + { "name": "stomadental.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "store-host.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stoxford.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stream-ing.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "stumeta.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "stumeta2018.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "stylett.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "sunlandsg.vn", "include_subdomains": true, "mode": "force-https" }, + { "name": "supertasker.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "surdam.casa", "include_subdomains": true, "mode": "force-https" }, + { "name": "survivalistplanet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "swilly.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "swvaux.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sy24.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "systea.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "systea.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "tab.watch", "include_subdomains": true, "mode": "force-https" }, + { "name": "taggedpdf.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "taim.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "tardybaker.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tavsys.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "taxi-24std.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tech-value.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "techarea.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "technicabv.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "teskalabs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "teva-li.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tfx.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "tfx.pt", "include_subdomains": true, "mode": "force-https" }, + { "name": "tfxstartup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tfxstartup.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "tgmkanis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thebasebk.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "thegym.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "thehivedesign.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "thepaulagcompany.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thepromisemusic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "therise.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "thesharedbrain.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "thesharedbrain.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thesteins.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "thestrategyagency.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "thewebflash.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thiepcuoidep.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thijsslop.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "thomas-fahle.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tibipg.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ticketslover.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tiendafetichista.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "timesavingplugins.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "timesavingplugins.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "tivido.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "torbe.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "trackersimulator.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "traditional-knowledge.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "trazosdearte.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "treeremovaljohannesburg.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "trixati.org.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "trollingeffects.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "tschuermans.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "turismo.cl", "include_subdomains": true, "mode": "force-https" }, + { "name": "type1joe.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "type1joe.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "typeonejoe.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "typeonejoe.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "umkmjogja.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "uni2share.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "uniteasia.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "upgamerengine.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "upsiteseo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "urbanguerillas.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "vagrantcloud.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vannaos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vannaos.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vanvoro.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "variablyconstant.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "varimedoma.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vbcdn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "verbierfestival.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vidiproject.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vierdaagsehotel.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "viltsu.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vinticom.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "virtusaero.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "visual-cockpit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vivirenelmundo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "voltimax.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "voxfilmeonline.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "wahidhasan.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "waka88.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wandercue.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "warschild.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "washingtonregisteredagent.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "watchfreeonline.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "wbci.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "wbx.support", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "webneuch.swiss", "include_subdomains": true, "mode": "force-https" }, + { "name": "weyland-yutani.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "widegab.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wintermeyer-consulting.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "wintermeyer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "wordpresspro.cl", "include_subdomains": true, "mode": "force-https" }, + { "name": "workcloud.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "wrenwrites.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wrksheet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xboxonex.shop", "include_subdomains": true, "mode": "force-https" }, + { "name": "xega.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--8dry00a7se89ay98epsgxxq.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--f9jh4f4b4993b66s.tokyo", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--p8jskj.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "y3451.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ytreza.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "zadarkside.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "zero-sum.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "zhiku8.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ziemlich-zackig.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ziemlichzackig.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "zokster.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "zouk.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "zuan-in.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "zug.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "zurgl.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zypr.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "zyzardx.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "0wx.cat", "include_subdomains": true, "mode": "force-https" }, + { "name": "0wx.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "0wx.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "0wx.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "1511774230.rsc.cdn77.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "300mbmovie24.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "330.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "518maicai.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "88laohu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "899699.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "98laba.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "98laba.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "abvlbasketviganello.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "academie-de-police.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "allesisonline.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "alphabetsigns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewdaws.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "angelic47.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "annrusnak.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "anstaskforce.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "baconate.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "badpackets.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "bageluncle.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "baglu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "brucemobile.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bulletbabu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "c-aeroconsult.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "calypsogames.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "capital-match.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "centennialradon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "complexsystems.fail", "include_subdomains": true, "mode": "force-https" }, + { "name": "cranforddental.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "crea.bg", "include_subdomains": true, "mode": "force-https" }, + { "name": "cusfit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cyberlightapp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dado.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "dado.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "dado.virtual.museum", "include_subdomains": true, "mode": "force-https" }, + { "name": "danielschreurs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "deflect.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "dezshop24.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dijks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "disavow.tools", "include_subdomains": true, "mode": "force-https" }, + { "name": "discreet-condooms.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "dlde.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "dosyauzantisi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "downtownvernon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "doyouedc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "drchristinehatfield.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "durexwinkel.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "dwscdv3.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "eagleindustriesltd.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "edtech-hub.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "elementarywave.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "elwave.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "emeraldcoastrideshare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emmanuelle-et-julien.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "englishlol.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "esolcourses.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "f1fever.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "f1fever.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "f5w.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fauvettes.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "ffkoenigsberg.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "firma-cerny.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "floriantanner.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "flue-ducting.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "getrambling.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "goldcoasthypnotherapyhypnosis.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "hairtonic-lab.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hearingshofar.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "highlevelwoodlands.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hips.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "huangzenghao.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "huangzenghao.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hulldevs.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "hydrasolutions.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "hypotheekbond.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "hzh.pub", "include_subdomains": true, "mode": "force-https" }, + { "name": "iemb.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "iideaz.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "investingdiary.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "ipop.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "isamiok.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ivxv.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "jayna.design", "include_subdomains": true, "mode": "force-https" }, + { "name": "jm06.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "joeldrapper.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jorisdalderup.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "kancolle.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "kauplusprofesional.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "krsn.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "kuzbass-pwl.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "landflair-magazin.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lavitrine-une-collection.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "logostock.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "luav.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ma-eir.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "mail4geek.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "malte-kiefer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "maslife365.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "masterhelenaroma.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "matchboxdesigngroup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "maynardnetworks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mongla168.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mongla88.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mylene-chandelier.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "mysize-condooms.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "nabaleka.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "naturalspacesdomes.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "newbietech.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "nextrobotics.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "novelabs.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "o-sp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oliverspringer.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "onelawsuit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "papatest24.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pathwaystoresilience.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "pik.bzh", "include_subdomains": true, "mode": "force-https" }, + { "name": "politeiaudesa.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "press-presse.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "psw-consulting.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "quizionic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rclsm.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "resoundpro.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "risiinfo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "royalcitytaxi.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "royalcitytaxi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sahb.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "samaritainsmeyrin.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "sat7a-riyadh.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sbanken.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "schlueter-software.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "searchbrothers.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "searchbrothers.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "seo-lagniappe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "seproco.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shushu.media", "include_subdomains": true, "mode": "force-https" }, + { "name": "spacehighway.ms", "include_subdomains": true, "mode": "force-https" }, + { "name": "spiritualregression.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "squidparty.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "suelyonjones.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "telos-analytics.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "test.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "the-body-shop.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "thesecondsposts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thestoryshack.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "timco.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "tsurezurematome.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "type1joe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "upgamerengine.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vernonfilmsociety.bc.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "vernonfishandgame.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "vers.one", "include_subdomains": true, "mode": "force-https" }, + { "name": "victoriaville.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "vivremoinscher.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "wadvisor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wai-in.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "web.bzh", "include_subdomains": true, "mode": "force-https" }, + { "name": "webslake.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "whatarepatentsfor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "yoxall.me.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "yuna.love", "include_subdomains": true, "mode": "force-https" }, + { "name": "zamocosmeticos.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "zoomek.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "06se.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1000serien.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "11thstreetcoffee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "123pay.ir", "include_subdomains": true, "mode": "force-https" }, + { "name": "1590284872.rsc.cdn77.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "173vpns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1888zr.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1gsoft.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "1wl.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "2bitout.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "3dm.audio", "include_subdomains": true, "mode": "force-https" }, + { "name": "3logic.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "3mbo.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "3plusdesign.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "440hz-radio.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "4share.tv", "include_subdomains": true, "mode": "force-https" }, + { "name": "68277.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "69butterfly.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "7links.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "8ballbombom.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "a1scuba.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "a1scubastore.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "abaapplianceservice.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "abcdentalcare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "abeilles-idapi.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "academy4.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "achtzehnterachter.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "actionlabs.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "activeclearweb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adamh.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "adeline.mobi", "include_subdomains": true, "mode": "force-https" }, + { "name": "adesa-asesoria.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adhigamindia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adm-sarov.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "admin-serv.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "adriancitu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adriancostin.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "adult.properties", "include_subdomains": true, "mode": "force-https" }, + { "name": "advancedprotectionkey.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "advancedprotectionsecuritykey.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "adws.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "aehe.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "affily.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "afterhate.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "agent-grow.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "agglo-sion.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "agiairini.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "agouraelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "agourahillselectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ahfazahmed.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "ahughes03.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "aijsk.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "air-craftglass.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "airductclean.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "airtimefranchise.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ais.fashion", "include_subdomains": true, "mode": "force-https" }, + { "name": "ajibot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alaboard.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alchimic.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "alexeykopytko.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alexmol.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "algoentremanos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alien.bz", "include_subdomains": true, "mode": "force-https" }, + { "name": "all-markup-news.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "allegro-inc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "allproptonline.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "allstarautokiaparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "allurescarves.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "almaatlantica.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "alpengreis.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "alpertron.com.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "alphera.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "alternativebit.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "alvcs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "amorgos-aegialis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewdaws.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewdaws.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewdaws.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewrdaws.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "andrewryno.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "andro2id.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "angel-body.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "anime1.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "annettewindlin.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "anoxinon.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "anthedesign.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "antoinebetas.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "aomberg.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "appt.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "aprefix.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "araxis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "area3.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "arethsu.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "arganaderm.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "ariba.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "arizonaautomobileclub.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "arjanvaartjes.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "arjunasdaughter.pub", "include_subdomains": true, "mode": "force-https" }, + { "name": "armeni-jewellery.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "arnoudraeven.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "arnoudvandalen.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "aseith.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ashmportfolio.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "asianshops.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "asoul.tw", "include_subdomains": true, "mode": "force-https" }, + { "name": "assempsaibiza.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "astarmathsandphysics.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "astenotarili.online", "include_subdomains": true, "mode": "force-https" }, + { "name": "astrosnail.pt.eu.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "astutr.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "asustreiber.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "atmocdn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "aubergegilly.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "augrandinquisiteur.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "auroraassociationofrealtors.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "auslandsjahr-usa.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "austincardiac.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "austinheap.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "auszeit-lanzarote.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "authland.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "autoinsurancehavasu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "automatic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "auvious.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ava-software.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "aventurische-allianz.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "awomaninherprime.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "axelteichmann.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "axxial.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "az-vinyl-boden.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "b-entropy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "b72.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "backschues.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bairdzhang.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "balihai.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ballroom.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "bankfreeoffers.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "banksaround.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "barbarafeldman.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "baris-sagdic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bariskaragoz.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "barrera.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "barriofut.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bartzutow.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "basedonline.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "basketball-brannenburg.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bastolino.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "batiburrillo.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "batteryservice.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "baychimo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bayinstruments.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bazaarcompass.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bb37roma.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "bblsa.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "bclogandtimberbuilders.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "beatrizaebischer.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "bebes.uno", "include_subdomains": true, "mode": "force-https" }, + { "name": "bedfordnissanparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "beermedlar.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "behamzdarma.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "bentley.blog", "include_subdomains": true, "mode": "force-https" }, + { "name": "berdaguermontes.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "berrus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "berrypay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bertsmithvwparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.club", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.ninja", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.rocks", "include_subdomains": true, "mode": "force-https" }, + { "name": "besb66.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "beserberg.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "beslider.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bestbonuses.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "betecnet.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bewerbungsfoto-deinfoto.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "bewertet.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bezemkast.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "bft-media.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bhost.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "biaoqingfuhao.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "biaoqingfuhao.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "bidorbuy.co.ke", "include_subdomains": true, "mode": "force-https" }, + { "name": "billyoh.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bin95.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "binhex.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "birthmatters.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "bismarck-tb.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bitenose.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bjarnerest.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "blackandpony.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "blackevent.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "blacklightparty.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "blindaryproduction.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "blizhost.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "blkbx.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "blogging-life.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "blogom.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "bloom-avenue.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "blumen-binder.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "bmw-motorradclub-seefeld.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "bnstree.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "booter.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "borisavstankovic.rs", "include_subdomains": true, "mode": "force-https" }, + { "name": "borrelpartybus.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "bosabosa.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "bounceapp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bozemancarpetcleaningservices.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "braunwarth.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "brck.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.name", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "brecknell.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "briangarcia.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "brianwesaala.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bridgingdirectory.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "brilliantproductions.co.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "brinkmann.one", "include_subdomains": true, "mode": "force-https" }, + { "name": "brio-ukraine.store", "include_subdomains": true, "mode": "force-https" }, + { "name": "brunner.ninja", "include_subdomains": true, "mode": "force-https" }, + { "name": "bs-security.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bs12v.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "bsohoekvanholland.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "btcgo.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "btcycle.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "btth.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "buddie5.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "budeanu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "budgetenergievriendenvoordeel.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "builtvisible.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "burghardt.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "burningbird.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "bushcraftfriends.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "bustadice.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "buydesired.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "buyharpoon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "c2design.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "c2lab.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "cabotfinancial.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "calabasaselectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "calotte-academy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "camaras.uno", "include_subdomains": true, "mode": "force-https" }, + { "name": "camarilloelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "camilomodzz.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "caoyu.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "capuchinox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "carlili.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "carol-lambert.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "carrando.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "carrierplatform.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "carthedral.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "casamariposaspi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cashlogic.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "caspicards.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "catbull.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "catdecor.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "catgirl.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "cavevinsdefrance.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "ccgx.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "centralcountiesservices.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "centredaccueil.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "certmonitor.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "cfno.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "cgsmart.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chambion.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "charakato.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "charlimarie.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chatsworthelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chaverde.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "cheapestgamecards.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "cheapiesystems.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cheesefusion.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chellame.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chellame.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "chessreporter.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "childrenandmedia.org.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "chinatrademarkoffice.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "chocolatier-tristan.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "chowii.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "christian-liebel.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "christiancleva.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "christianfaq.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "christopher-simon.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "chupadelfrasco.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cine.to", "include_subdomains": true, "mode": "force-https" }, + { "name": "cinteo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cinto.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "cipher.land", "include_subdomains": true, "mode": "force-https" }, + { "name": "circlebox.rocks", "include_subdomains": true, "mode": "force-https" }, + { "name": "cirugiasplasticas.com.mx", "include_subdomains": true, "mode": "force-https" }, + { "name": "cisoaid.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "citton.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "cjessett.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cjr.host", "include_subdomains": true, "mode": "force-https" }, + { "name": "claretandbanter.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "clarity-c2ced.appspot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cleancode.club", "include_subdomains": true, "mode": "force-https" }, + { "name": "clinia.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "clnnet.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "cloudbreaker.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "cloudimproved.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cloudimprovedtest.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "club-adulti.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "cluj.apartments", "include_subdomains": true, "mode": "force-https" }, + { "name": "cnrd.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "codeventure.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "coingate.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "colorblindprogramming.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "colorectalcompounding.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "comicrelief.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "comicwiki.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "commechezvous.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "community-cupboard.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "comopuededejardefumar.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "compostatebien.com.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "concertengine.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "conciliumnotaire.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "concursopublico.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "concursosabertos.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "conniesacademy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "controle.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "contxt-agentur.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "cool110.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "coptkm.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "coresos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "corlitocaffe.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "corpulant.coffee", "include_subdomains": true, "mode": "force-https" }, + { "name": "corpulantcoffee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "corpulent.coffee", "include_subdomains": true, "mode": "force-https" }, + { "name": "corpulentcoffee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "crackcat.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "crawfordcountytcc.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "creepypastas.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "crewplanner.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "criena.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "crisisactual.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cross-link.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "crypalert.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "csilies.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "cstb.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "cuanhua3s.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cuentasmutualamr.org.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "customgear.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "cuxpool.club", "include_subdomains": true, "mode": "force-https" }, + { "name": "cvjd.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "cyber-perikarp.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "cyclop-editorial.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "cypresslegacy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "daciamodellen.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "daevel.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "dakotasilencer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "danielas.boutique", "include_subdomains": true, "mode": "force-https" }, + { "name": "darc-mak.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dark-infection.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "darkx.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "data-detox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "data-detox.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "data.govt.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "davesinclair.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "day.vip", "include_subdomains": true, "mode": "force-https" }, + { "name": "dbtsai.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dealbanana.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "deanbank.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "debrusoft.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "debuis.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "dechat.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "deconsolutions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "decorland.com.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "deephill.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "defman.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "defont.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "deinfoto.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "delicioustable.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "delogo.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "delta.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "demijn.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "democraticdifference.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dennisang.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "denous.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "dermacarecomplex.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dersix.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "detechnologiecooperatie.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "dethikiemtra.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "detype.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "devcast.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "dezet-ev.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dfixit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dgportals.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "diagnocentro.cl", "include_subdomains": true, "mode": "force-https" }, + { "name": "diario-egipto.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "diejanssens.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "dietagespresse.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "diggable.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "digicert.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "digital-compounds.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dimitrisotiropoulosbooks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "directtwosolutions.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "direwolfsoftware.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "dirk-scheele.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "discount24.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "discountmania.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "discountplush.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ditisabc.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "divedowntown.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "djipanov.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dnfc.rocks", "include_subdomains": true, "mode": "force-https" }, + { "name": "dockerm.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "documaniatv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "doesnotscale.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "domengrad.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "domian.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "dominik-schlueter.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "donnoval.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "donpaginasweb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "donzool.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "doopdidoop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dora.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "dotbrick.co.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "dowc.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "dpwsweeps.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "dr-schuessler.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dragoncave.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "dragonheartsrpg.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "drchristophepanthier.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dreamonkey.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "driver61.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "driverscollection.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "drixn.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "drixn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "drixn.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "drixn.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "droithxn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "droso.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "drubn.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dtg-fonds.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dtg-fonds.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "dtg-fonds.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "dtnx.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "dublin-traceroute.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "dufrei.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "dutch.desi", "include_subdomains": true, "mode": "force-https" }, + { "name": "dvdland.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "dyktig.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "dzet.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "e2feed.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "e64.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "easycoding.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "eauxdespleiades.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "ecolemathurincordier.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "edenvalerubbleremovals.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "edhesive.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "edstep.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "eggert.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ejusu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ekobudisantoso.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "eldrid.ge", "include_subdomains": true, "mode": "force-https" }, + { "name": "elexprimidor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "elijahgrey.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "eliyah.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "elosuite.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "elsensohn.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "elyasweb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emailtools.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "emma-o.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emojiengine.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emolafarm.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emoticonesjaponeses.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "empireauto-2000.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "employer.guru", "include_subdomains": true, "mode": "force-https" }, + { "name": "emresaglam.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "emultiagent.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "endangeredwatch.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "energisammenslutningen.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "enflow.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "englishdirectory.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "enotecastore.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "enrollapp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "enterprivacy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "epave.paris", "include_subdomains": true, "mode": "force-https" }, + { "name": "epi.one", "include_subdomains": true, "mode": "force-https" }, + { "name": "epilis.gr", "include_subdomains": true, "mode": "force-https" }, + { "name": "eposkent.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "eposleeds.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "eposwales.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "epulsar.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "ereader.uno", "include_subdomains": true, "mode": "force-https" }, + { "name": "ericorporation.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ers35.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "erspro.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "esball.tv", "include_subdomains": true, "mode": "force-https" }, + { "name": "eshepperd.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "esp.community", "include_subdomains": true, "mode": "force-https" }, + { "name": "espace-caen.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "esslm.sk", "include_subdomains": true, "mode": "force-https" }, + { "name": "estcequejailaflemme.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "estespr.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "etccooperative.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "etincelle.ml", "include_subdomains": true, "mode": "force-https" }, + { "name": "etre-vivant.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "evailoil.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "everydaywot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "everytruckjob.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "excentos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "exdamo.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "expatmortgage.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "expatriate.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "expo-america.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "eyps.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "eznfe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "facebooktsukaikata.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "facepunch.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "fahmed.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "failover.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "failover.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "fakerli.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fakti.bg", "include_subdomains": true, "mode": "force-https" }, + { "name": "familie-leu.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "familletouret.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "fantasyescortsbirmingham.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "farcecrew.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "farid.is", "include_subdomains": true, "mode": "force-https" }, + { "name": "fastcommerce.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "fastonline.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "fatidique.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fc.media", "include_subdomains": true, "mode": "force-https" }, + { "name": "fcitasc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "feastr-dev.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "featuredmen.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fedux.com.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "feedough.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "feeltennis.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "felgitscher.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "femanca.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fensterbau-mutscheller.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fernandob.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fernandobarillas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "festaprylar.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "festival-tipps.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ff-bg.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "ffl123.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fiftynorth.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "filecopa.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "filterflasche-kaufen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "find-job-in.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "finer04.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "firstchoicepool.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "firstq.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "fiuxy.bz", "include_subdomains": true, "mode": "force-https" }, + { "name": "fl0222.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "flehm.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "flets-ms.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fliacuello.com.ar", "include_subdomains": true, "mode": "force-https" }, + { "name": "flightzero.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "flirtfaces.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "flucky.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "flugplatz-edvc.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "flygpost.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fondy.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "fondy.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "fonte-trading.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "foodserve.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "foot.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "forbusiness.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "forman.store", "include_subdomains": true, "mode": "force-https" }, + { "name": "formkiq.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "forourselves.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fortran.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "foxphotography.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "frantorregrosa.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "frauenarzt-zinke.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fredliang.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "free8.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "freecam2cam.site", "include_subdomains": true, "mode": "force-https" }, + { "name": "freedomkiaparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "freeexampapers.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "freelandinnovation.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fridayfoucoud.ma", "include_subdomains": true, "mode": "force-https" }, + { "name": "froh.co.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "frozen-geek.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "fs-maistadt.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fscott.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fsky.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "fsps.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "fuckcie.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fujianshipbuilding.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fulgenzis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "functional.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "fundacionfranciscofiasco.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "futurefire.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "g-rom.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "gabethebabetv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "galerieautodirect.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gallerify.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "galpaoap.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "gamekeepers.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "gamerpoets.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "games4theworld.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "gamesplanet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gameswitchers.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "garage-door.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "garage-leone.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gautham.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "gauthier.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "gazette.govt.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "gbit.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "gboys.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "gdhzcgs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "geekbaba.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gehrke.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "genemesservwparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "genesistrading.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "genevoise-entretien.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "geniusteacher.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "geraldsonrealty.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "germanssky.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "getgeek.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "getgeek.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "getgeek.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "getgeek.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "getpost.online", "include_subdomains": true, "mode": "force-https" }, + { "name": "getwisdom.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "getyourlifestraight.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ggrks-asano.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ggs-marschallstrasse.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ghi.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "giftedconsortium.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gilangcp.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "giochistem.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "gitla.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "globalresistancecorporation.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "glofox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gluecksgriff-taschen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "goldenplate.com.sg", "include_subdomains": true, "mode": "force-https" }, + { "name": "gonx.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "gouforit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "grantcooper.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "grayscale.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "green-light.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "green-light.co.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "green-light.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "green-light.gq", "include_subdomains": true, "mode": "force-https" }, + { "name": "green-light.ml", "include_subdomains": true, "mode": "force-https" }, + { "name": "greenwithdecor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gs93.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "gtravers-basketmaker.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "gtts.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "guarajubaimoveis.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "guardianproject.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "guelphhydropool.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "guid2steamid.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "guidedselling.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "gulfstream.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "gviedu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "gxgx.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "h-suppo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "h2cdn.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "haarlemsesaxofoonschool.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "hackbeil.name", "include_subdomains": true, "mode": "force-https" }, + { "name": "hackingsafe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "haha-raku.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "half-logic.eu.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "hansolrella.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "harald-d.dyndns.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "haritsa.co.id", "include_subdomains": true, "mode": "force-https" }, + { "name": "haroldsharpe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "harryharrison.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "harrypottereditor.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "havasuhomepage.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "havasuinsurance.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "haze-productions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "haze.network", "include_subdomains": true, "mode": "force-https" }, + { "name": "haze.productions", "include_subdomains": true, "mode": "force-https" }, + { "name": "head.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "health-plan-news.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "healtheals.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "heap.zone", "include_subdomains": true, "mode": "force-https" }, + { "name": "hearmeraw.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "heartwoodart.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hearty.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "heilpraxis-bgl.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "hell.sh", "include_subdomains": true, "mode": "force-https" }, + { "name": "hemnet.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "hendersonrealestatepros.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "henkbrink.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "herndl.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "hertz.bj", "include_subdomains": true, "mode": "force-https" }, + { "name": "hetene.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "hiddenprocess.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hideouswebsite.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hirezzportal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hivatalinfo.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "hochzeitsfotograf-deinfoto.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "holad.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "holidaysportugal.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "homatism.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "homeodynamics.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "homeownersinsurancenevada.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "homeownersinsurancenv.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hoplongtech.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "horrendous-servers.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "horror-forum.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "hostme.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "hotplate.co.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "hottestwebcamgirls.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "hpeditor.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "hserver.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "htmlvalidator.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hubok.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "hudrydum.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "hukutuu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hulet.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "humanexperiments.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hyckenberg.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "i-proswiss.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "iacono.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "iberiaversicherungen.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ibiz.mk", "include_subdomains": true, "mode": "force-https" }, + { "name": "icondoom.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "ideashop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "idsoccer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ieeesb.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "ieeesbe.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "iewar.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ifelse.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "igorw.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ihacklabs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ihatethissh.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "ihc.im", "include_subdomains": true, "mode": "force-https" }, + { "name": "ijn-dd.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "ikenmeyer.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "ilhan.name", "include_subdomains": true, "mode": "force-https" }, + { "name": "iligang.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "imlinan.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "impactpub.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "inchcape-fleet-autobid.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "indianaantlersupply.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "indieethos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "indogerman.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "infinitiofmarinparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "info-d-74.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "infopulsa.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "inforisposte.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "infoworm.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "inge-r.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "innerform.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "innovation-workshop.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "instawi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "instelikes.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "insult.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "integratedmedicalonline.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "intellinetixvibration.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "internetmarkets.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "intraxia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "introvertedtravel.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "inventix.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "investnext.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "investorloanshub.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "invisible-college.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "iphonote.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ipnetworking.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "is-sw.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "it-world.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "itds-consulting.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "iterader.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "itsasaja.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "itsevident.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "itzap.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "ivanbenito.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "iwell.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "j-elliott.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "janssen.fm", "include_subdomains": true, "mode": "force-https" }, + { "name": "japaneseemoticons.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "japanesenames.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "japanwatches.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "jaroku.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jasmijnwagenaar.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "jdc.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "jeec.ist", "include_subdomains": true, "mode": "force-https" }, + { "name": "jemoticons.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jens-prangenberg.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "jesuslucas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jetsetboyz.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "jimbutlerkiaparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jimslop.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "jlponsetto.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jmoreau.ddns.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "jmsolodesigns.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jmssg.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "jobs-in-tech.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jobtestprep.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "jobtestprep.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "jobzninja.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "joe262.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "joearodriguez.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "joedoyle.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "joetyson.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "joetyson.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "johand.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "johanli.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "johannespichler.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "johnbeil.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "johngaltgroup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "jokedalderup.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "joker.menu", "include_subdomains": true, "mode": "force-https" }, + { "name": "jooksuratas.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "jpod.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "jpslconsulting.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "juergenspecht.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "juergenspecht.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "juliaoantiguidades.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "juniperroots.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "jurke.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "justbelieverecovery.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "justzz.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "juventusmania1897.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "k8r.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "kaatha-kamrater.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "kabeltv.co.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "kantorkita.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kanzshop.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kaomojis.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kara-fabian.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "karina.gd", "include_subdomains": true, "mode": "force-https" }, + { "name": "kathegiraldo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "katzspeech.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kazu.click", "include_subdomains": true, "mode": "force-https" }, + { "name": "kdw.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "keshausconsulting.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kevinfoley.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "kevinfoley.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "kidswallstickers.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "kievradio.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kimisia.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "kinow.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kirchen-im-web.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "kirill.ws", "include_subdomains": true, "mode": "force-https" }, + { "name": "kiteschoolkatwijk.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "kiteschoolnoordwijk.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "kj-prince.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kjellner.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kks-karlstadt.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "knnet.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "knownsec.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "knurps.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "koenen-bau.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "koetjesenkanker.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "komok.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "kondi.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "konzertheld.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "koolikatsed.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "kopteva.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "koumuwin.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kpfanworld.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "krasavchik.by", "include_subdomains": true, "mode": "force-https" }, + { "name": "krokodent.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "krugoval.hr", "include_subdomains": true, "mode": "force-https" }, + { "name": "kudo.co.id", "include_subdomains": true, "mode": "force-https" }, + { "name": "kuechenprofi-group.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "kuehnel-online.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "kupid.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kusochi.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "kutus.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "kwcolville.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kwyxz.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "kyberna.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "kyle.place", "include_subdomains": true, "mode": "force-https" }, + { "name": "la-tourmaline.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "laatikko.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "labiblioafronebrulepas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "labobooks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ladybugjam.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ladylikeit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lafema.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "lagazzettadigitale.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakarwebb.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakehavasucityhomebuyerscredit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakehavasuhomebuyercredit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakehavasuhouserentals.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakehavasuhouses.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lakehavasuwebsites.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lalyre-corcelles.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lanetix.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lanseyujie.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lanturtle.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "larraz.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "lasepiataca.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "latabledemontebello.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "laufcampus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lavamob.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lavapot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "le130rb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "learnplayground.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ledzom.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "leideninternationalreview.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "leinfelder.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "lennyfaces.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "leon.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "leretour.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lesplatanes.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lesterrassesdusoleil.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lexpartsofac.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lianwen.kim", "include_subdomains": true, "mode": "force-https" }, + { "name": "libmpq.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "lidl-menubox.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lifeinhex.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lifematenutrition.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "likc.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "likenewhearing.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "limunana.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lindsayanderson.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "linernotekids.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lingting.vip", "include_subdomains": true, "mode": "force-https" }, + { "name": "linksextremist.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "lipo.lol", "include_subdomains": true, "mode": "force-https" }, + { "name": "living24.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "localhorst.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "locksmithrandburg24-7.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "logement.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lolcow.farm", "include_subdomains": true, "mode": "force-https" }, + { "name": "lolhax.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "longhorn-imports.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lottospielen24.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "love4taylor.eu.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "lstma.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lubar.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "luganskservers.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "lunidea.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "lunidea.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "luso-livros.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "luvare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "luxcraft.eng.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "luxonetwork.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "lycly.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "lynnmosher.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "m4g.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "mabankonline.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "macaw.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "mach1club.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "magasindejouets.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "magentapinkinteriors.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "mahansexcavating.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "maik-mahlow.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "mailjet.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "mailto.space", "include_subdomains": true, "mode": "force-https" }, + { "name": "majkyto.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "maku.edu.tr", "include_subdomains": true, "mode": "force-https" }, + { "name": "maldives.cx", "include_subdomains": true, "mode": "force-https" }, + { "name": "malibuelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "malvy.kiev.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "mamanecesitaungintonic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mamospienas.lt", "include_subdomains": true, "mode": "force-https" }, + { "name": "mandm.servebeer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "manfredgruber.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mankans.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "manneguiden.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "manualscollection.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "manuel-schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "maosi.xin", "include_subdomains": true, "mode": "force-https" }, + { "name": "marciaimportados.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "marco-kretz.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "markridgwell.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "markridgwellcom.appspot.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "markup-ua.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "markusgran.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "marocemploi.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "marxist.party", "include_subdomains": true, "mode": "force-https" }, + { "name": "maryeclark.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "massage4u.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mat99.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "matheo-schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "matriterie-sdv.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "matrixreq.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "maxisito.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "maxrandolph.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "maydex.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "mazyun.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mazzotta.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "mbits.solutions", "include_subdomains": true, "mode": "force-https" }, + { "name": "media-pi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mediadandy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mediagenic.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "mediationculturelleclp.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "medstreaming.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "medtankers.management", "include_subdomains": true, "mode": "force-https" }, + { "name": "meetingfriends.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "meeusen-usedcars.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "mehmetakif.edu.tr", "include_subdomains": true, "mode": "force-https" }, + { "name": "mehr-schulferien.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "meierhofer.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "melakaltenegger.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "melaniebernhardt.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "melbourneapartments.website", "include_subdomains": true, "mode": "force-https" }, + { "name": "melikoff.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "melina-schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "memetrash.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "memorygame.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "menole.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "menole.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "menole.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "mercadopago.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "merimatka.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "merlet.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "messagescelestes.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "metalu.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "meteo-parc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "metrix.design", "include_subdomains": true, "mode": "force-https" }, + { "name": "meupedido.online", "include_subdomains": true, "mode": "force-https" }, + { "name": "mfgod.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mhi.web.id", "include_subdomains": true, "mode": "force-https" }, + { "name": "micaiahparker.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "micalodeal.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "michael-schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "michael-schilling.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "michaelasawyer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "michaelpfrommer.pub", "include_subdomains": true, "mode": "force-https" }, + { "name": "michaeltaboada.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "microdesic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "midriversmotorsllc.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "milionshop.sk", "include_subdomains": true, "mode": "force-https" }, + { "name": "minigames.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "minimaliston.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "minschuns.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "minto.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "mitrostudios.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "miukimodafeminina.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "miyugirls.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mkset.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "mneeb.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "mnitro.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mode-hautnah.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "mohio.co.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "mojavenissanofbarstowparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "molecularbiosystems.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "mon-trafic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "monpetitforfait.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "monpetitmobile.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "montopolis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "moorparkelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mortgagecalculator.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "mostlyoverhead.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "motomorgen.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "motoroilinfo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "motorpointarenacardiff.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "motorring.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "moveltix.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "movil.uno", "include_subdomains": true, "mode": "force-https" }, + { "name": "moy.cat", "include_subdomains": true, "mode": "force-https" }, + { "name": "mrleonardo.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ms-host.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "msch.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "mszavodumiru.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "mullen.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "multi-vpn.biz", "include_subdomains": true, "mode": "force-https" }, + { "name": "multirep.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "multivpn.cn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "multivpn.com.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "multivpn.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "munecoscabezones.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "murraycolin.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "musclecarresearch.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "musearchengine.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "musicall.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "musicalschwarzenburg.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "mustasj.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "myaggic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mybloggedlife.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myclinicalstudybuddy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mydmdi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myforfaitmobile.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mygaysitges.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mygoldennetwork.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mymp3singer.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "myndcommunication.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mynewselfbariatrics.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "mynn.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "mypress.mx", "include_subdomains": true, "mode": "force-https" }, + { "name": "mypup.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "myrandomtips.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "myrotvorets.center", "include_subdomains": true, "mode": "force-https" }, + { "name": "mz-mz.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "n-m.lu", "include_subdomains": true, "mode": "force-https" }, + { "name": "nadaquenosepas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "naiaspa.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "natureflo.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "natusvita.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "nbrii.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ncea.net.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "nclvle.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "negraelinda.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "neko-nyan-nuko.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nekoku.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "nesantuoka.lt", "include_subdomains": true, "mode": "force-https" }, + { "name": "newmovements.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "nexxus-sistemas.net.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "nfluence.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "niadd.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nickguyver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nickmorri.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "niclasreich.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "nien.gq", "include_subdomains": true, "mode": "force-https" }, + { "name": "nienkeslop.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "nintendoforum.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "nixonlibrary.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "nlbewustgezond.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "nlfant.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "nodefiles.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "noglobalwarrants.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "nordmoregatebilklubb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "northcountykiaparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "northridgeelectrical.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "notdienstreform-nordrhein.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "nouma.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "nowremindme.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nutonic-sports.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "nvq.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "nydnxs.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oben.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "oberam.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "octal.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "odoo.co.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "oestepaulista.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "offersgame.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "officeprint.co.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "oganime.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ohadsoft.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ojomovies.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "okakuro.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "okin-jp.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "oldking.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "oliveoiltimes.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "omnisiens.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "on-te.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "on-tech.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "onestepfootcare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oniria.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "onlinebillingform.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "onlinecasino.vlaanderen", "include_subdomains": true, "mode": "force-https" }, + { "name": "onlinerollout.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "onlineth.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "onsite4u.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "ontdekhetzelf.nu", "include_subdomains": true, "mode": "force-https" }, + { "name": "ooharttemplates.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "openfitapi-falke.azurewebsites.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "openresty.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "openspa.webhop.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "openwaveguide.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "opinion8td.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "opinionicentrifuga.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "opinionipannolini.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "opryshok.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "orcsnet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "oribia.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "orthodontiste-geneve-docteur-rioux.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "orui.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "oskrba.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "otakurumi.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "outdoorimagingportal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "overdrive-usedcars.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "owl-stat.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "owlishmedia.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "paazmaya.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "pagalworld.la", "include_subdomains": true, "mode": "force-https" }, + { "name": "painlessproperty.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "paktolos.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "pantallasled.com.mx", "include_subdomains": true, "mode": "force-https" }, + { "name": "pantographe.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "parisescortgirls.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "parleamonluc.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "partycentrumdebinnenhof.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "pascal-kannchen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "passfoto-deinfoto.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "passionpictures.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "passports.govt.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "passwordkeeperbooks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pasztor.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "patrick-robrecht.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "patrickbusch.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "patrickneuro.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "paulshir.is", "include_subdomains": true, "mode": "force-https" }, + { "name": "pcvirusclear.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "perfectbalance.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "peuterspeelzaalhoekvanholland.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "pg-forum.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "phdhub.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "photodeal.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "piedfeed.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "piercing-store.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pilani.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "piratepay.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "piratepay.ir", "include_subdomains": true, "mode": "force-https" }, + { "name": "pitot-rs.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "pixlfox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pizzagigant.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "pko.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "plakbak.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "planetau2.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "planete-secu.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "planitz.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "planitz.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "plant-gift.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "planteforum.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "plextv.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "plumber-in-sandton.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "plussizereviews.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pmessage.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "pnimmobilier.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "pocketfruity.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pogoswine.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pointhost.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pokomichi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "polandb2b.directory", "include_subdomains": true, "mode": "force-https" }, + { "name": "polish.directory", "include_subdomains": true, "mode": "force-https" }, + { "name": "poly-fast.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ponga.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "ponteus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pop-corn.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "popoway.cloud", "include_subdomains": true, "mode": "force-https" }, + { "name": "popoway.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "portsdebalears.gob.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "postfalls-naturopathic.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "potworowski.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "pourout.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "powersergthisisthewebsitefuckyouscott.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "pptavmdata.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "praerien-racing.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "praxis-dingeldey.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "precode.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "preis-alarm.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "preis-alarm.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "prelved.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "pretwolk.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "priorityelectric.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "privacymanatee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "privatepropertymallorca.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "privatewolke.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "privcloud.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "privu.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "prlved.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "pro-ing.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "probely.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "processesinmotion.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "proft.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "progiscad.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "project-splash.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "project-stats.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "projectherogames.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "promoterms.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "provectus.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "provitacare.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "proximityradio.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "prpsss.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "psb4ukr.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "psu.je", "include_subdomains": true, "mode": "force-https" }, + { "name": "ptal.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "purplebooth.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "pv-paderborn-now.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "q8mp3.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "qq-navi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "quareal.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "quasseldroid.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "question.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "qwertee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "radio-utopie.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "raeven.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "rainbowstore.com.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "rainpaper.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "randy.su", "include_subdomains": true, "mode": "force-https" }, + { "name": "rb-china.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "reaiaer.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "realestateradioshow.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "realhost.name", "include_subdomains": true, "mode": "force-https" }, + { "name": "realum.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "realum.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "realum.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "realum.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "reaven.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "rebelessex.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "reboxonline.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "recetasdecocinaideal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "redshoeswalking.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "ref1oct.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "refficience.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "refreshliving.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "reimu.ink", "include_subdomains": true, "mode": "force-https" }, + { "name": "reismil.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "reneleu.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "replicaswiss.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "requestr.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "resolvefa.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "resolvefa.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "resourceconnect.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "restauranttester.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "reversecanada.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "reverseloansolutions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "reversesouthafrica.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "review.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "rhese.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "rhiskiapril.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rhnet.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "richardcrosby.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "ricknox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rienasemettre.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "risada.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "rivierasaints.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "rmcbs.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "robinvdmarkt.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "robpol86.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rockymountainspice.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "roemhild.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "rofl.com.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "romande-entretien.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "romantelychko.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ronanrbr.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "roninf.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "roolevoi.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "rossiworld.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rrwolfe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rskuipers.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rsldb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "rsm-intern.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "rtenews.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "rtesport.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "rubbleremovalsbenoni.co.za", "include_subdomains": true, "mode": "force-https" }, + { "name": "rushiiworks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ruskod.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "rwky.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "ryzhov.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "sabine-forschbach.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "sabineforschbach.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "saclier.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "sacred-knights.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "saint-astier-triathlon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "samanthahumphreysstudio.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "samanthasgeckos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sameworks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "samsonova.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "samsungphonegenerator.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "samyerkes.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "santmark.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "saoneth.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "sarariman.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "saronno5stelle.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "sarpsb.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "saterdalen.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "savinggoliath.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "scangeo.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "sceptique.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "schefczyk.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "schefczyk.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "schefczyk.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "scheuchenstuel.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "schlafguru.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "schmetterlingsapp.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "schroepfi.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "schulfotograf-deinfoto.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "schwanke.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "schwarzes-muenchen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "schwinnbike.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "science-network.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "scis.com.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "scorp13.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "scripo-bay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "scuolaguidalame.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "scw.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "se7ensins.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "search-job-in.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sebascelis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sebastiaperis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "seceye.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "secure-gw.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "secureindia.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "securiscan.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "seikatu-navi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "seitai-taiyou.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "selectcertifiedautos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "selkiemckatrick.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sellguard.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "sentinel.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "septfinance.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "sergos.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "serve-a.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "servea.com.au", "include_subdomains": true, "mode": "force-https" }, + { "name": "serveatechnologies.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "servfefe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "setkit.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "setyoursite.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "sewafineseam.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sewoo.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "sexservice.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "sfaturiit.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "shariahlawcenter.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shariahlawcenter.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "sharialawcenter.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sharialawcenter.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "sharingcode.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shaunharker.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shelleystoybox.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "shopods.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "showroom.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "sicilianbalm.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sieulog.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "significados.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "siikarantacamping.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "silviamacallister.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "simpleinout.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "simplewire.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "simplylovejesus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sin.swiss", "include_subdomains": true, "mode": "force-https" }, + { "name": "singerwang.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sistel.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "skei.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "skynethk.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "slowsociety.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "smarthinking.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "smartmomsmartideas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "smeso.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "smimea.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "smuncensored.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "snaptools.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "sncdn.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sneaker.date", "include_subdomains": true, "mode": "force-https" }, + { "name": "sniderman.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "sniderman.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "sniderman.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "socialdj.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "soldbygold.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "sonyforum.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "soomee.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "soomee1.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "sozai-good.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sparta-solutions.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "speechmate.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "speerpunt.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "spiellawine.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "spiralschneiderkaufen.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "splendidspoon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "spookquest.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "spreadthenews.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "squirex2.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "srvc.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "st-steuern.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "stadterneuerung-hwb.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "startuplevel.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stb-schefczyk.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "steamerrors.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "steckel.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "steffi-in-australien.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stellarvale.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "stembureauledenindenhaag.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "stevenkwan.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "stevesdrivingschooltyneside.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stickmanventures.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stlu.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "stodieck.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stonehammerhead.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "strm.hu", "include_subdomains": true, "mode": "force-https" }, + { "name": "studienservice.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "studio-fotografico.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "studying-neet.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stupidstatetricks.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "stuudium.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "styloeart.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "subastasdecarros.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "suchprogrammer.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "summitmasters.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "superbowlkneel.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "supercinebattle.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "supportdesk.nu", "include_subdomains": true, "mode": "force-https" }, + { "name": "suuria.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "suvidhaapay.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sw33tp34.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "sweepay.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "swiftconf.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "switch.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "switzerland-family-office.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "syajvo.if.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "synecek11.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "synthetik.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tacotown.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "takuyaphotos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "talenthero.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "tanz.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "tb-itf.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tbs-certificates.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "tc.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "tcb-a.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "tcb-b.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "tdchrom.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "teatrarium.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "techask.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "technoinfogroup.it", "include_subdomains": true, "mode": "force-https" }, + { "name": "techpit.us", "include_subdomains": true, "mode": "force-https" }, + { "name": "telecomwestland.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "telefoncek.si", "include_subdomains": true, "mode": "force-https" }, + { "name": "templateinvaders.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tennismindgame.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "terrainator.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "text-shirt.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "the-finance-blog.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "theboxofcarlos.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thecrew-exchange.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thecuriouscat.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "thedrunkencabbage.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "theeducationchannel.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "theevergreen.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "theferrarista.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thefrk.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "thehookup.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "thestoritplace.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "theswissbay.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "thirdworld.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "thomasmcfly.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thomassen.sh", "include_subdomains": true, "mode": "force-https" }, + { "name": "thriftdiving.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ticketluck.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ticketsmate.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tickit.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "tiffanytravels.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tijo.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "tik.edu.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "tik.help", "include_subdomains": true, "mode": "force-https" }, + { "name": "timeatlas.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "timer.fit", "include_subdomains": true, "mode": "force-https" }, + { "name": "tkn.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "tkw01536.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tlca.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "tlcnet.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "tntmobi.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobaccore.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobaccore.sk", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobias-bauer.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobias-kluge.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobis-rundfluege.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tobis-webservice.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "tollfreeproxy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "toom.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "topshelfcommercial.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "torchantifa.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "totallynotaserver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tounyou-raku.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "toushi-exe.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "trackrecordpro.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "tradingbhavishya.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "traditionsvivantesenimages.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "trainline.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "travelmyth.ie", "include_subdomains": true, "mode": "force-https" }, + { "name": "tremlor.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "trhastane.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tridimage.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "trymegadrol.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tsuki.moe", "include_subdomains": true, "mode": "force-https" }, + { "name": "ttbonline.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "ttdsevaonline.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "turigum.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "tutanota.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "twittelzie.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "tylerharcourt.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "tylerharcourt.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "typist.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "tyreis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "u1100.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "u1144.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "u2fanlife.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ucppe.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ueni.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "uhuru-market.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ullah.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "ultimatemafia.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "unicorn.li", "include_subdomains": true, "mode": "force-https" }, + { "name": "unieducar.org.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "unikoingold.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "unknownbreakup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "upgamerengine.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "uploadbro.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ursae.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "urukproject.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ussuka.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ut-addicted.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "uuit.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "uzaymedya.com.tr", "include_subdomains": true, "mode": "force-https" }, + { "name": "v-d-p.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "v2bv.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vacationfund.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "valentinera.in", "include_subdomains": true, "mode": "force-https" }, + { "name": "valesdev.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "valika.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "valkor.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "vanderkroon.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "vareillefoundation.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "vareillefoundation.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "variable.agency", "include_subdomains": true, "mode": "force-https" }, + { "name": "vcdn.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "vcsjones.codes", "include_subdomains": true, "mode": "force-https" }, + { "name": "vectorwish.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "veke.fi", "include_subdomains": true, "mode": "force-https" }, + { "name": "vekenz.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "venturavwparts.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "venturum.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "venturum.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "venturum.eu", "include_subdomains": true, "mode": "force-https" }, + { "name": "venturum.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vernaeve-usedcars.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "vernonhouseofhope.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vernonsecureselfstorage.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "verteilergetriebe.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "vetforum.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "vgolos.zt.ua", "include_subdomains": true, "mode": "force-https" }, + { "name": "vichiya.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "victorgbustamante.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "victoriaartist.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "victoriastudio.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "videov.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "vikodek.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "viralboombox.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "vitahook.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "vizards.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "vkennke.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "voids.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "voipkb.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "volkerwesselstransfer.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "volkerwesselswave.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "vongerlach.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "vonski.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "votercircle.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "voyagesdetective.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "vozami.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vpls.co.th", "include_subdomains": true, "mode": "force-https" }, + { "name": "vpls.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vpls.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "vplssolutions.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vranjske.co.rs", "include_subdomains": true, "mode": "force-https" }, + { "name": "vsamsonov.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vuzi.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "warenits.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "watchtv-online.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "wbit.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "webaeon.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "webapky.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "webappky.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "webclimbers.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "webkeks.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "webnoob.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "websites4business.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "webspire.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "webtar.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "webwinkelwestland.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "wecanvisit.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wecobble.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "week.report", "include_subdomains": true, "mode": "force-https" }, + { "name": "weerda.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "weigelia.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "weimz.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "weinbergerlawgroup.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wellcom.co.il", "include_subdomains": true, "mode": "force-https" }, + { "name": "wellnesscheck.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "welzijnkoggenland.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "werk-34.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "werkemotion.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wesreportportal.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "weyland.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "whereismyorigin.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "who-calledme.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "whoisthenightking.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wien52.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "wifi-names.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wiiforum.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "wiki-play.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "wild-turtles.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wili.li", "include_subdomains": true, "mode": "force-https" }, + { "name": "willekeinden.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "willowdalechurch.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "winfieldchen.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "wisdomize.me", "include_subdomains": true, "mode": "force-https" }, + { "name": "wishesbee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wittepapaver.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "witting.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "wjg.ca", "include_subdomains": true, "mode": "force-https" }, + { "name": "wjg.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "wollongongbaptist.hopto.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "workcelerator.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "worldpeacetechnology.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wpdesigner.ir", "include_subdomains": true, "mode": "force-https" }, + { "name": "wpenhance.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wroffle.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.gq", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.kiwi", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.ml", "include_subdomains": true, "mode": "force-https" }, + { "name": "wumbo.tk", "include_subdomains": true, "mode": "force-https" }, + { "name": "www-49889.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "www-68277.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "www68277.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "x2c0.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "x7plus.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xanderweaver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xblau.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xiamenshipbuilding.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--grnderlehrstuhl-0vb.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--hllrigl-90a.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--ktha-kamrater-pfba.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--ykrp42k.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "xn--zettlmeil-n1a.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "xoda.pw", "include_subdomains": true, "mode": "force-https" }, + { "name": "xonn.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "xpwn.cz", "include_subdomains": true, "mode": "force-https" }, + { "name": "yaru.one", "include_subdomains": true, "mode": "force-https" }, + { "name": "yephy.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "yibaoweilong.top", "include_subdomains": true, "mode": "force-https" }, + { "name": "yinga.ga", "include_subdomains": true, "mode": "force-https" }, + { "name": "yorcool.nl", "include_subdomains": true, "mode": "force-https" }, + { "name": "youcanfuckoff.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "youhua.ru", "include_subdomains": true, "mode": "force-https" }, + { "name": "youth2009.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "youtsuu-raku.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "yqjf68.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ytbmp3.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ytbmp4.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "yum0.cn", "include_subdomains": true, "mode": "force-https" }, + { "name": "yutuo.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "yuxuan.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "ywyz.tech", "include_subdomains": true, "mode": "force-https" }, + { "name": "zach.codes", "include_subdomains": true, "mode": "force-https" }, + { "name": "zaoext.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zarpo.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "zavec.com.ec", "include_subdomains": true, "mode": "force-https" }, + { "name": "zebbra.ro", "include_subdomains": true, "mode": "force-https" }, + { "name": "zeguigui.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zestylemon.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "zetrov.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "zettlmeissl.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "zhang.nz", "include_subdomains": true, "mode": "force-https" }, + { "name": "zhitanska.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ziondrive.com.br", "include_subdomains": true, "mode": "force-https" }, + { "name": "zivver.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zodiacohouses.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zoo.city", "include_subdomains": true, "mode": "force-https" }, + { "name": "zug.io", "include_subdomains": true, "mode": "force-https" }, + { "name": "zuiacg.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zuppy.pm", "include_subdomains": true, "mode": "force-https" }, + { "name": "zuralski.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "zutsu-raku.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "zwy.ch", "include_subdomains": true, "mode": "force-https" }, + { "name": "zyciedlazwierzat.pl", "include_subdomains": true, "mode": "force-https" }, + { "name": "188522.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "arai21.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "arto.bg", "include_subdomains": true, "mode": "force-https" }, + { "name": "arvutiladu.ee", "include_subdomains": true, "mode": "force-https" }, + { "name": "awf0.xyz", "include_subdomains": true, "mode": "force-https" }, + { "name": "axel-fischer.science", "include_subdomains": true, "mode": "force-https" }, + { "name": "byiu.info", "include_subdomains": true, "mode": "force-https" }, + { "name": "cal.goip.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "clintonplasticsurgery.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "cloudberlin.goip.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "comw.cc", "include_subdomains": true, "mode": "force-https" }, + { "name": "dantransports.fr", "include_subdomains": true, "mode": "force-https" }, + { "name": "extreme-players.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fejes.house", "include_subdomains": true, "mode": "force-https" }, + { "name": "freifunk-burgaltendorf.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "fukushimacoffee.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "fysesbjerg.dk", "include_subdomains": true, "mode": "force-https" }, + { "name": "hcstr.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "huislaw.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "imcsx.co", "include_subdomains": true, "mode": "force-https" }, + { "name": "juchheim-methode.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "junqueiropolis.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "kalender.goip.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "kinepolis-studio.be", "include_subdomains": true, "mode": "force-https" }, + { "name": "kry.no", "include_subdomains": true, "mode": "force-https" }, + { "name": "kry.se", "include_subdomains": true, "mode": "force-https" }, + { "name": "linan.blog", "include_subdomains": true, "mode": "force-https" }, + { "name": "maeplasticsurgery.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "moonchart.co.uk", "include_subdomains": true, "mode": "force-https" }, + { "name": "nautiljon.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "openmirrors.cf", "include_subdomains": true, "mode": "force-https" }, + { "name": "plexhome13.ddns.net", "include_subdomains": true, "mode": "force-https" }, + { "name": "pro-netz.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "schmidtplasticsurgery.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "ssnet.vip", "include_subdomains": true, "mode": "force-https" }, + { "name": "tetsai.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "thederminstitute.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "twinkieman.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "twisted-brains.org", "include_subdomains": true, "mode": "force-https" }, + { "name": "unblocked.pro", "include_subdomains": true, "mode": "force-https" }, + { "name": "upd.jp", "include_subdomains": true, "mode": "force-https" }, + { "name": "uscp8.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "vida.es", "include_subdomains": true, "mode": "force-https" }, + { "name": "viepixel.at", "include_subdomains": true, "mode": "force-https" }, + { "name": "wochennummern.de", "include_subdomains": true, "mode": "force-https" }, + { "name": "wplatin.com", "include_subdomains": true, "mode": "force-https" }, // END OF BULK ENTRIES // Manual additions and changes in Chrome 51 or later that do not belong in a @@ -35025,7 +37989,6 @@ { "name": "wordpress.com", "include_subdomains": false, "mode": "force-https" }, { "name": "www.wordpress.com", "include_subdomains": false, "mode": "force-https" }, { "name": "rugk.dedyn.io", "include_subdomains": true, "mode": "force-https" }, - { "name": "login.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "bicycle-events.com", "include_subdomains": true, "mode": "force-https" }, { "name": "aramado.com", "include_subdomains": true, "mode": "force-https" }, { "name": "bebefofuxo.com.br", "include_subdomains": true, "mode": "force-https" }, @@ -35070,9 +38033,23 @@ { "name": "patrick.dark.name", "include_subdomains": true, "mode": "force-https" }, { "name": "techmasters.andover.edu", "include_subdomains": true, "mode": "force-https" }, { "name": "simpletax.ca", "include_subdomains": true, "mode": "force-https" }, - { "name": "scotthelme.co.uk", "include_subdomains": true, "mode": "force-https", "expect_staple": true, "expect_staple_report_uri": "https://scotthelme.report-uri.io/r/default/staple/reportOnly", "include_subdomains_for_expect_staple": true }, + { + "name": "scotthelme.co.uk", + "mode": "force-https", "include_subdomains": true, + "expect_staple": true, "include_subdomains_for_expect_staple": true, + "expect_staple_report_uri": "https://scotthelme.report-uri.io/r/default/staple/reportOnly", + "expect_ct": true, + "expect_ct_report_uri": "https://scotthelme.report-uri.io/r/default/ct/reportOnly" + }, { "name": "hstspreload.appspot.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "matteomarescotti.it", "include_subdomains": true, "mode": "force-https", "expect_staple": true, "expect_staple_report_uri": "https://matteomarescotti.report-uri.io/r/default/staple/reportOnly", "include_subdomains_for_expect_staple": true }, + { + "name": "matteomarescotti.it", + "mode": "force-https", "include_subdomains": true, + "expect_staple": true, "include_subdomains_for_expect_staple": true, + "expect_staple_report_uri": "https://matteomarescotti.report-uri.io/r/default/staple/reportOnly", + "expect_ct": true, + "expect_ct_report_uri": "https://matteomarescotti.report-uri.io/r/default/ct/reportOnly" + }, { "name": "www.cnet.com", "include_subdomains": true, "mode": "force-https" }, { "name": "alessandroz.pro", @@ -35149,6 +38126,14 @@ "expect_staple_report_uri": "https://photistic.report-uri.io/r/default/staple/reportOnly" }, { "name": "ccu.plus", "include_subdomains": true, "mode": "force-https" }, + { "name": "mitm-software.badssl.com", "include_subdomains": true, "mode": "force-https" }, + { "name": "hyatt.com", "mode": "force-https" }, + { "name": "www.hyatt.com", "include_subdomains": true, "mode": "force-https" }, + { + "name": "www.tumblr.com", + "mode": "force-https", "include_subdomains": false, + "include_subdomains_for_pinning": true, "pins": "tumblr" + }, // END OF MANUAL ENTRIES // TODO(lgarron): hstspreload.org can't scan IPv6-only sites due to Google @@ -35161,6 +38146,7 @@ // eTLD owners who are working towards wide HSTS adoption can request to // preload entries at registration time. // START OF ETLD-OWNER REQUESTED ENTRIES + { "name": "login.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "digital.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "cdcpartners.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "smarterskies.gov", "include_subdomains": true, "mode": "force-https" }, @@ -35173,6 +38159,12 @@ { "name": "earthsystemprediction.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "militaryconsumer.gov", "include_subdomains": true, "mode": "force-https" }, { "name": "osdls.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "identitysandbox.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "employer.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "digitaldashboard.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "reporting.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "hirevets.gov", "include_subdomains": true, "mode": "force-https" }, + { "name": "search.gov", "include_subdomains": true, "mode": "force-https" }, // END OF ETLD-OWNER REQUESTED ENTRIES // To avoid trailing comma changes from showing up in diffs, we place a diff --git a/chromium/net/http/transport_security_state_static.pins b/chromium/net/http/transport_security_state_static.pins index 2ea4f0b84bd..1972b8c2863 100644 --- a/chromium/net/http/transport_security_state_static.pins +++ b/chromium/net/http/transport_security_state_static.pins @@ -253,6 +253,37 @@ YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- +# https://www.digicert.com/digicert-root-certificates.htm +DigiCertSHA2HighAssuranceServerCA +-----BEGIN CERTIFICATE----- +MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy +YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2 +4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC +Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1 +itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn +4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X +sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft +bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy +dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t +L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG +BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ +UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D +aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd +aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH +E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly +/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu +xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF +0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae +cPUeybQ= +-----END CERTIFICATE----- + Tor1 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOpp8zfF+jEbI6R7nxnm @@ -1607,3 +1638,15 @@ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- + +# From https://crbug.com/745781#c7 +TumblrBackup +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRHwz8nF03wWD2yzXa9t +zxuxs0ITJIPofPKNshVgIKg7HIMgZ/i7e5Gr6pfoC/majqbcxPFd/AaGcQLjTxv0 +hnDPOnIicG2NpofNDE8n1cmZ0TM3fNp73E+Rp9Fb0p2uLglLBN4SaXRDNXCGGZBI +uGs1xJmIDdgaYCKMCekvD2xwvpXKO9kcSrA7gvCFFP1hKBI6DAL1CNTBCiRKcm/S +GWJTdi+BsmLN41ctt9HKOJ4/J/yrsl8Fbnatt55dEByJDJnwGvgCvkgYbM+pgc1H +3zdFfyi/c3LKxf6ZkKYRNCSCL3UXZcLZZhHBwwC9kMMJQohmxwkV7t2imWWbtnTX +jQIDAQAB +-----END PUBLIC KEY----- diff --git a/chromium/net/http/transport_security_state_static_unittest0.json b/chromium/net/http/transport_security_state_static_unittest0.json deleted file mode 100644 index 8c89c38a5bb..00000000000 --- a/chromium/net/http/transport_security_state_static_unittest0.json +++ /dev/null @@ -1,175 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// This is a HSTS preloaded list used by the unittests to supply a custom -// preload list when the default one isn't available. For more information on -// the content and format see the comments in -// transport_security_state_static.json. - -{ - "pinsets": [ - { - "name": "test", - "static_spki_hashes": [ - "TestSPKI1" - ] - }, - { - "name": "google", - "static_spki_hashes": [ - "TestSPKI1" - ], - "report_uri": "http://clients3.google.com/cert_upload_json" - }, - { - "name": "tor", - "static_spki_hashes": [ - "TestSPKI1" - ] - }, - { - "name": "twitterCom", - "static_spki_hashes": [ - "TestSPKI1" - ], - "report_uri": "http://l.twimg.com/i/hpkp_report" - }, - { - "name": "twitterCDN", - "static_spki_hashes": [ - "TestSPKI1" - ], - "report_uri": "http://l.twimg.com/i/hpkp_report" - }, - { - "name": "facebook", - "static_spki_hashes": [ - "TestSPKI2" - ] - } - ], - - "entries": [ - { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "test" }, - { "name": "pinning-test.badssl.com", "include_subdomains": true, "pins": "test" }, - { "name": "preloaded-expect-ct.badssl.com", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" }, - { "name": "preloaded-expect-staple.badssl.com", "expect_staple": true, "expect_staple_report_uri": "https://report.badssl.com/expect-staple" }, - { "name": "preloaded-expect-staple-include-subdomains.badssl.com", "expect_staple": true, "expect_staple_report_uri": "https://report.badssl.com/expect-staple", "include_subdomains_for_expect_staple": true }, - { "name": "google", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "mail.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" }, - { "name": "accounts.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "appengine.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "checkout.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "chrome.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "docs.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "encrypted.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "hostedtalkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "play.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "plus.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "profiles.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "sites.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "spreadsheets.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "talkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "talk.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "wallet.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "apis.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "drive.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "gmail.com", "mode": "force-https", "pins": "google" }, - { "name": "googlecode.com", "include_subdomains": true, "pins": "google" }, - { "name": "googlemail.com", "mode": "force-https", "pins": "google" }, - { "name": "googleplex.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "groups.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "market.android.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "www.gmail.com", "mode": "force-https", "pins": "google" }, - { "name": "www.googlemail.com", "mode": "force-https", "pins": "google" }, - { "name": "google-analytics.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "chart.apis.google.com", "include_subdomains": true, "pins": "google" }, - { "name": "appspot.com", "include_subdomains": true, "pins": "google" }, - { "name": "doubleclick.net", "include_subdomains": true, "pins": "google" }, - { "name": "googleadservices.com", "include_subdomains": true, "pins": "google" }, - { "name": "googleapis.com", "include_subdomains": true, "pins": "google" }, - { "name": "google.com", "include_subdomains": true, "pins": "google" }, - { "name": "googlegroups.com", "include_subdomains": true, "pins": "google", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" }, - { "name": "googlesyndication.com", "include_subdomains": true, "pins": "google" }, - { "name": "googleusercontent.com", "include_subdomains": true, "pins": "google" }, - { "name": "gstatic.com", "include_subdomains": true, "pins": "google" }, - { "name": "youtube.com", "include_subdomains": true, "pins": "google" }, - { "name": "ytimg.com", "include_subdomains": true, "pins": "google" }, - { "name": "learn.doubleclick.net", "include_subdomains": true }, - { "name": "www.paypal.com", "mode": "force-https" }, - { "name": "paypal.com", "mode": "force-https" }, - { "name": "www.elanex.biz", "mode": "force-https" }, - { "name": "sunshinepress.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "www.noisebridge.net", "mode": "force-https" }, - { "name": "neg9.org", "mode": "force-https" }, - { "name": "riseup.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "factor.cc", "mode": "force-https" }, - { "name": "members.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "support.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "id.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "lists.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "aladdinschools.appspot.com", "mode": "force-https" }, - { "name": "ottospora.nl", "include_subdomains": true, "mode": "force-https" }, - { "name": "www.paycheckrecords.com", "mode": "force-https" }, - { "name": "lastpass.com", "mode": "force-https" }, - { "name": "www.lastpass.com", "mode": "force-https" }, - { "name": "keyerror.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "entropia.de", "mode": "force-https" }, - { "name": "www.entropia.de", "mode": "force-https" }, - { "name": "romab.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "logentries.com", "mode": "force-https" }, - { "name": "www.logentries.com", "mode": "force-https" }, - { "name": "stripe.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "cloudsecurityalliance.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "login.sapo.pt", "include_subdomains": true, "mode": "force-https" }, - { "name": "mattmccutchen.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "betnet.fr", "include_subdomains": true, "mode": "force-https" }, - { "name": "uprotect.it", "include_subdomains": true, "mode": "force-https" }, - { "name": "squareup.com", "mode": "force-https" }, - { "name": "cert.se", "include_subdomains": true, "mode": "force-https" }, - { "name": "simon.butcher.name", "include_subdomains": true, "mode": "force-https" }, - { "name": "linx.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "dropcam.com", "mode": "force-https" }, - { "name": "www.dropcam.com", "mode": "force-https" }, - { "name": "ebanking.indovinabank.com.vn", "include_subdomains": true, "mode": "force-https" }, - { "name": "epoxate.com", "mode": "force-https" }, - { "name": "torproject.org", "mode": "force-https", "pins": "tor" }, - { "name": "blog.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, - { "name": "check.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, - { "name": "www.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, - { "name": "www.moneybookers.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "ledgerscope.net", "mode": "force-https" }, - { "name": "www.ledgerscope.net", "mode": "force-https" }, - { "name": "app.recurly.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "api.recurly.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "greplin.com", "mode": "force-https" }, - { "name": "www.greplin.com", "mode": "force-https" }, - { "name": "luneta.nearbuysystems.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "ubertt.org", "include_subdomains": true, "mode": "force-https" }, - { "name": "pixi.me", "include_subdomains": true, "mode": "force-https" }, - { "name": "grepular.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "mydigipass.com", "mode": "force-https" }, - { "name": "www.mydigipass.com", "mode": "force-https" }, - { "name": "developer.mydigipass.com", "mode": "force-https" }, - { "name": "www.developer.mydigipass.com", "mode": "force-https" }, - { "name": "sandbox.mydigipass.com", "mode": "force-https" }, - { "name": "www.sandbox.mydigipass.com", "mode": "force-https" }, - { "name": "bigshinylock.minazo.net", "include_subdomains": true, "mode": "force-https" }, - { "name": "crate.io", "include_subdomains": true, "mode": "force-https" }, - { "name": "twitter.com", "mode": "force-https", "pins": "twitterCom" }, - { "name": "www.twitter.com", "include_subdomains": true, "mode": "force-https", "pins": "twitterCom" }, - { "name": "api.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, - { "name": "oauth.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, - { "name": "mobile.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, - { "name": "dev.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, - { "name": "business.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, - { "name": "platform.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, - { "name": "twimg.com", "include_subdomains": true, "pins": "twitterCDN" }, - { "name": "facebook.com", "mode": "force-https", "include_subdomains_for_pinning": true, "pins": "facebook" }, - { "name": "www.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" }, - { "name": "recurly.com", "include_subdomains": true, "mode": "force-https" }, - { "name": "crypto.is", "include_subdomains": true, "mode": "force-https", "expect_ct": true, "expect_ct_report_uri": "https://clients3.google.com/ct_upload" } - ] -} - diff --git a/chromium/net/http/transport_security_state_static_unittest3.json b/chromium/net/http/transport_security_state_static_unittest3.json index b1a1a69bd89..1c740e1998e 100644 --- a/chromium/net/http/transport_security_state_static_unittest3.json +++ b/chromium/net/http/transport_security_state_static_unittest3.json @@ -58,6 +58,11 @@ "expect_staple": true, "include_subdomains_for_expect_staple": true, "expect_staple_report_uri": "https://report.badssl.com/staple-upload" + }, { + // Keep this a simple entry in the context of TrieWriter::IsSimpleEntry(). + "name": "simple-entry.example.com", + "mode": "force-https", + "include_subdomains": true } ] } diff --git a/chromium/net/http/transport_security_state_static_unittest_default.json b/chromium/net/http/transport_security_state_static_unittest_default.json new file mode 100644 index 00000000000..e8a50ce7a2b --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest_default.json @@ -0,0 +1,51 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a HSTS preload list for net_unittests. Use or add entries in this +// file when you need to write a test that has expectations that depend on +// static transport security state. Tests should never depend on the real +// preload list. The format of this file is identical to +// transport_security_state_static.json. + +{ + "pinsets": [ + { + "name": "withoutRejectedPins", + "static_spki_hashes": [ + "TestSPKI1", + "GoodPin1" + ] + }, { + "name": "withRejectedPins", + "static_spki_hashes": [ + "GoodPin1" + ], + "bad_static_spki_hashes": [ + "TestSPKI1" + ] + }, { + "name": "withReportUri", + "static_spki_hashes": [ + "GoodPin1" + ], + "report_uri": "http://report-uri.preloaded.test/pkp" + } + ], + + "entries": [ + { "name": "hsts-preloaded.test", "mode": "force-https" }, + { "name": "include-subdomains-hsts-preloaded.test", "mode": "force-https", "include_subdomains": true }, + + { "name": "no-rejected-pins-pkp.preloaded.test", "pins": "withoutRejectedPins" }, + { "name": "with-report-uri-pkp.preloaded.test", "pins": "withReportUri" }, + + { "name": "hsts-hpkp-preloaded.test", "mode": "force-https", "pins": "withoutRejectedPins" }, + + { "name": "expect-ct.preloaded.test", "expect_ct": true, "expect_ct_report_uri": "http://report-uri.preloaded.test/expect-ct" }, + + { "name": "expect-staple.preloaded.test", "expect_staple": true, "expect_staple_report_uri": "http://report-uri.preloaded.test/expect-staple" }, + { "name": "include-subdomains-expect-staple.preloaded.test", "expect_staple": true, "include_subdomains_for_expect_staple": true, "expect_staple_report_uri": "http://report-uri.preloaded.test/expect-staple" } + ] +} + diff --git a/chromium/net/http/transport_security_state_static_unittest_default.pins b/chromium/net/http/transport_security_state_static_unittest_default.pins new file mode 100644 index 00000000000..900b7fd7333 --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest_default.pins @@ -0,0 +1,12 @@ +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# For use with transport_security_state_static_unittest_default.json. +# The format of this file is identical to transport_security_state_static.pins. + +TestSPKI1 +sha256/w3y7Yg3RzkAyhCeBoLHm71YRnuuUW87AAR/DVpLMTw4= + +GoodPin1 +sha256/Nn8jk5By4Vkq6BeOVZ7R7AC6XUUBZsWmUbJR1f1Y5FY= diff --git a/chromium/net/http/transport_security_state_unittest.cc b/chromium/net/http/transport_security_state_unittest.cc index fc4e5d4b0a9..689cfeb079d 100644 --- a/chromium/net/http/transport_security_state_unittest.cc +++ b/chromium/net/http/transport_security_state_unittest.cc @@ -5,13 +5,13 @@ #include "net/http/transport_security_state.h" #include <algorithm> +#include <memory> #include <string> #include <vector> #include "base/base64.h" #include "base/files/file_path.h" #include "base/json/json_reader.h" -#include "base/memory/ptr_util.h" #include "base/metrics/field_trial.h" #include "base/rand_util.h" #include "base/strings/string_piece.h" @@ -19,6 +19,7 @@ #include "base/test/mock_entropy_provider.h" #include "base/test/scoped_feature_list.h" #include "base/values.h" +#include "build/build_config.h" #include "crypto/openssl_util.h" #include "crypto/sha2.h" #include "net/base/host_port_pair.h" @@ -44,10 +45,9 @@ namespace net { namespace { -namespace test0 { -#include "net/http/transport_security_state_static_unittest0.h" +namespace test_default { +#include "net/http/transport_security_state_static_unittest_default.h" } - namespace test1 { #include "net/http/transport_security_state_static_unittest1.h" } @@ -62,28 +62,25 @@ const char kHost[] = "example.test"; const char kSubdomain[] = "foo.example.test"; const uint16_t kPort = 443; const char kReportUri[] = "http://report-example.test/test"; -const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; -const char kExpectCTStaticReportURI[] = "https://clients3.google.com/ct_upload"; -const char kExpectStapleStaticHostname[] = "preloaded-expect-staple.badssl.com"; +const char kExpectCTStaticHostname[] = "expect-ct.preloaded.test"; +const char kExpectCTStaticReportURI[] = + "http://report-uri.preloaded.test/expect-ct"; +const char kExpectStapleStaticHostname[] = "expect-staple.preloaded.test"; const char kExpectStapleStaticReportURI[] = - "https://report.badssl.com/expect-staple"; + "http://report-uri.preloaded.test/expect-staple"; const char kExpectStapleStaticIncludeSubdomainsHostname[] = - "preloaded-expect-staple-include-subdomains.badssl.com"; + "include-subdomains-expect-staple.preloaded.test"; + +const char kGoodPin1[] = "fzP+pVAbH0hRoUphJKenIP8+2tD/d2QH9J+kQNieM6Q="; +const char kGoodPin2[] = "9vRUVdjloCa4wXUKfDWotV5eUXYD7vu0v0z9SRzQdzg="; +const char kGoodPin3[] = "Nn8jk5By4Vkq6BeOVZ7R7AC6XUUBZsWmUbJR1f1Y5FY="; -// kGoodPath is blog.torproject.org. const char* const kGoodPath[] = { - "sha256/4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ=", - "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", - "sha256/WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", - nullptr, + "sha256/fzP+pVAbH0hRoUphJKenIP8+2tD/d2QH9J+kQNieM6Q=", + "sha256/9vRUVdjloCa4wXUKfDWotV5eUXYD7vu0v0z9SRzQdzg=", + "sha256/Nn8jk5By4Vkq6BeOVZ7R7AC6XUUBZsWmUbJR1f1Y5FY=", nullptr, }; -const char kGoodPin1[] = "4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ="; -const char kGoodPin2[] = "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; -const char kGoodPin3[] = "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; - -// kBadPath is plus.google.com via Trustcenter, which is utterly wrong for -// torproject.org. const char* const kBadPath[] = { "sha256/1111111111111111111111111111111111111111111=", "sha256/2222222222222222222222222222222222222222222=", @@ -404,9 +401,7 @@ void CheckExpectStapleReport(TransportSecurityState* state, class TransportSecurityStateTest : public testing::Test { public: TransportSecurityStateTest() { -#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) - SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); -#endif + SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource); } ~TransportSecurityStateTest() override { @@ -521,10 +516,10 @@ TEST_F(TransportSecurityStateTest, DomainNameOddities) { // Now do the same for preloaded entries TransportSecurityState state5; - EXPECT_TRUE(state5.ShouldUpgradeToSSL("accounts.google.com")); - EXPECT_TRUE(state5.ShouldUpgradeToSSL("accounts.google.com.")); - EXPECT_FALSE(state5.ShouldUpgradeToSSL("accounts..google.com")); - EXPECT_FALSE(state5.ShouldUpgradeToSSL("accounts..google.com.")); + EXPECT_TRUE(state5.ShouldUpgradeToSSL("hsts-preloaded.test")); + EXPECT_TRUE(state5.ShouldUpgradeToSSL("hsts-preloaded.test.")); + EXPECT_FALSE(state5.ShouldUpgradeToSSL("hsts-preloaded..test")); + EXPECT_FALSE(state5.ShouldUpgradeToSSL("hsts-preloaded..test.")); } TEST_F(TransportSecurityStateTest, SimpleMatches) { @@ -564,8 +559,9 @@ TEST_F(TransportSecurityStateTest, MatchesCase2) { EXPECT_TRUE(state.ShouldUpgradeToSSL("EXample.coM")); // Check static entries - EXPECT_TRUE(state.ShouldUpgradeToSSL("AccounTs.GooGle.com")); - EXPECT_TRUE(state.ShouldUpgradeToSSL("mail.google.COM")); + EXPECT_TRUE(state.ShouldUpgradeToSSL("hStS-prelOAded.tEsT")); + EXPECT_TRUE( + state.ShouldUpgradeToSSL("inClude-subDOmaIns-hsts-prEloaDed.TesT")); } TEST_F(TransportSecurityStateTest, SubdomainMatches) { @@ -884,398 +880,6 @@ TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) { state.GetDynamicExpectCTState("example1.test", &expect_ct_state)); } -TEST_F(TransportSecurityStateTest, EnableStaticPins) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - EnableStaticPins(&state); - - EXPECT_TRUE( - state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); -} - -TEST_F(TransportSecurityStateTest, DisableStaticPins) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - DisableStaticPins(&state); - EXPECT_TRUE( - state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); - EXPECT_TRUE(pkp_state.spki_hashes.empty()); -} - -TEST_F(TransportSecurityStateTest, IsPreloaded) { - const std::string paypal = "paypal.com"; - const std::string www_paypal = "www.paypal.com"; - const std::string foo_paypal = "foo.paypal.com"; - const std::string a_www_paypal = "a.www.paypal.com"; - const std::string abc_paypal = "a.b.c.paypal.com"; - const std::string example = "example.com"; - const std::string aypal = "aypal.com"; - const std::string google = "google"; - const std::string www_google = "www.google"; - - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - EXPECT_TRUE(GetStaticDomainState(&state, paypal, &sts_state, &pkp_state)); - EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, &sts_state, &pkp_state)); - EXPECT_FALSE(sts_state.include_subdomains); - EXPECT_TRUE(GetStaticDomainState(&state, google, &sts_state, &pkp_state)); - EXPECT_TRUE(GetStaticDomainState(&state, www_google, &sts_state, &pkp_state)); - EXPECT_FALSE( - GetStaticDomainState(&state, a_www_paypal, &sts_state, &pkp_state)); - EXPECT_FALSE( - GetStaticDomainState(&state, abc_paypal, &sts_state, &pkp_state)); - EXPECT_FALSE(GetStaticDomainState(&state, example, &sts_state, &pkp_state)); - EXPECT_FALSE(GetStaticDomainState(&state, aypal, &sts_state, &pkp_state)); -} - -TEST_F(TransportSecurityStateTest, PreloadedDomainSet) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - // The domain wasn't being set, leading to a blank string in the - // chrome://net-internals/#hsts UI. So test that. - EXPECT_TRUE( - state.GetStaticDomainState("market.android.com", &sts_state, &pkp_state)); - EXPECT_EQ(sts_state.domain, "market.android.com"); - EXPECT_EQ(pkp_state.domain, "market.android.com"); - EXPECT_TRUE(state.GetStaticDomainState("sub.market.android.com", &sts_state, - &pkp_state)); - EXPECT_EQ(sts_state.domain, "market.android.com"); - EXPECT_EQ(pkp_state.domain, "market.android.com"); -} - -static bool StaticShouldRedirect(const char* hostname) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - return state.GetStaticDomainState(hostname, &sts_state, &pkp_state) && - sts_state.ShouldUpgradeToSSL(); -} - -static bool HasStaticState(const char* hostname) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - return state.GetStaticDomainState(hostname, &sts_state, &pkp_state); -} - -static bool HasStaticPublicKeyPins(const char* hostname) { - TransportSecurityState state; - TransportSecurityStateTest::EnableStaticPins(&state); - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - if (!state.GetStaticDomainState(hostname, &sts_state, &pkp_state)) - return false; - - return pkp_state.HasPublicKeyPins(); -} - -static bool OnlyPinningInStaticState(const char* hostname) { - TransportSecurityState state; - TransportSecurityStateTest::EnableStaticPins(&state); - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - if (!state.GetStaticDomainState(hostname, &sts_state, &pkp_state)) - return false; - - return (pkp_state.spki_hashes.size() > 0 || - pkp_state.bad_spki_hashes.size() > 0) && - !sts_state.ShouldUpgradeToSSL(); -} - -TEST_F(TransportSecurityStateTest, Preloaded) { - TransportSecurityState state; - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - // We do more extensive checks for the first domain. - EXPECT_TRUE( - state.GetStaticDomainState("www.paypal.com", &sts_state, &pkp_state)); - EXPECT_EQ(sts_state.upgrade_mode, - TransportSecurityState::STSState::MODE_FORCE_HTTPS); - EXPECT_FALSE(sts_state.include_subdomains); - EXPECT_FALSE(pkp_state.include_subdomains); - - EXPECT_TRUE(HasStaticState("paypal.com")); - EXPECT_FALSE(HasStaticState("www2.paypal.com")); - - // Google hosts: - - EXPECT_TRUE(StaticShouldRedirect("chrome.google.com")); - EXPECT_TRUE(StaticShouldRedirect("checkout.google.com")); - EXPECT_TRUE(StaticShouldRedirect("wallet.google.com")); - EXPECT_TRUE(StaticShouldRedirect("docs.google.com")); - EXPECT_TRUE(StaticShouldRedirect("sites.google.com")); - EXPECT_TRUE(StaticShouldRedirect("drive.google.com")); - EXPECT_TRUE(StaticShouldRedirect("spreadsheets.google.com")); - EXPECT_TRUE(StaticShouldRedirect("appengine.google.com")); - EXPECT_TRUE(StaticShouldRedirect("market.android.com")); - EXPECT_TRUE(StaticShouldRedirect("encrypted.google.com")); - EXPECT_TRUE(StaticShouldRedirect("accounts.google.com")); - EXPECT_TRUE(StaticShouldRedirect("profiles.google.com")); - EXPECT_TRUE(StaticShouldRedirect("mail.google.com")); - EXPECT_TRUE(StaticShouldRedirect("chatenabled.mail.google.com")); - EXPECT_TRUE(StaticShouldRedirect("talkgadget.google.com")); - EXPECT_TRUE(StaticShouldRedirect("hostedtalkgadget.google.com")); - EXPECT_TRUE(StaticShouldRedirect("talk.google.com")); - EXPECT_TRUE(StaticShouldRedirect("plus.google.com")); - EXPECT_TRUE(StaticShouldRedirect("groups.google.com")); - EXPECT_TRUE(StaticShouldRedirect("apis.google.com")); - EXPECT_FALSE(StaticShouldRedirect("chart.apis.google.com")); - EXPECT_TRUE(StaticShouldRedirect("ssl.google-analytics.com")); - EXPECT_TRUE(StaticShouldRedirect("google")); - EXPECT_TRUE(StaticShouldRedirect("foo.google")); - EXPECT_TRUE(StaticShouldRedirect("gmail.com")); - EXPECT_TRUE(StaticShouldRedirect("www.gmail.com")); - EXPECT_TRUE(StaticShouldRedirect("googlemail.com")); - EXPECT_TRUE(StaticShouldRedirect("www.googlemail.com")); - EXPECT_TRUE(StaticShouldRedirect("googleplex.com")); - EXPECT_TRUE(StaticShouldRedirect("www.googleplex.com")); - EXPECT_TRUE(StaticShouldRedirect("www.google-analytics.com")); - - // These domains used to be only HSTS when SNI was available. - EXPECT_TRUE(state.GetStaticDomainState("gmail.com", &sts_state, &pkp_state)); - EXPECT_TRUE( - state.GetStaticDomainState("www.gmail.com", &sts_state, &pkp_state)); - EXPECT_TRUE( - state.GetStaticDomainState("googlemail.com", &sts_state, &pkp_state)); - EXPECT_TRUE( - state.GetStaticDomainState("www.googlemail.com", &sts_state, &pkp_state)); - - // Other hosts: - - EXPECT_TRUE(StaticShouldRedirect("aladdinschools.appspot.com")); - - EXPECT_TRUE(StaticShouldRedirect("ottospora.nl")); - EXPECT_TRUE(StaticShouldRedirect("www.ottospora.nl")); - - EXPECT_TRUE(StaticShouldRedirect("www.paycheckrecords.com")); - - EXPECT_TRUE(StaticShouldRedirect("lastpass.com")); - EXPECT_TRUE(StaticShouldRedirect("www.lastpass.com")); - EXPECT_FALSE(HasStaticState("blog.lastpass.com")); - - EXPECT_TRUE(StaticShouldRedirect("keyerror.com")); - EXPECT_TRUE(StaticShouldRedirect("www.keyerror.com")); - - EXPECT_TRUE(StaticShouldRedirect("entropia.de")); - EXPECT_TRUE(StaticShouldRedirect("www.entropia.de")); - EXPECT_FALSE(HasStaticState("foo.entropia.de")); - - EXPECT_TRUE(StaticShouldRedirect("www.elanex.biz")); - EXPECT_FALSE(HasStaticState("elanex.biz")); - EXPECT_FALSE(HasStaticState("foo.elanex.biz")); - - EXPECT_TRUE(StaticShouldRedirect("sunshinepress.org")); - EXPECT_TRUE(StaticShouldRedirect("www.sunshinepress.org")); - EXPECT_TRUE(StaticShouldRedirect("a.b.sunshinepress.org")); - - EXPECT_TRUE(StaticShouldRedirect("www.noisebridge.net")); - EXPECT_FALSE(HasStaticState("noisebridge.net")); - EXPECT_FALSE(HasStaticState("foo.noisebridge.net")); - - EXPECT_TRUE(StaticShouldRedirect("neg9.org")); - EXPECT_FALSE(HasStaticState("www.neg9.org")); - - EXPECT_TRUE(StaticShouldRedirect("riseup.net")); - EXPECT_TRUE(StaticShouldRedirect("foo.riseup.net")); - - EXPECT_TRUE(StaticShouldRedirect("factor.cc")); - EXPECT_FALSE(HasStaticState("www.factor.cc")); - - EXPECT_TRUE(StaticShouldRedirect("members.mayfirst.org")); - EXPECT_TRUE(StaticShouldRedirect("support.mayfirst.org")); - EXPECT_TRUE(StaticShouldRedirect("id.mayfirst.org")); - EXPECT_TRUE(StaticShouldRedirect("lists.mayfirst.org")); - EXPECT_FALSE(HasStaticState("www.mayfirst.org")); - - EXPECT_TRUE(StaticShouldRedirect("romab.com")); - EXPECT_TRUE(StaticShouldRedirect("www.romab.com")); - EXPECT_TRUE(StaticShouldRedirect("foo.romab.com")); - - EXPECT_TRUE(StaticShouldRedirect("logentries.com")); - EXPECT_TRUE(StaticShouldRedirect("www.logentries.com")); - EXPECT_FALSE(HasStaticState("foo.logentries.com")); - - EXPECT_TRUE(StaticShouldRedirect("stripe.com")); - EXPECT_TRUE(StaticShouldRedirect("foo.stripe.com")); - - EXPECT_TRUE(StaticShouldRedirect("cloudsecurityalliance.org")); - EXPECT_TRUE(StaticShouldRedirect("foo.cloudsecurityalliance.org")); - - EXPECT_TRUE(StaticShouldRedirect("login.sapo.pt")); - EXPECT_TRUE(StaticShouldRedirect("foo.login.sapo.pt")); - - EXPECT_TRUE(StaticShouldRedirect("mattmccutchen.net")); - EXPECT_TRUE(StaticShouldRedirect("foo.mattmccutchen.net")); - - EXPECT_TRUE(StaticShouldRedirect("betnet.fr")); - EXPECT_TRUE(StaticShouldRedirect("foo.betnet.fr")); - - EXPECT_TRUE(StaticShouldRedirect("uprotect.it")); - EXPECT_TRUE(StaticShouldRedirect("foo.uprotect.it")); - - EXPECT_TRUE(StaticShouldRedirect("squareup.com")); - EXPECT_FALSE(HasStaticState("foo.squareup.com")); - - EXPECT_TRUE(StaticShouldRedirect("cert.se")); - EXPECT_TRUE(StaticShouldRedirect("foo.cert.se")); - - EXPECT_TRUE(StaticShouldRedirect("crypto.is")); - EXPECT_TRUE(StaticShouldRedirect("foo.crypto.is")); - - EXPECT_TRUE(StaticShouldRedirect("simon.butcher.name")); - EXPECT_TRUE(StaticShouldRedirect("foo.simon.butcher.name")); - - EXPECT_TRUE(StaticShouldRedirect("linx.net")); - EXPECT_TRUE(StaticShouldRedirect("foo.linx.net")); - - EXPECT_TRUE(StaticShouldRedirect("dropcam.com")); - EXPECT_TRUE(StaticShouldRedirect("www.dropcam.com")); - EXPECT_FALSE(HasStaticState("foo.dropcam.com")); - - EXPECT_TRUE(StaticShouldRedirect("ebanking.indovinabank.com.vn")); - EXPECT_TRUE(StaticShouldRedirect("foo.ebanking.indovinabank.com.vn")); - - EXPECT_TRUE(StaticShouldRedirect("epoxate.com")); - EXPECT_FALSE(HasStaticState("foo.epoxate.com")); - - EXPECT_FALSE(HasStaticState("foo.torproject.org")); - - EXPECT_TRUE(StaticShouldRedirect("www.moneybookers.com")); - EXPECT_FALSE(HasStaticState("moneybookers.com")); - - EXPECT_TRUE(StaticShouldRedirect("ledgerscope.net")); - EXPECT_TRUE(StaticShouldRedirect("www.ledgerscope.net")); - EXPECT_FALSE(HasStaticState("status.ledgerscope.net")); - - EXPECT_TRUE(StaticShouldRedirect("foo.app.recurly.com")); - EXPECT_TRUE(StaticShouldRedirect("foo.api.recurly.com")); - - EXPECT_TRUE(StaticShouldRedirect("greplin.com")); - EXPECT_TRUE(StaticShouldRedirect("www.greplin.com")); - EXPECT_FALSE(HasStaticState("foo.greplin.com")); - - EXPECT_TRUE(StaticShouldRedirect("luneta.nearbuysystems.com")); - EXPECT_TRUE(StaticShouldRedirect("foo.luneta.nearbuysystems.com")); - - EXPECT_TRUE(StaticShouldRedirect("ubertt.org")); - EXPECT_TRUE(StaticShouldRedirect("foo.ubertt.org")); - - EXPECT_TRUE(StaticShouldRedirect("pixi.me")); - EXPECT_TRUE(StaticShouldRedirect("www.pixi.me")); - - EXPECT_TRUE(StaticShouldRedirect("grepular.com")); - EXPECT_TRUE(StaticShouldRedirect("www.grepular.com")); - - EXPECT_TRUE(StaticShouldRedirect("mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.mydigipass.com")); - EXPECT_TRUE(StaticShouldRedirect("www.mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.www.mydigipass.com")); - EXPECT_TRUE(StaticShouldRedirect("developer.mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.developer.mydigipass.com")); - EXPECT_TRUE(StaticShouldRedirect("www.developer.mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.www.developer.mydigipass.com")); - EXPECT_TRUE(StaticShouldRedirect("sandbox.mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.sandbox.mydigipass.com")); - EXPECT_TRUE(StaticShouldRedirect("www.sandbox.mydigipass.com")); - EXPECT_FALSE(StaticShouldRedirect("foo.www.sandbox.mydigipass.com")); - - EXPECT_TRUE(StaticShouldRedirect("bigshinylock.minazo.net")); - EXPECT_TRUE(StaticShouldRedirect("foo.bigshinylock.minazo.net")); - - EXPECT_TRUE(StaticShouldRedirect("crate.io")); - EXPECT_TRUE(StaticShouldRedirect("foo.crate.io")); -} - -// http://crbug.com/624946 -#if defined(OS_IOS) -#define MAYBE_PreloadedPins DISABLED_PreloadedPins -#else -#define MAYBE_PreloadedPins PreloadedPins -#endif -TEST_F(TransportSecurityStateTest, MAYBE_PreloadedPins) { - TransportSecurityState state; - EnableStaticPins(&state); - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - // We do more extensive checks for the first domain. - EXPECT_TRUE( - state.GetStaticDomainState("www.paypal.com", &sts_state, &pkp_state)); - EXPECT_EQ(sts_state.upgrade_mode, - TransportSecurityState::STSState::MODE_FORCE_HTTPS); - EXPECT_FALSE(sts_state.include_subdomains); - EXPECT_FALSE(pkp_state.include_subdomains); - - EXPECT_TRUE(OnlyPinningInStaticState("www.google.com")); - EXPECT_TRUE(OnlyPinningInStaticState("foo.google.com")); - EXPECT_TRUE(OnlyPinningInStaticState("google.com")); - EXPECT_TRUE(OnlyPinningInStaticState("www.youtube.com")); - EXPECT_TRUE(OnlyPinningInStaticState("youtube.com")); - EXPECT_TRUE(OnlyPinningInStaticState("i.ytimg.com")); - EXPECT_TRUE(OnlyPinningInStaticState("ytimg.com")); - EXPECT_TRUE(OnlyPinningInStaticState("googleusercontent.com")); - EXPECT_TRUE(OnlyPinningInStaticState("www.googleusercontent.com")); - EXPECT_TRUE(OnlyPinningInStaticState("googleapis.com")); - EXPECT_TRUE(OnlyPinningInStaticState("googleadservices.com")); - EXPECT_TRUE(OnlyPinningInStaticState("googlecode.com")); - EXPECT_TRUE(OnlyPinningInStaticState("appspot.com")); - EXPECT_TRUE(OnlyPinningInStaticState("googlesyndication.com")); - EXPECT_TRUE(OnlyPinningInStaticState("doubleclick.net")); - EXPECT_TRUE(OnlyPinningInStaticState("googlegroups.com")); - - EXPECT_TRUE(HasStaticPublicKeyPins("torproject.org")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.torproject.org")); - EXPECT_TRUE(HasStaticPublicKeyPins("check.torproject.org")); - EXPECT_TRUE(HasStaticPublicKeyPins("blog.torproject.org")); - EXPECT_FALSE(HasStaticState("foo.torproject.org")); - - EXPECT_TRUE( - state.GetStaticDomainState("torproject.org", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE( - state.GetStaticDomainState("www.torproject.org", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE(state.GetStaticDomainState("check.torproject.org", &sts_state, - &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE(state.GetStaticDomainState("blog.torproject.org", &sts_state, - &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - - EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); - - // Check that Facebook subdomains have pinning but not HSTS. - EXPECT_TRUE( - state.GetStaticDomainState("facebook.com", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE(StaticShouldRedirect("facebook.com")); - - EXPECT_TRUE( - state.GetStaticDomainState("foo.facebook.com", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_FALSE(StaticShouldRedirect("foo.facebook.com")); - - EXPECT_TRUE( - state.GetStaticDomainState("www.facebook.com", &sts_state, &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE(StaticShouldRedirect("www.facebook.com")); - - EXPECT_TRUE(state.GetStaticDomainState("foo.www.facebook.com", &sts_state, - &pkp_state)); - EXPECT_FALSE(pkp_state.spki_hashes.empty()); - EXPECT_TRUE(StaticShouldRedirect("foo.www.facebook.com")); -} - TEST_F(TransportSecurityStateTest, LongNames) { TransportSecurityState state; const char kLongName[] = @@ -1289,64 +893,7 @@ TEST_F(TransportSecurityStateTest, LongNames) { EXPECT_FALSE(state.GetDynamicPKPState(kLongName, &pkp_state)); } -TEST_F(TransportSecurityStateTest, BuiltinCertPins) { - TransportSecurityState state; - EnableStaticPins(&state); - TransportSecurityState::STSState sts_state; - TransportSecurityState::PKPState pkp_state; - - EXPECT_TRUE( - state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); - EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com")); - - HashValueVector hashes; - std::string failure_log; - // Checks that a built-in list does exist. - EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); - EXPECT_FALSE(HasStaticPublicKeyPins("www.paypal.com")); - - EXPECT_TRUE(HasStaticPublicKeyPins("docs.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("1.docs.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("sites.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("drive.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("spreadsheets.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("wallet.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("checkout.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("appengine.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("market.android.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("encrypted.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("accounts.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("profiles.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("mail.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("chatenabled.mail.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("talkgadget.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("hostedtalkgadget.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("talk.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com")); - - EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com")); - - EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com")); - EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com")); -} - -static bool AddHash(const std::string& type_and_base64, - HashValueVector* out) { +static bool AddHash(const std::string& type_and_base64, HashValueVector* out) { HashValue hash; if (!hash.FromString(type_and_base64)) return false; @@ -1355,15 +902,7 @@ static bool AddHash(const std::string& type_and_base64, return true; } -// This test depends on the pinset of tor. -#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) -#define MAYBE_PinValidationWithoutRejectedCerts \ - DISABLED_PinValidationWithoutRejectedCerts -#else -#define MAYBE_PinValidationWithoutRejectedCerts \ - PinValidationWithoutRejectedCerts -#endif -TEST_F(TransportSecurityStateTest, MAYBE_PinValidationWithoutRejectedCerts) { +TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { HashValueVector good_hashes, bad_hashes; for (size_t i = 0; kGoodPath[i]; i++) { @@ -1378,8 +917,8 @@ TEST_F(TransportSecurityStateTest, MAYBE_PinValidationWithoutRejectedCerts) { TransportSecurityState::STSState sts_state; TransportSecurityState::PKPState pkp_state; - EXPECT_TRUE(state.GetStaticDomainState("blog.torproject.org", &sts_state, - &pkp_state)); + EXPECT_TRUE(state.GetStaticDomainState("no-rejected-pins-pkp.preloaded.test", + &sts_state, &pkp_state)); EXPECT_TRUE(pkp_state.HasPublicKeyPins()); std::string failure_log; @@ -1387,48 +926,6 @@ TEST_F(TransportSecurityStateTest, MAYBE_PinValidationWithoutRejectedCerts) { EXPECT_FALSE(pkp_state.CheckPublicKeyPins(bad_hashes, &failure_log)); } -// http://crbug.com/624946 -#if defined(OS_IOS) -#define MAYBE_OptionalHSTSCertPins DISABLED_OptionalHSTSCertPins -#else -#define MAYBE_OptionalHSTSCertPins OptionalHSTSCertPins -#endif -TEST_F(TransportSecurityStateTest, MAYBE_OptionalHSTSCertPins) { - TransportSecurityState state; - EnableStaticPins(&state); - - EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("i.ytimg.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("googleapis.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("ajax.googleapis.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("googleadservices.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("pagead2.googleadservices.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("googlecode.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("kibbles.googlecode.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("appspot.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("googlesyndication.com")); - EXPECT_TRUE(HasStaticPublicKeyPins("doubleclick.net")); - EXPECT_TRUE(HasStaticPublicKeyPins("ad.doubleclick.net")); - EXPECT_FALSE(HasStaticPublicKeyPins("learn.doubleclick.net")); - EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com")); -} - -TEST_F(TransportSecurityStateTest, OverrideBuiltins) { - EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); - EXPECT_FALSE(StaticShouldRedirect("google.com")); - EXPECT_FALSE(StaticShouldRedirect("www.google.com")); - - TransportSecurityState state; - const base::Time current_time(base::Time::Now()); - const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - state.AddHSTS("www.google.com", expiry, true); - - EXPECT_TRUE(state.ShouldUpgradeToSSL("www.google.com")); -} - TEST_F(TransportSecurityStateTest, HPKPReporting) { HostPortPair host_port_pair(kHost, kPort); HostPortPair subdomain_host_port_pair(kSubdomain, kPort); @@ -1722,7 +1219,7 @@ TEST_F(TransportSecurityStateTest, HPKPReportOnlyParseErrors) { // Tests that pinning violations on preloaded pins trigger reports when // the preloaded pin contains a report URI. TEST_F(TransportSecurityStateTest, PreloadedPKPReportUri) { - const char kPreloadedPinDomain[] = "www.google.com"; + const char kPreloadedPinDomain[] = "with-report-uri-pkp.preloaded.test"; const uint16_t kPort = 443; HostPortPair host_port_pair(kPreloadedPinDomain, kPort); @@ -1791,8 +1288,7 @@ TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); // Two dummy certs to use as the server-sent and validated chains. The - // contents don't matter, as long as they are not the real google.com - // certs in the pins. + // contents don't matter, as long as they don't match the certs in the pins. scoped_refptr<X509Certificate> cert1 = ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); ASSERT_TRUE(cert1); @@ -1910,7 +1406,7 @@ TEST_F(TransportSecurityStateTest, PreloadedExpectCT) { EXPECT_EQ(kExpectCTStaticHostname, expect_ct_state.domain); EXPECT_EQ(GURL(kExpectCTStaticReportURI), expect_ct_state.report_uri); EXPECT_FALSE( - GetExpectCTState(&state, "pinning-test.badssl.com", &expect_ct_state)); + GetExpectCTState(&state, "hsts-preloaded.test", &expect_ct_state)); } // Tests that static (preloaded) expect staple state is read correctly. @@ -1926,7 +1422,7 @@ TEST_F(TransportSecurityStateTest, PreloadedExpectStaple) { EXPECT_EQ(kExpectStapleStaticHostname, expect_staple_state.domain); EXPECT_EQ(GURL(kExpectStapleStaticReportURI), expect_staple_state.report_uri); EXPECT_FALSE(expect_staple_state.include_subdomains); - EXPECT_FALSE(GetExpectStapleState(&state, "pinning-test.badssl.com", + EXPECT_FALSE(GetExpectStapleState(&state, "hsts-preloaded.test", &expect_staple_state)); std::string subdomain = "subdomain."; subdomain += kExpectStapleStaticHostname; @@ -2438,6 +1934,23 @@ TEST_F(TransportSecurityStateTest, DecodePreloadedMultipleMix) { EXPECT_TRUE(staple_state.include_subdomains); EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + + // This should be a simple entry in the context of + // TrieWriter::IsSimpleEntry(). + EXPECT_TRUE(GetStaticDomainState(&state, "simple-entry.example.com", + &sts_state, &pkp_state)); + EXPECT_TRUE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_FALSE(GetExpectCTState(&state, "simple-entry.example.com", &ct_state)); + EXPECT_FALSE( + GetExpectStapleState(&state, "simple-entry.example.com", &staple_state)); } static const struct ExpectStapleErrorResponseData { @@ -3378,4 +2891,551 @@ TEST_F(TransportSecurityStateTest, CheckCTRequirementsWithExpectCTAndDelegate) { EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); } -} // namespace net +// Tests that the dynamic Expect-CT UMA histogram is recorded correctly. +TEST_F(TransportSecurityStateTest, DynamicExpectCTUMA) { + const char kHistogramName[] = "Net.ExpectCTHeader.ParseSuccess"; + SSLInfo ssl; + ssl.is_issued_by_known_root = true; + ssl.ct_compliance_details_available = true; + ssl.ct_cert_policy_compliance = + ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS; + + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + TransportSecurityState::kDynamicExpectCTFeature); + + // Test that the histogram is recorded correctly when the header successfully + // parses. + { + const char kHeader[] = "max-age=123,enforce,report-uri=\"http://foo.test\""; + base::HistogramTester histograms; + TransportSecurityState state; + MockExpectCTReporter reporter; + state.SetExpectCTReporter(&reporter); + state.ProcessExpectCTHeader(kHeader, HostPortPair("example.test", 443), + ssl); + histograms.ExpectTotalCount(kHistogramName, 1); + histograms.ExpectBucketCount(kHistogramName, true, 1); + } + + // Test that the histogram is recorded correctly when the header fails to + // parse (due to semi-colons instead of commas). + { + const char kHeader[] = "max-age=123;enforce;report-uri=\"http://foo.test\""; + base::HistogramTester histograms; + TransportSecurityState state; + MockExpectCTReporter reporter; + state.SetExpectCTReporter(&reporter); + state.ProcessExpectCTHeader(kHeader, HostPortPair("example.test", 443), + ssl); + histograms.ExpectTotalCount(kHistogramName, 1); + histograms.ExpectBucketCount(kHistogramName, false, 1); + } +} + +#if BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) +class TransportSecurityStateStaticTest : public TransportSecurityStateTest { + public: + TransportSecurityStateStaticTest() { + SetTransportSecurityStateSourceForTesting(nullptr); + } +}; + +static bool StaticShouldRedirect(const char* hostname) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + return state.GetStaticDomainState(hostname, &sts_state, &pkp_state) && + sts_state.ShouldUpgradeToSSL(); +} + +static bool HasStaticState(const char* hostname) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + return state.GetStaticDomainState(hostname, &sts_state, &pkp_state); +} + +static bool HasStaticPublicKeyPins(const char* hostname) { + TransportSecurityState state; + TransportSecurityStateTest::EnableStaticPins(&state); + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + if (!state.GetStaticDomainState(hostname, &sts_state, &pkp_state)) + return false; + + return pkp_state.HasPublicKeyPins(); +} + +static bool OnlyPinningInStaticState(const char* hostname) { + TransportSecurityState state; + TransportSecurityStateTest::EnableStaticPins(&state); + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + if (!state.GetStaticDomainState(hostname, &sts_state, &pkp_state)) + return false; + + return (pkp_state.spki_hashes.size() > 0 || + pkp_state.bad_spki_hashes.size() > 0) && + !sts_state.ShouldUpgradeToSSL(); +} + +TEST_F(TransportSecurityStateStaticTest, EnableStaticPins) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + EnableStaticPins(&state); + + EXPECT_TRUE( + state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); +} + +TEST_F(TransportSecurityStateStaticTest, DisableStaticPins) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + DisableStaticPins(&state); + EXPECT_TRUE( + state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); + EXPECT_TRUE(pkp_state.spki_hashes.empty()); +} + +TEST_F(TransportSecurityStateStaticTest, IsPreloaded) { + const std::string paypal = "paypal.com"; + const std::string www_paypal = "www.paypal.com"; + const std::string foo_paypal = "foo.paypal.com"; + const std::string a_www_paypal = "a.www.paypal.com"; + const std::string abc_paypal = "a.b.c.paypal.com"; + const std::string example = "example.com"; + const std::string aypal = "aypal.com"; + const std::string google = "google"; + const std::string www_google = "www.google"; + const std::string foo = "foo"; + + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + EXPECT_TRUE(GetStaticDomainState(&state, paypal, &sts_state, &pkp_state)); + EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_TRUE(GetStaticDomainState(&state, google, &sts_state, &pkp_state)); + EXPECT_TRUE(GetStaticDomainState(&state, www_google, &sts_state, &pkp_state)); + EXPECT_TRUE(GetStaticDomainState(&state, foo, &sts_state, &pkp_state)); + EXPECT_FALSE( + GetStaticDomainState(&state, a_www_paypal, &sts_state, &pkp_state)); + EXPECT_FALSE( + GetStaticDomainState(&state, abc_paypal, &sts_state, &pkp_state)); + EXPECT_FALSE(GetStaticDomainState(&state, example, &sts_state, &pkp_state)); + EXPECT_FALSE(GetStaticDomainState(&state, aypal, &sts_state, &pkp_state)); +} + +TEST_F(TransportSecurityStateStaticTest, PreloadedDomainSet) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + // The domain wasn't being set, leading to a blank string in the + // chrome://net-internals/#hsts UI. So test that. + EXPECT_TRUE( + state.GetStaticDomainState("market.android.com", &sts_state, &pkp_state)); + EXPECT_EQ(sts_state.domain, "market.android.com"); + EXPECT_EQ(pkp_state.domain, "market.android.com"); + EXPECT_TRUE(state.GetStaticDomainState("sub.market.android.com", &sts_state, + &pkp_state)); + EXPECT_EQ(sts_state.domain, "market.android.com"); + EXPECT_EQ(pkp_state.domain, "market.android.com"); +} + +TEST_F(TransportSecurityStateStaticTest, Preloaded) { + TransportSecurityState state; + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + // We do more extensive checks for the first domain. + EXPECT_TRUE( + state.GetStaticDomainState("www.paypal.com", &sts_state, &pkp_state)); + EXPECT_EQ(sts_state.upgrade_mode, + TransportSecurityState::STSState::MODE_FORCE_HTTPS); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_FALSE(pkp_state.include_subdomains); + + EXPECT_TRUE(HasStaticState("paypal.com")); + EXPECT_FALSE(HasStaticState("www2.paypal.com")); + + // Google hosts: + + EXPECT_TRUE(StaticShouldRedirect("chrome.google.com")); + EXPECT_TRUE(StaticShouldRedirect("checkout.google.com")); + EXPECT_TRUE(StaticShouldRedirect("wallet.google.com")); + EXPECT_TRUE(StaticShouldRedirect("docs.google.com")); + EXPECT_TRUE(StaticShouldRedirect("sites.google.com")); + EXPECT_TRUE(StaticShouldRedirect("drive.google.com")); + EXPECT_TRUE(StaticShouldRedirect("spreadsheets.google.com")); + EXPECT_TRUE(StaticShouldRedirect("appengine.google.com")); + EXPECT_TRUE(StaticShouldRedirect("market.android.com")); + EXPECT_TRUE(StaticShouldRedirect("encrypted.google.com")); + EXPECT_TRUE(StaticShouldRedirect("accounts.google.com")); + EXPECT_TRUE(StaticShouldRedirect("profiles.google.com")); + EXPECT_TRUE(StaticShouldRedirect("mail.google.com")); + EXPECT_TRUE(StaticShouldRedirect("chatenabled.mail.google.com")); + EXPECT_TRUE(StaticShouldRedirect("talkgadget.google.com")); + EXPECT_TRUE(StaticShouldRedirect("hostedtalkgadget.google.com")); + EXPECT_TRUE(StaticShouldRedirect("talk.google.com")); + EXPECT_TRUE(StaticShouldRedirect("plus.google.com")); + EXPECT_TRUE(StaticShouldRedirect("groups.google.com")); + EXPECT_TRUE(StaticShouldRedirect("apis.google.com")); + EXPECT_FALSE(StaticShouldRedirect("chart.apis.google.com")); + EXPECT_TRUE(StaticShouldRedirect("ssl.google-analytics.com")); + EXPECT_TRUE(StaticShouldRedirect("google")); + EXPECT_TRUE(StaticShouldRedirect("foo.google")); + EXPECT_TRUE(StaticShouldRedirect("foo")); + EXPECT_TRUE(StaticShouldRedirect("domaintest.foo")); + EXPECT_TRUE(StaticShouldRedirect("gmail.com")); + EXPECT_TRUE(StaticShouldRedirect("www.gmail.com")); + EXPECT_TRUE(StaticShouldRedirect("googlemail.com")); + EXPECT_TRUE(StaticShouldRedirect("www.googlemail.com")); + EXPECT_TRUE(StaticShouldRedirect("googleplex.com")); + EXPECT_TRUE(StaticShouldRedirect("www.googleplex.com")); + EXPECT_TRUE(StaticShouldRedirect("www.google-analytics.com")); + EXPECT_TRUE(StaticShouldRedirect("www.youtube.com")); + EXPECT_TRUE(StaticShouldRedirect("youtube.com")); + + // These domains used to be only HSTS when SNI was available. + EXPECT_TRUE(state.GetStaticDomainState("gmail.com", &sts_state, &pkp_state)); + EXPECT_TRUE( + state.GetStaticDomainState("www.gmail.com", &sts_state, &pkp_state)); + EXPECT_TRUE( + state.GetStaticDomainState("googlemail.com", &sts_state, &pkp_state)); + EXPECT_TRUE( + state.GetStaticDomainState("www.googlemail.com", &sts_state, &pkp_state)); + + // Other hosts: + + EXPECT_TRUE(StaticShouldRedirect("aladdinschools.appspot.com")); + + EXPECT_TRUE(StaticShouldRedirect("ottospora.nl")); + EXPECT_TRUE(StaticShouldRedirect("www.ottospora.nl")); + + EXPECT_TRUE(StaticShouldRedirect("www.paycheckrecords.com")); + + EXPECT_TRUE(StaticShouldRedirect("lastpass.com")); + EXPECT_TRUE(StaticShouldRedirect("www.lastpass.com")); + EXPECT_FALSE(HasStaticState("blog.lastpass.com")); + + EXPECT_TRUE(StaticShouldRedirect("keyerror.com")); + EXPECT_TRUE(StaticShouldRedirect("www.keyerror.com")); + + EXPECT_TRUE(StaticShouldRedirect("entropia.de")); + EXPECT_TRUE(StaticShouldRedirect("www.entropia.de")); + EXPECT_FALSE(HasStaticState("foo.entropia.de")); + + EXPECT_TRUE(StaticShouldRedirect("www.elanex.biz")); + EXPECT_FALSE(HasStaticState("elanex.biz")); + EXPECT_FALSE(HasStaticState("foo.elanex.biz")); + + EXPECT_TRUE(StaticShouldRedirect("sunshinepress.org")); + EXPECT_TRUE(StaticShouldRedirect("www.sunshinepress.org")); + EXPECT_TRUE(StaticShouldRedirect("a.b.sunshinepress.org")); + + EXPECT_TRUE(StaticShouldRedirect("www.noisebridge.net")); + EXPECT_FALSE(HasStaticState("noisebridge.net")); + EXPECT_FALSE(HasStaticState("foo.noisebridge.net")); + + EXPECT_TRUE(StaticShouldRedirect("neg9.org")); + EXPECT_FALSE(HasStaticState("www.neg9.org")); + + EXPECT_TRUE(StaticShouldRedirect("riseup.net")); + EXPECT_TRUE(StaticShouldRedirect("foo.riseup.net")); + + EXPECT_TRUE(StaticShouldRedirect("factor.cc")); + EXPECT_FALSE(HasStaticState("www.factor.cc")); + + EXPECT_TRUE(StaticShouldRedirect("members.mayfirst.org")); + EXPECT_TRUE(StaticShouldRedirect("support.mayfirst.org")); + EXPECT_TRUE(StaticShouldRedirect("id.mayfirst.org")); + EXPECT_TRUE(StaticShouldRedirect("lists.mayfirst.org")); + EXPECT_FALSE(HasStaticState("www.mayfirst.org")); + + EXPECT_TRUE(StaticShouldRedirect("romab.com")); + EXPECT_TRUE(StaticShouldRedirect("www.romab.com")); + EXPECT_TRUE(StaticShouldRedirect("foo.romab.com")); + + EXPECT_TRUE(StaticShouldRedirect("logentries.com")); + EXPECT_TRUE(StaticShouldRedirect("www.logentries.com")); + EXPECT_FALSE(HasStaticState("foo.logentries.com")); + + EXPECT_TRUE(StaticShouldRedirect("stripe.com")); + EXPECT_TRUE(StaticShouldRedirect("foo.stripe.com")); + + EXPECT_TRUE(StaticShouldRedirect("cloudsecurityalliance.org")); + EXPECT_TRUE(StaticShouldRedirect("foo.cloudsecurityalliance.org")); + + EXPECT_TRUE(StaticShouldRedirect("login.sapo.pt")); + EXPECT_TRUE(StaticShouldRedirect("foo.login.sapo.pt")); + + EXPECT_TRUE(StaticShouldRedirect("mattmccutchen.net")); + EXPECT_TRUE(StaticShouldRedirect("foo.mattmccutchen.net")); + + EXPECT_TRUE(StaticShouldRedirect("betnet.fr")); + EXPECT_TRUE(StaticShouldRedirect("foo.betnet.fr")); + + EXPECT_TRUE(StaticShouldRedirect("uprotect.it")); + EXPECT_TRUE(StaticShouldRedirect("foo.uprotect.it")); + + EXPECT_TRUE(StaticShouldRedirect("squareup.com")); + EXPECT_FALSE(HasStaticState("foo.squareup.com")); + + EXPECT_TRUE(StaticShouldRedirect("cert.se")); + EXPECT_TRUE(StaticShouldRedirect("foo.cert.se")); + + EXPECT_TRUE(StaticShouldRedirect("crypto.is")); + EXPECT_TRUE(StaticShouldRedirect("foo.crypto.is")); + + EXPECT_TRUE(StaticShouldRedirect("simon.butcher.name")); + EXPECT_TRUE(StaticShouldRedirect("foo.simon.butcher.name")); + + EXPECT_TRUE(StaticShouldRedirect("linx.net")); + EXPECT_TRUE(StaticShouldRedirect("foo.linx.net")); + + EXPECT_TRUE(StaticShouldRedirect("dropcam.com")); + EXPECT_TRUE(StaticShouldRedirect("www.dropcam.com")); + EXPECT_FALSE(HasStaticState("foo.dropcam.com")); + + EXPECT_TRUE(StaticShouldRedirect("ebanking.indovinabank.com.vn")); + EXPECT_TRUE(StaticShouldRedirect("foo.ebanking.indovinabank.com.vn")); + + EXPECT_TRUE(StaticShouldRedirect("epoxate.com")); + EXPECT_FALSE(HasStaticState("foo.epoxate.com")); + + EXPECT_FALSE(HasStaticState("foo.torproject.org")); + + EXPECT_TRUE(StaticShouldRedirect("www.moneybookers.com")); + EXPECT_FALSE(HasStaticState("moneybookers.com")); + + EXPECT_TRUE(StaticShouldRedirect("ledgerscope.net")); + EXPECT_TRUE(StaticShouldRedirect("www.ledgerscope.net")); + EXPECT_FALSE(HasStaticState("status.ledgerscope.net")); + + EXPECT_TRUE(StaticShouldRedirect("foo.app.recurly.com")); + EXPECT_TRUE(StaticShouldRedirect("foo.api.recurly.com")); + + EXPECT_TRUE(StaticShouldRedirect("greplin.com")); + EXPECT_TRUE(StaticShouldRedirect("www.greplin.com")); + EXPECT_FALSE(HasStaticState("foo.greplin.com")); + + EXPECT_TRUE(StaticShouldRedirect("luneta.nearbuysystems.com")); + EXPECT_TRUE(StaticShouldRedirect("foo.luneta.nearbuysystems.com")); + + EXPECT_TRUE(StaticShouldRedirect("ubertt.org")); + EXPECT_TRUE(StaticShouldRedirect("foo.ubertt.org")); + + EXPECT_TRUE(StaticShouldRedirect("pixi.me")); + EXPECT_TRUE(StaticShouldRedirect("www.pixi.me")); + + EXPECT_TRUE(StaticShouldRedirect("grepular.com")); + EXPECT_TRUE(StaticShouldRedirect("www.grepular.com")); + + EXPECT_TRUE(StaticShouldRedirect("mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.mydigipass.com")); + EXPECT_TRUE(StaticShouldRedirect("www.mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.www.mydigipass.com")); + EXPECT_TRUE(StaticShouldRedirect("developer.mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.developer.mydigipass.com")); + EXPECT_TRUE(StaticShouldRedirect("www.developer.mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.www.developer.mydigipass.com")); + EXPECT_TRUE(StaticShouldRedirect("sandbox.mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.sandbox.mydigipass.com")); + EXPECT_TRUE(StaticShouldRedirect("www.sandbox.mydigipass.com")); + EXPECT_FALSE(StaticShouldRedirect("foo.www.sandbox.mydigipass.com")); + + EXPECT_TRUE(StaticShouldRedirect("bigshinylock.minazo.net")); + EXPECT_TRUE(StaticShouldRedirect("foo.bigshinylock.minazo.net")); + + EXPECT_TRUE(StaticShouldRedirect("crate.io")); + EXPECT_TRUE(StaticShouldRedirect("foo.crate.io")); +} + +// http://crbug.com/624946 +#if defined(OS_IOS) +#define MAYBE_PreloadedPins DISABLED_PreloadedPins +#else +#define MAYBE_PreloadedPins PreloadedPins +#endif +TEST_F(TransportSecurityStateStaticTest, MAYBE_PreloadedPins) { + TransportSecurityState state; + EnableStaticPins(&state); + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + // We do more extensive checks for the first domain. + EXPECT_TRUE( + state.GetStaticDomainState("www.paypal.com", &sts_state, &pkp_state)); + EXPECT_EQ(sts_state.upgrade_mode, + TransportSecurityState::STSState::MODE_FORCE_HTTPS); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_FALSE(pkp_state.include_subdomains); + + EXPECT_TRUE(OnlyPinningInStaticState("www.google.com")); + EXPECT_TRUE(OnlyPinningInStaticState("foo.google.com")); + EXPECT_TRUE(OnlyPinningInStaticState("google.com")); + EXPECT_TRUE(OnlyPinningInStaticState("i.ytimg.com")); + EXPECT_TRUE(OnlyPinningInStaticState("ytimg.com")); + EXPECT_TRUE(OnlyPinningInStaticState("googleusercontent.com")); + EXPECT_TRUE(OnlyPinningInStaticState("www.googleusercontent.com")); + EXPECT_TRUE(OnlyPinningInStaticState("googleapis.com")); + EXPECT_TRUE(OnlyPinningInStaticState("googleadservices.com")); + EXPECT_TRUE(OnlyPinningInStaticState("googlecode.com")); + EXPECT_TRUE(OnlyPinningInStaticState("appspot.com")); + EXPECT_TRUE(OnlyPinningInStaticState("googlesyndication.com")); + EXPECT_TRUE(OnlyPinningInStaticState("doubleclick.net")); + EXPECT_TRUE(OnlyPinningInStaticState("googlegroups.com")); + + EXPECT_TRUE(HasStaticPublicKeyPins("torproject.org")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.torproject.org")); + EXPECT_TRUE(HasStaticPublicKeyPins("check.torproject.org")); + EXPECT_TRUE(HasStaticPublicKeyPins("blog.torproject.org")); + EXPECT_FALSE(HasStaticState("foo.torproject.org")); + + EXPECT_TRUE( + state.GetStaticDomainState("torproject.org", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE( + state.GetStaticDomainState("www.torproject.org", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE(state.GetStaticDomainState("check.torproject.org", &sts_state, + &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE(state.GetStaticDomainState("blog.torproject.org", &sts_state, + &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + + EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); + + // Check that Facebook subdomains have pinning but not HSTS. + EXPECT_TRUE( + state.GetStaticDomainState("facebook.com", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE(StaticShouldRedirect("facebook.com")); + + EXPECT_TRUE( + state.GetStaticDomainState("foo.facebook.com", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_FALSE(StaticShouldRedirect("foo.facebook.com")); + + EXPECT_TRUE( + state.GetStaticDomainState("www.facebook.com", &sts_state, &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE(StaticShouldRedirect("www.facebook.com")); + + EXPECT_TRUE(state.GetStaticDomainState("foo.www.facebook.com", &sts_state, + &pkp_state)); + EXPECT_FALSE(pkp_state.spki_hashes.empty()); + EXPECT_TRUE(StaticShouldRedirect("foo.www.facebook.com")); +} + +TEST_F(TransportSecurityStateStaticTest, BuiltinCertPins) { + TransportSecurityState state; + EnableStaticPins(&state); + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + + EXPECT_TRUE( + state.GetStaticDomainState("chrome.google.com", &sts_state, &pkp_state)); + EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com")); + + HashValueVector hashes; + std::string failure_log; + // Checks that a built-in list does exist. + EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); + EXPECT_FALSE(HasStaticPublicKeyPins("www.paypal.com")); + + EXPECT_TRUE(HasStaticPublicKeyPins("docs.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("1.docs.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("sites.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("drive.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("spreadsheets.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("wallet.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("checkout.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("appengine.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("market.android.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("encrypted.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("accounts.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("profiles.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("mail.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("chatenabled.mail.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("talkgadget.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("hostedtalkgadget.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("talk.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("youtube.com")); + + EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com")); + + EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com")); + EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com")); +} + +// http://crbug.com/624946 +#if defined(OS_IOS) +#define MAYBE_OptionalHSTSCertPins DISABLED_OptionalHSTSCertPins +#else +#define MAYBE_OptionalHSTSCertPins OptionalHSTSCertPins +#endif +TEST_F(TransportSecurityStateStaticTest, MAYBE_OptionalHSTSCertPins) { + TransportSecurityState state; + EnableStaticPins(&state); + + EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("i.ytimg.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("googleapis.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("ajax.googleapis.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("googleadservices.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("pagead2.googleadservices.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("googlecode.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("kibbles.googlecode.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("appspot.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("googlesyndication.com")); + EXPECT_TRUE(HasStaticPublicKeyPins("doubleclick.net")); + EXPECT_TRUE(HasStaticPublicKeyPins("ad.doubleclick.net")); + EXPECT_FALSE(HasStaticPublicKeyPins("learn.doubleclick.net")); + EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com")); +} + +TEST_F(TransportSecurityStateStaticTest, OverrideBuiltins) { + EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); + EXPECT_FALSE(StaticShouldRedirect("google.com")); + EXPECT_FALSE(StaticShouldRedirect("www.google.com")); + + TransportSecurityState state; + const base::Time current_time(base::Time::Now()); + const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); + state.AddHSTS("www.google.com", expiry, true); + + EXPECT_TRUE(state.ShouldUpgradeToSSL("www.google.com")); +} +#endif // BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) + +} // namespace net
\ No newline at end of file |