| Avi Drissman | 6459548 | 2022-09-14 20:52:29 | [diff] [blame] | 1 | # Copyright 2016 The Chromium Authors |
| sdefresne | eb26586 | 2016-09-08 14:27:12 | [diff] [blame] | 2 | # Use of this source code is governed by a BSD-style license that can be |
| 3 | # found in the LICENSE file. |
| 4 | |
| Hubert Chao | 615632c6 | 2023-02-07 10:14:41 | [diff] [blame] | 5 | import("//build/config/cronet/config.gni") |
| sdefresne | eb26586 | 2016-09-08 14:27:12 | [diff] [blame] | 6 | import("//build/config/features.gni") |
| 7 | |
| 8 | declare_args() { |
| 9 | # Disables support for file URLs. File URL support requires use of icu. |
| Mohannad Farrag | e04f5cc | 2023-10-12 10:34:35 | [diff] [blame] | 10 | # Cronet does not support file URLs. |
| 11 | disable_file_support = is_cronet_build |
| sdefresne | eb26586 | 2016-09-08 14:27:12 | [diff] [blame] | 12 | |
| Dave Tapuska | b8a7b81 | 2023-02-03 21:19:46 | [diff] [blame] | 13 | # WebSockets and socket stream code are not used when blink is not used |
| 14 | # and are optional in cronet. |
| 15 | enable_websockets = use_blink |
| Matt Menke | 83f81725 | 2021-08-10 01:19:54 | [diff] [blame] | 16 | |
| Sergey Ulanov | 4908557 | 2017-07-10 23:25:46 | [diff] [blame] | 17 | # Enable Kerberos authentication. It is disabled by default on iOS, Fuchsia |
| 18 | # and Chromecast, at least for now. This feature needs configuration |
| Lutz Justen | 3ea09c0 | 2019-04-25 07:49:43 | [diff] [blame] | 19 | # (krb5.conf and so on). |
| Sergey Ulanov | 4908557 | 2017-07-10 23:25:46 | [diff] [blame] | 20 | # TODO(fuchsia): Enable kerberos on Fuchsia when it's implemented there. |
| Ryan Keane | 2a3aa8e9 | 2022-06-09 18:51:32 | [diff] [blame] | 21 | use_kerberos = !is_ios && !is_fuchsia && !is_castos && !is_cast_android |
| sdefresne | eb26586 | 2016-09-08 14:27:12 | [diff] [blame] | 22 | |
| 23 | # Do not disable brotli filter by default. |
| 24 | disable_brotli_filter = false |
| brettw | 5224a18 | 2016-10-28 22:13:02 | [diff] [blame] | 25 | |
| Nidhi Jaju | 8d811df | 2023-06-07 02:35:47 | [diff] [blame] | 26 | # Do not disable zstd filter by default, except for Cronet builds. |
| 27 | disable_zstd_filter = is_cronet_build |
| 28 | |
| brettw | 5224a18 | 2016-10-28 22:13:02 | [diff] [blame] | 29 | # Multicast DNS. |
| Sean McAllister | 9c0cdcf | 2020-07-31 16:24:20 | [diff] [blame] | 30 | enable_mdns = is_win || is_linux || is_chromeos || is_fuchsia || is_apple |
| mmenke | fd9d15c | 2017-06-29 13:45:54 | [diff] [blame] | 31 | |
| 32 | # Reporting not used on iOS. |
| 33 | enable_reporting = !is_ios |
| xunjieli | 815ad5b | 2017-07-18 15:51:35 | [diff] [blame] | 34 | |
| 35 | # Includes the transport security state preload list. This list includes |
| 36 | # mechanisms (e.g. HSTS, HPKP) to enforce trusted connections to a significant |
| 37 | # set of hardcoded domains. While this list has a several hundred KB of binary |
| 38 | # size footprint, this flag should not be disabled unless the embedder is |
| 39 | # willing to take the responsibility to make sure that all important |
| 40 | # connections use HTTPS. |
| 41 | include_transport_security_state_preload_list = true |
| Matt Mueller | dbc0aa7 | 2019-02-04 22:13:18 | [diff] [blame] | 42 | |
| Matt Mueller | 77eb944 | 2022-10-05 01:54:05 | [diff] [blame] | 43 | # Platforms for which certificate verification can be performed using the |
| 44 | # builtin cert verifier with the Chrome Root Store, and this can be |
| 45 | # configured using the ChromeRootStoreUsed feature flag. When the feature |
| 46 | # flag is false, verification may be done with the platform verifier or the |
| 47 | # builtin verifier using platform roots, depending on the platform. |
| Hubert Chao | 7c39043 | 2021-07-16 17:36:04 | [diff] [blame] | 48 | # See https://crbug.com/1216547 for status. |
| Matt Mueller | 9942b74d | 2023-10-04 16:33:01 | [diff] [blame] | 49 | chrome_root_store_optional = is_android && !is_cronet_build |
| Matt Mueller | 8b02b190 | 2023-03-07 00:06:36 | [diff] [blame] | 50 | |
| 51 | # Platforms for which certificate verification can only be performed using |
| 52 | # the builtin cert verifier with the Chrome Root Store. |
| Matt Mueller | 9942b74d | 2023-10-04 16:33:01 | [diff] [blame] | 53 | chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos |
| Matt Mueller | 8b02b190 | 2023-03-07 00:06:36 | [diff] [blame] | 54 | } |
| 55 | |
| 56 | assert(!chrome_root_store_optional || !chrome_root_store_only, |
| 57 | "at most one of chrome_root_store_optional and chrome_root_store_only " + |
| 58 | "may be true") |
| 59 | |
| 60 | # Needs to be in a separate declare_args since it refers to args set in the |
| 61 | # previous declare_args block. |
| 62 | declare_args() { |
| 63 | # All platforms for which certificate verification can be performed using the |
| 64 | # builtin cert verifier with the Chrome Root Store. This includes both |
| 65 | # platforms where use of the Chrome Root Store is optional and platforms |
| 66 | # where it is the only supported method. |
| Hubert Chao | 615632c6 | 2023-02-07 10:14:41 | [diff] [blame] | 67 | chrome_root_store_supported = |
| Matt Mueller | 8b02b190 | 2023-03-07 00:06:36 | [diff] [blame] | 68 | chrome_root_store_optional || chrome_root_store_only |
| sdefresne | eb26586 | 2016-09-08 14:27:12 | [diff] [blame] | 69 | } |