native/0001-Envoy.patch

 chrome/browser/ssl/ssl_config_service_manager.cc   | 11 +++++
 .../api/src/org/chromium/net/CronetEngine.java     |  5 ++
 .../src/org/chromium/net/ICronetEngineBuilder.java |  1 +
 .../cronet/android/cronet_context_adapter.cc       |  2 +
 .../chromium/net/impl/CronetEngineBuilderImpl.java | 11 +++++
 .../chromium/net/impl/CronetUrlRequestContext.java | 10 ++--
 .../cronet_sample_apk/CronetSampleActivity.java    |  1 +
 components/cronet/native/cronet.idl                |  1 +
 components/cronet/native/engine.cc                 |  1 +
 components/cronet/native/generated/cronet.idl_c.h  |  6 +++
 .../native/generated/cronet.idl_impl_struct.cc     | 12 +++++
 .../native/generated/cronet.idl_impl_struct.h      |  1 +
 .../generated/cronet.idl_impl_struct_unittest.cc   |  4 ++
 components/cronet/native/sample/main.cc            | 24 ++++++++++
 components/cronet/url_request_context_config.cc    | 48 +++++++++++++++++--
 components/cronet/url_request_context_config.h     | 42 +++++++++++++++++
 net/socket/client_socket_pool_manager.cc           |  2 +-
 net/spdy/spdy_http_utils.cc                        |  5 ++
 net/ssl/ssl_config_service_defaults.cc             |  4 ++
 net/ssl/ssl_config_service_defaults.h              |  1 +
 net/url_request/url_request_context.h              |  4 ++
 net/url_request/url_request_context_builder.cc     | 55 ++++++++++++++++++++--
 net/url_request/url_request_context_builder.h      |  2 +
 net/url_request/url_request_http_job.cc            | 43 +++++++++++++++++
 24 files changed, 284 insertions(+), 12 deletions(-)

diff --git a/chrome/browser/ssl/ssl_config_service_manager.cc b/chrome/browser/ssl/ssl_config_service_manager.cc
index 6537a65ed4cd3..66cf928be46cb 100644
--- a/chrome/browser/ssl/ssl_config_service_manager.cc
+++ b/chrome/browser/ssl/ssl_config_service_manager.cc
@@ -13,6 +13,7 @@
 #include "base/feature_list.h"
 #include "base/location.h"
 #include "base/strings/string_util.h"
+#include "base/strings/string_split.h"
 #include "base/values.h"
 #include "build/build_config.h"
 #include "build/chromeos_buildflags.h"
@@ -29,6 +30,7 @@
 #include "components/variations/pref_names.h"
 #include "mojo/public/cpp/bindings/remote.h"
 #include "mojo/public/cpp/bindings/remote_set.h"
+#include "net/base/url_util.h"
 #include "net/cert/cert_verifier.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_config_service.h"
@@ -177,6 +179,7 @@ void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
 
 void SSLConfigServiceManager::AddToNetworkContextParams(
     network::mojom::NetworkContextParams* network_context_params) {
+  // TODO  network_context_params->envoy_url
   network_context_params->initial_ssl_config = GetSSLConfigFromPrefs();
   mojo::Remote<network::mojom::SSLConfigClient> ssl_config_client;
   network_context_params->ssl_config_client_receiver =
@@ -250,6 +253,14 @@ void SSLConfigServiceManager::OnDisabledCipherSuitesChange(
   const base::Value::List& list =
       local_state->GetList(prefs::kCipherSuiteBlacklist);
   disabled_cipher_suites_ = ParseCipherSuites(ValueListToStringVector(list));
+
+  auto envoy_url = GURL(local_state->GetString(prefs::kEnvoyUrl));
+  std::string disabled_cipher_suites;
+  std::vector<uint16_t> disabled_ciphers;
+  if (net::GetValueForKeyInQuery(envoy_url, "disabled_cipher_suites", &disabled_cipher_suites)) {
+    auto cipher_strings = base::SplitString(disabled_cipher_suites, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+    disabled_cipher_suites_ = ParseCipherSuites(cipher_strings);
+  }
 }
 
 void SSLConfigServiceManager::CacheVariationsPolicy(PrefService* local_state) {
diff --git a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
index 9941d67bbd97a..af658b248e122 100644
--- a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
+++ b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java
@@ -113,6 +113,11 @@ public abstract class CronetEngine {
             return this;
         }
 
+        public Builder setEnvoyUrl(String envoyUrl) {
+            mBuilderDelegate.setEnvoyUrl(envoyUrl);
+            return this;
+        }
+
         /**
          * Sets directory for HTTP Cache and Cookie Storage. The directory must
          * exist.
diff --git a/components/cronet/android/api/src/org/chromium/net/ICronetEngineBuilder.java b/components/cronet/android/api/src/org/chromium/net/ICronetEngineBuilder.java
index 4cdb0bf790198..e645c8218dfc8 100644
--- a/components/cronet/android/api/src/org/chromium/net/ICronetEngineBuilder.java
+++ b/components/cronet/android/api/src/org/chromium/net/ICronetEngineBuilder.java
@@ -36,6 +36,7 @@ public abstract class ICronetEngineBuilder {
     public abstract ICronetEngineBuilder setStoragePath(String value);
     public abstract ICronetEngineBuilder setUserAgent(String userAgent);
     public abstract String getDefaultUserAgent();
+    public abstract ICronetEngineBuilder setEnvoyUrl(String envoyUrl);
     public abstract ExperimentalCronetEngine build();
 
     // Experimental API methods.
diff --git a/components/cronet/android/cronet_context_adapter.cc b/components/cronet/android/cronet_context_adapter.cc
index 8ae0e429e185e..99fc5f16ae2ac 100644
--- a/components/cronet/android/cronet_context_adapter.cc
+++ b/components/cronet/android/cronet_context_adapter.cc
@@ -243,6 +243,7 @@ int CronetContextAdapter::default_load_flags() const {
 static jlong JNI_CronetUrlRequestContext_CreateRequestContextConfig(
     JNIEnv* env,
     const JavaParamRef<jstring>& juser_agent,
+    const JavaParamRef<jstring>& jenvoy_url,
     const JavaParamRef<jstring>& jstorage_path,
     jboolean jquic_enabled,
     const JavaParamRef<jstring>& jquic_default_user_agent_id,
@@ -266,6 +267,7 @@ static jlong JNI_CronetUrlRequestContext_CreateRequestContextConfig(
           ConvertNullableJavaStringToUTF8(env, jstorage_path),
           /* accept_languages */ std::string(),
           ConvertNullableJavaStringToUTF8(env, juser_agent),
+          ConvertNullableJavaStringToUTF8(env, jenvoy_url),
           ConvertNullableJavaStringToUTF8(
               env, jexperimental_quic_connection_options),
           base::WrapUnique(
diff --git a/components/cronet/android/java/src/org/chromium/net/impl/CronetEngineBuilderImpl.java b/components/cronet/android/java/src/org/chromium/net/impl/CronetEngineBuilderImpl.java
index bb406f41cd9f1..f5647db0643ec 100644
--- a/components/cronet/android/java/src/org/chromium/net/impl/CronetEngineBuilderImpl.java
+++ b/components/cronet/android/java/src/org/chromium/net/impl/CronetEngineBuilderImpl.java
@@ -139,6 +139,7 @@ public abstract class CronetEngineBuilderImpl extends ICronetEngineBuilder {
     private final List<Pkp> mPkps = new LinkedList<>();
     private boolean mPublicKeyPinningBypassForLocalTrustAnchorsEnabled;
     private String mUserAgent;
+    private String mEnvoyUrl;
     private String mStoragePath;
     private boolean mQuicEnabled;
     private boolean mHttp2Enabled;
@@ -181,6 +182,16 @@ public abstract class CronetEngineBuilderImpl extends ICronetEngineBuilder {
         return mUserAgent;
     }
 
+    @Override
+    public CronetEngineBuilderImpl setEnvoyUrl(String envoyUrl) {
+        mEnvoyUrl = envoyUrl;
+        return this;
+    }
+
+    public String getEnvoyUrl() {
+        return mEnvoyUrl;
+    }
+
     @Override
     public CronetEngineBuilderImpl setStoragePath(String value) {
         if (!new File(value).isDirectory()) {
diff --git a/components/cronet/android/java/src/org/chromium/net/impl/CronetUrlRequestContext.java b/components/cronet/android/java/src/org/chromium/net/impl/CronetUrlRequestContext.java
index e4c2df648b454..0ac80eb23964c 100644
--- a/components/cronet/android/java/src/org/chromium/net/impl/CronetUrlRequestContext.java
+++ b/components/cronet/android/java/src/org/chromium/net/impl/CronetUrlRequestContext.java
@@ -249,7 +249,7 @@ public class CronetUrlRequestContext extends CronetEngineBase {
     public static long createNativeUrlRequestContextConfig(CronetEngineBuilderImpl builder) {
         final long urlRequestContextConfig =
                 CronetUrlRequestContextJni.get().createRequestContextConfig(builder.getUserAgent(),
-                        builder.storagePath(), builder.quicEnabled(),
+                        builder.getEnvoyUrl(), builder.storagePath(), builder.quicEnabled(),
                         builder.getDefaultQuicUserAgentId(), builder.http2Enabled(),
                         builder.brotliEnabled(), builder.cacheDisabled(), builder.httpCacheMode(),
                         builder.httpCacheMaxSize(), builder.experimentalOptions(),
@@ -785,10 +785,10 @@ public class CronetUrlRequestContext extends CronetEngineBase {
     // Native methods are implemented in cronet_url_request_context_adapter.cc.
     @NativeMethods
     interface Natives {
-        long createRequestContextConfig(String userAgent, String storagePath, boolean quicEnabled,
-                String quicUserAgentId, boolean http2Enabled, boolean brotliEnabled,
-                boolean disableCache, int httpCacheMode, long httpCacheMaxSize,
-                String experimentalOptions, long mockCertVerifier,
+        long createRequestContextConfig(String userAgent, String envoyUrl, String storagePath,
+                boolean quicEnabled, String quicUserAgentId, boolean http2Enabled,
+                boolean brotliEnabled, boolean disableCache, int httpCacheMode,
+                long httpCacheMaxSize, String experimentalOptions, long mockCertVerifier,
                 boolean enableNetworkQualityEstimator,
                 boolean bypassPublicKeyPinningForLocalTrustAnchors, int networkThreadPriority);
 
diff --git a/components/cronet/android/sample/src/org/chromium/cronet_sample_apk/CronetSampleActivity.java b/components/cronet/android/sample/src/org/chromium/cronet_sample_apk/CronetSampleActivity.java
index 5d3a93c519b2b..9538b5072539a 100644
--- a/components/cronet/android/sample/src/org/chromium/cronet_sample_apk/CronetSampleActivity.java
+++ b/components/cronet/android/sample/src/org/chromium/cronet_sample_apk/CronetSampleActivity.java
@@ -125,6 +125,7 @@ public class CronetSampleActivity extends Activity {
         CronetEngine.Builder myBuilder = new CronetEngine.Builder(this);
         myBuilder.enableHttpCache(CronetEngine.Builder.HTTP_CACHE_IN_MEMORY, 100 * 1024)
                 .enableHttp2(true)
+                .setEnvoyUrl("https://example.com/enovy_path/")
                 .enableQuic(true);
 
         mCronetEngine = myBuilder.build();
diff --git a/components/cronet/native/cronet.idl b/components/cronet/native/cronet.idl
index ddb3ad5b3b705..0bdf3ef4059b0 100644
--- a/components/cronet/native/cronet.idl
+++ b/components/cronet/native/cronet.idl
@@ -510,6 +510,7 @@ struct EngineParams {
    * set User-Agent header will override a value set using this param.
    */
   string user_agent;
+  string envoy_url;
 
   /**
    * Sets a default value for the Accept-Language header value for UrlRequests
diff --git a/components/cronet/native/engine.cc b/components/cronet/native/engine.cc
index 6f27d1a6d0059..d6ea7f8c8e3e0 100644
--- a/components/cronet/native/engine.cc
+++ b/components/cronet/native/engine.cc
@@ -149,6 +149,7 @@ Cronet_RESULT Cronet_EngineImpl::StartWithParams(
   context_config_builder.storage_path = params->storage_path;
   context_config_builder.accept_language = params->accept_language;
   context_config_builder.user_agent = params->user_agent;
+  context_config_builder.envoy_url = params->envoy_url;
   context_config_builder.experimental_options = params->experimental_options;
   context_config_builder.bypass_public_key_pinning_for_local_trust_anchors =
       params->enable_public_key_pinning_bypass_for_local_trust_anchors;
diff --git a/components/cronet/native/generated/cronet.idl_c.h b/components/cronet/native/generated/cronet.idl_c.h
index 988e6efacb0f3..b00b185572ef1 100644
--- a/components/cronet/native/generated/cronet.idl_c.h
+++ b/components/cronet/native/generated/cronet.idl_c.h
@@ -795,6 +795,9 @@ CRONET_EXPORT
 void Cronet_EngineParams_user_agent_set(Cronet_EngineParamsPtr self,
                                         const Cronet_String user_agent);
 CRONET_EXPORT
+void Cronet_EngineParams_envoy_url_set(Cronet_EngineParamsPtr self,
+                                       const Cronet_String envoy_url);
+CRONET_EXPORT
 void Cronet_EngineParams_accept_language_set(
     Cronet_EngineParamsPtr self,
     const Cronet_String accept_language);
@@ -845,6 +848,9 @@ CRONET_EXPORT
 Cronet_String Cronet_EngineParams_user_agent_get(
     const Cronet_EngineParamsPtr self);
 CRONET_EXPORT
+Cronet_String Cronet_EngineParams_envoy_url_get(
+    const Cronet_EngineParamsPtr self);
+CRONET_EXPORT
 Cronet_String Cronet_EngineParams_accept_language_get(
     const Cronet_EngineParamsPtr self);
 CRONET_EXPORT
diff --git a/components/cronet/native/generated/cronet.idl_impl_struct.cc b/components/cronet/native/generated/cronet.idl_impl_struct.cc
index 61667e399148b..abb6dd92c71db 100644
--- a/components/cronet/native/generated/cronet.idl_impl_struct.cc
+++ b/components/cronet/native/generated/cronet.idl_impl_struct.cc
@@ -249,6 +249,12 @@ void Cronet_EngineParams_user_agent_set(Cronet_EngineParamsPtr self,
   self->user_agent = user_agent;
 }
 
+void Cronet_EngineParams_envoy_url_set(Cronet_EngineParamsPtr self,
+                                       const Cronet_String envoy_url) {
+  DCHECK(self);
+  self->envoy_url = envoy_url;
+}
+
 void Cronet_EngineParams_accept_language_set(
     Cronet_EngineParamsPtr self,
     const Cronet_String accept_language) {
@@ -342,6 +348,12 @@ Cronet_String Cronet_EngineParams_user_agent_get(
   return self->user_agent.c_str();
 }
 
+Cronet_String Cronet_EngineParams_envoy_url_get(
+    const Cronet_EngineParamsPtr self) {
+  DCHECK(self);
+  return self->envoy_url.c_str();
+}
+
 Cronet_String Cronet_EngineParams_accept_language_get(
     const Cronet_EngineParamsPtr self) {
   DCHECK(self);
diff --git a/components/cronet/native/generated/cronet.idl_impl_struct.h b/components/cronet/native/generated/cronet.idl_impl_struct.h
index a665b85ac93cb..95841a7e18296 100644
--- a/components/cronet/native/generated/cronet.idl_impl_struct.h
+++ b/components/cronet/native/generated/cronet.idl_impl_struct.h
@@ -83,6 +83,7 @@ struct Cronet_EngineParams {
 
   bool enable_check_result = true;
   std::string user_agent;
+  std::string envoy_url;
   std::string accept_language;
   std::string storage_path;
   bool enable_quic = true;
diff --git a/components/cronet/native/generated/cronet.idl_impl_struct_unittest.cc b/components/cronet/native/generated/cronet.idl_impl_struct_unittest.cc
index 11991a5a9ba48..9a2c19a8f8624 100644
--- a/components/cronet/native/generated/cronet.idl_impl_struct_unittest.cc
+++ b/components/cronet/native/generated/cronet.idl_impl_struct_unittest.cc
@@ -107,6 +107,10 @@ TEST_F(CronetStructTest, TestCronet_EngineParams) {
                                      Cronet_EngineParams_user_agent_get(first));
   EXPECT_STREQ(Cronet_EngineParams_user_agent_get(first),
                Cronet_EngineParams_user_agent_get(second));
+  Cronet_EngineParams_envoy_url_set(second,
+                                    Cronet_EngineParams_envoy_url_get(first));
+  EXPECT_STREQ(Cronet_EngineParams_envoy_url_get(first),
+               Cronet_EngineParams_envoy_url_get(second));
   Cronet_EngineParams_accept_language_set(
       second, Cronet_EngineParams_accept_language_get(first));
   EXPECT_STREQ(Cronet_EngineParams_accept_language_get(first),
diff --git a/components/cronet/native/sample/main.cc b/components/cronet/native/sample/main.cc
index 0cbbdce569e14..f69f8e5d3cd49 100644
--- a/components/cronet/native/sample/main.cc
+++ b/components/cronet/native/sample/main.cc
@@ -12,6 +12,30 @@ Cronet_EnginePtr CreateCronetEngine() {
   Cronet_EnginePtr cronet_engine = Cronet_Engine_Create();
   Cronet_EngineParamsPtr engine_params = Cronet_EngineParams_Create();
   Cronet_EngineParams_user_agent_set(engine_params, "CronetSample/1");
+  Cronet_EngineParams_envoy_url_set(engine_params,
+                                    "https://example.com/enovy_path/");
+  Cronet_EngineParams_envoy_url_set(
+      engine_params,
+      "envoy://"
+      "?url=https%3A%2F%2Fexample.com%2Fenvoy_path%2F%3Fk1%3Dv1&header_Host="
+      "subdomain.example.com&resolve=MAP%20example.com%201.2.3.4");
+  // only MAP url-host to address
+  Cronet_EngineParams_envoy_url_set(
+      engine_params,
+      "envoy://"
+      "?url=https%3A%2F%2Fexample.com%2Fenvoy_path%2F%3Fk1%3Dv1&header_Host="
+      "subdomain.example.com&address=1.2.3.4");
+  Cronet_EngineParams_envoy_url_set(
+      engine_params,
+      "envoy://"
+      "?url=https%3A%2F%2Fexample.com%2Fenvoy_path%2F%3Fk1%3Dv1&header_Host="
+      "subdomain.example.com&address=1.2.3.4&disabled_cipher_suites=0xc024,0xc02f");
+  Cronet_EngineParams_envoy_url_set(
+      engine_params,
+      "envoy://"
+      "?url=https%3A%2F%2Fexample.com%2Fenvoy_path%2F%3Fk1%3Dv1&header_Host="
+      "subdomain.example.com&address=1.2.3.4&disabled_cipher_suites=0xc024,0xc02f");
+
   Cronet_EngineParams_enable_quic_set(engine_params, true);
 
   Cronet_Engine_StartWithParams(cronet_engine, engine_params);
diff --git a/components/cronet/url_request_context_config.cc b/components/cronet/url_request_context_config.cc
index b03411758c0d7..775e51eedc781 100644
--- a/components/cronet/url_request_context_config.cc
+++ b/components/cronet/url_request_context_config.cc
@@ -276,6 +276,46 @@ URLRequestContextConfig::PreloadedNelAndReportingHeader::
 URLRequestContextConfig::PreloadedNelAndReportingHeader::
     ~PreloadedNelAndReportingHeader() = default;
 
+URLRequestContextConfig::URLRequestContextConfig(
+    bool enable_quic,
+    const std::string& quic_user_agent_id,
+    bool enable_spdy,
+    bool enable_brotli,
+    HttpCacheType http_cache,
+    int http_cache_max_size,
+    bool load_disable_cache,
+    const std::string& storage_path,
+    const std::string& accept_language,
+    const std::string& user_agent,
+    const std::string& envoy_url,
+    base::Value::Dict experimental_options,
+    std::unique_ptr<net::CertVerifier> mock_cert_verifier,
+    bool enable_network_quality_estimator,
+    bool bypass_public_key_pinning_for_local_trust_anchors,
+    absl::optional<double> network_thread_priority)
+    : enable_quic(enable_quic),
+      quic_user_agent_id(quic_user_agent_id),
+      enable_spdy(enable_spdy),
+      enable_brotli(enable_brotli),
+      http_cache(http_cache),
+      http_cache_max_size(http_cache_max_size),
+      load_disable_cache(load_disable_cache),
+      storage_path(storage_path),
+      accept_language(accept_language),
+      user_agent(user_agent),
+      envoy_url(envoy_url),
+      mock_cert_verifier(std::move(mock_cert_verifier)),
+      enable_network_quality_estimator(enable_network_quality_estimator),
+      bypass_public_key_pinning_for_local_trust_anchors(
+          bypass_public_key_pinning_for_local_trust_anchors),
+      effective_experimental_options(experimental_options.Clone()),
+      experimental_options(std::move(experimental_options)),
+      network_thread_priority(network_thread_priority),
+      bidi_stream_detect_broken_connection(false),
+      heartbeat_interval(base::Seconds(0)) {
+  SetContextConfigExperimentalOptions();
+}
+
 URLRequestContextConfig::URLRequestContextConfig(
     bool enable_quic,
     const std::string& quic_user_agent_id,
@@ -330,6 +370,7 @@ URLRequestContextConfig::CreateURLRequestContextConfig(
     const std::string& storage_path,
     const std::string& accept_language,
     const std::string& user_agent,
+    const std::string& envoy_url,
     const std::string& unparsed_experimental_options,
     std::unique_ptr<net::CertVerifier> mock_cert_verifier,
     bool enable_network_quality_estimator,
@@ -348,7 +389,7 @@ URLRequestContextConfig::CreateURLRequestContextConfig(
   return base::WrapUnique(new URLRequestContextConfig(
       enable_quic, quic_user_agent_id, enable_spdy, enable_brotli, http_cache,
       http_cache_max_size, load_disable_cache, storage_path, accept_language,
-      user_agent, std::move(experimental_options).value(),
+      user_agent, envoy_url, std::move(experimental_options).value(),
       std::move(mock_cert_verifier), enable_network_quality_estimator,
       bypass_public_key_pinning_for_local_trust_anchors,
       network_thread_priority));
@@ -871,6 +912,7 @@ void URLRequestContextConfig::ConfigureURLRequestContextBuilder(
   }
   context_builder->set_accept_language(accept_language);
   context_builder->set_user_agent(user_agent);
+  context_builder->set_envoy_url(envoy_url);
   net::HttpNetworkSessionParams session_params;
   session_params.enable_http2 = enable_spdy;
   session_params.enable_quic = enable_quic;
@@ -906,8 +948,8 @@ URLRequestContextConfigBuilder::Build() {
   return URLRequestContextConfig::CreateURLRequestContextConfig(
       enable_quic, quic_user_agent_id, enable_spdy, enable_brotli, http_cache,
       http_cache_max_size, load_disable_cache, storage_path, accept_language,
-      user_agent, experimental_options, std::move(mock_cert_verifier),
-      enable_network_quality_estimator,
+      user_agent, envoy_url, experimental_options,
+      std::move(mock_cert_verifier), enable_network_quality_estimator,
       bypass_public_key_pinning_for_local_trust_anchors,
       network_thread_priority);
 }
diff --git a/components/cronet/url_request_context_config.h b/components/cronet/url_request_context_config.h
index 6561e1ccec536..42e076ef83854 100644
--- a/components/cronet/url_request_context_config.h
+++ b/components/cronet/url_request_context_config.h
@@ -130,6 +130,8 @@ struct URLRequestContextConfig {
   // User-Agent request header field.
   const std::string user_agent;
 
+  const std::string envoy_url;
+
   // Certificate verifier for testing.
   std::unique_ptr<net::CertVerifier> mock_cert_verifier;
 
@@ -208,6 +210,7 @@ struct URLRequestContextConfig {
       const std::string& accept_language,
       // User-Agent request header field.
       const std::string& user_agent,
+      const std::string& envoy_url,
       // JSON encoded experimental options.
       const std::string& unparsed_experimental_options,
       // MockCertVerifier to use for testing purposes.
@@ -223,6 +226,44 @@ struct URLRequestContextConfig {
       absl::optional<double> network_thread_priority);
 
  private:
+  URLRequestContextConfig(
+      // Enable QUIC.
+      bool enable_quic,
+      // QUIC User Agent ID.
+      const std::string& quic_user_agent_id,
+      // Enable SPDY.
+      bool enable_spdy,
+      // Enable Brotli.
+      bool enable_brotli,
+      // Type of http cache.
+      HttpCacheType http_cache,
+      // Max size of http cache in bytes.
+      int http_cache_max_size,
+      // Disable caching for HTTP responses. Other information may be stored in
+      // the cache.
+      bool load_disable_cache,
+      // Storage path for http cache and cookie storage.
+      const std::string& storage_path,
+      // Accept-Language request header field.
+      const std::string& accept_language,
+      // User-Agent request header field.
+      const std::string& user_agent,
+      // Envoy URL
+      const std::string& envoy_url,
+      // Parsed experimental options.
+      base::Value::Dict experimental_options,
+      // MockCertVerifier to use for testing purposes.
+      std::unique_ptr<net::CertVerifier> mock_cert_verifier,
+      // Enable network quality estimator.
+      bool enable_network_quality_estimator,
+      // Enable bypassing of public key pinning for local trust anchors
+      bool bypass_public_key_pinning_for_local_trust_anchors,
+      // Optional network thread priority.
+      // On Android, corresponds to android.os.Process.setThreadPriority()
+      // values. On iOS, corresponds to NSThread::setThreadPriority values. Do
+      // not specify for other targets.
+      absl::optional<double> network_thread_priority);
+
   URLRequestContextConfig(
       // Enable QUIC.
       bool enable_quic,
@@ -316,6 +357,7 @@ struct URLRequestContextConfigBuilder {
   std::string accept_language = "";
   // User-Agent request header field.
   std::string user_agent = "";
+  std::string envoy_url = "";
   // Experimental options encoded as a string in a JSON format containing
   // experiments and their corresponding configuration options. The format
   // is a JSON object with the name of the experiment as the key, and the
diff --git a/net/socket/client_socket_pool_manager.cc b/net/socket/client_socket_pool_manager.cc
index 521ebc8f5023e..9e5dbfa8c41e8 100644
--- a/net/socket/client_socket_pool_manager.cc
+++ b/net/socket/client_socket_pool_manager.cc
@@ -48,7 +48,7 @@ static_assert(std::size(g_max_sockets_per_pool) ==
 // be the same as the limit for ws. Also note that Firefox uses a limit of 200.
 // See http://crbug.com/486800
 int g_max_sockets_per_group[] = {
-    6,   // NORMAL_SOCKET_POOL
+    60,  // NORMAL_SOCKET_POOL
     255  // WEBSOCKET_SOCKET_POOL
 };
 
diff --git a/net/spdy/spdy_http_utils.cc b/net/spdy/spdy_http_utils.cc
index 59f0503786100..06c35d0e48a5b 100644
--- a/net/spdy/spdy_http_utils.cc
+++ b/net/spdy/spdy_http_utils.cc
@@ -111,6 +111,11 @@ void CreateSpdyHeadersFromHttpRequest(const HttpRequestInfo& info,
   HttpRequestHeaders::Iterator it(request_headers);
   while (it.GetNext()) {
     std::string name = base::ToLowerASCII(it.name());
+    if (!name.empty() && name == "host") {
+        (*headers)[spdy::kHttp2AuthorityHeader] = it.value();
+       continue;
+    }
+
     if (name.empty() || name[0] == ':' || name == "connection" ||
         name == "proxy-connection" || name == "transfer-encoding" ||
         name == "host") {
diff --git a/net/ssl/ssl_config_service_defaults.cc b/net/ssl/ssl_config_service_defaults.cc
index c48064549ced4..f2831cdb04ea1 100644
--- a/net/ssl/ssl_config_service_defaults.cc
+++ b/net/ssl/ssl_config_service_defaults.cc
@@ -9,6 +9,10 @@ namespace net {
 SSLConfigServiceDefaults::SSLConfigServiceDefaults() = default;
 SSLConfigServiceDefaults::~SSLConfigServiceDefaults() = default;
 
+SSLConfigServiceDefaults::SSLConfigServiceDefaults(SSLContextConfig default_config): default_config_(default_config) {
+  // default_config.disabled_cipher_suites = default_config_.disabled_cipher_suites;
+}
+
 SSLContextConfig SSLConfigServiceDefaults::GetSSLContextConfig() {
   return default_config_;
 }
diff --git a/net/ssl/ssl_config_service_defaults.h b/net/ssl/ssl_config_service_defaults.h
index 4bf47d05b527f..4cc06b182d624 100644
--- a/net/ssl/ssl_config_service_defaults.h
+++ b/net/ssl/ssl_config_service_defaults.h
@@ -21,6 +21,7 @@ class NET_EXPORT SSLConfigServiceDefaults : public SSLConfigService {
   SSLConfigServiceDefaults& operator=(const SSLConfigServiceDefaults&) = delete;
 
   ~SSLConfigServiceDefaults() override;
+  SSLConfigServiceDefaults(SSLContextConfig default_config);
 
   // Returns the default SSL config settings.
   SSLContextConfig GetSSLContextConfig() override;
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 4ee83f194cbc3..f7370f0487ad5 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -231,6 +231,9 @@ class NET_EXPORT URLRequestContext final {
   // context has been bound to.
   handles::NetworkHandle bound_network() const { return bound_network_; }
 
+  void set_envoy_url(const std::string& envoy_url) { envoy_url_ = envoy_url; }
+  const std::string& envoy_url() const { return envoy_url_; }
+
   void AssertCalledOnValidThread() {
     DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
   }
@@ -359,6 +362,7 @@ class NET_EXPORT URLRequestContext final {
   // Triggers a DCHECK if a NetworkAnonymizationKey/IsolationInfo is not
   // provided to a request when true.
   bool require_network_isolation_key_ = false;
+  std::string envoy_url_;
 
   handles::NetworkHandle bound_network_;
 
diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc
index 6ee8f97b02225..883d2e49dc032 100644
--- a/net/url_request/url_request_context_builder.cc
+++ b/net/url_request/url_request_context_builder.cc
@@ -13,6 +13,7 @@
 #include "base/compiler_specific.h"
 #include "base/notreached.h"
 #include "base/strings/string_util.h"
+#include "base/strings/string_split.h"
 #include "base/task/single_thread_task_runner.h"
 #include "base/task/thread_pool.h"
 #include "base/threading/thread_task_runner_handle.h"
@@ -21,6 +22,7 @@
 #include "net/base/cache_type.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate_impl.h"
+#include "net/base/url_util.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/ct_policy_enforcer.h"
@@ -31,6 +33,7 @@
 #include "net/dns/context_host_resolver.h"
 #include "net/dns/host_resolver.h"
 #include "net/dns/host_resolver_manager.h"
+#include "net/dns/mapped_host_resolver.h"
 #include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_cache.h"
 #include "net/http/http_network_layer.h"
@@ -46,6 +49,7 @@
 #include "net/quic/quic_context.h"
 #include "net/quic/quic_stream_factory.h"
 #include "net/socket/network_binding_client_socket_factory.h"
+#include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_config_service_defaults.h"
 #include "net/url_request/static_http_user_agent_settings.h"
 #include "net/url_request/url_request_context.h"
@@ -125,6 +129,10 @@ void URLRequestContextBuilder::set_user_agent(const std::string& user_agent) {
   user_agent_ = user_agent;
 }
 
+void URLRequestContextBuilder::set_envoy_url(const std::string& envoy_url) {
+  envoy_url_ = envoy_url;
+}
+
 void URLRequestContextBuilder::set_http_user_agent_settings(
     std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings) {
   http_user_agent_settings_ = std::move(http_user_agent_settings);
@@ -278,6 +286,8 @@ std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
   context->set_require_network_isolation_key(require_network_isolation_key_);
   context->set_network_quality_estimator(network_quality_estimator_);
 
+  if (!envoy_url_.empty())
+    context->set_envoy_url(envoy_url_);
   if (http_user_agent_settings_) {
     context->set_http_user_agent_settings(std::move(http_user_agent_settings_));
   } else {
@@ -363,13 +373,52 @@ std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     }
   }
   host_resolver_->SetRequestContext(context.get());
-  context->set_host_resolver(std::move(host_resolver_));
+
+  auto envoy_url = GURL(envoy_url_);
+  std::string value;
+  GetValueForKeyInQuery(envoy_url, "url", &value);
+  // TODO assert value
+  auto url = GURL(value);
+
+  if (GetValueForKeyInQuery(envoy_url, "resolve", &value)) {
+    std::unique_ptr<net::MappedHostResolver> remapped_resolver(
+        new net::MappedHostResolver(std::move(host_resolver_)));
+    remapped_resolver->SetRulesFromString(value);
+    context->set_host_resolver(std::move(remapped_resolver));
+  } else if (GetValueForKeyInQuery(envoy_url, "address", &value)) {
+    std::unique_ptr<net::MappedHostResolver> remapped_resolver(
+        new net::MappedHostResolver(std::move(host_resolver_)));
+    remapped_resolver->SetRulesFromString("MAP " + url.host() + " " + value);
+    context->set_host_resolver(std::move(remapped_resolver));
+  } else {
+    context->set_host_resolver(std::move(host_resolver_));
+  }
 
   if (ssl_config_service_) {
     context->set_ssl_config_service(std::move(ssl_config_service_));
   } else {
-    context->set_ssl_config_service(
-        std::make_unique<SSLConfigServiceDefaults>());
+    SSLContextConfig ssl_context_config;
+    std::vector<uint16_t> disabled_ciphers;
+    if (GetValueForKeyInQuery(envoy_url, "disabled_cipher_suites", &value)) {
+      auto cipher_strings = base::SplitString(value, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+      // see net::ParseCipherSuites(cipher_strings);
+      std::vector<uint16_t> cipher_suites;
+      cipher_suites.reserve(cipher_strings.size());
+
+      for (auto it = cipher_strings.begin(); it != cipher_strings.end(); ++it) {
+        uint16_t cipher_suite = 0;
+        if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
+          LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: " << *it;
+          continue;
+        }
+        cipher_suites.push_back(cipher_suite);
+      }
+      std::sort(cipher_suites.begin(), cipher_suites.end());
+
+      ssl_context_config.disabled_cipher_suites =  cipher_suites;
+    }
+    auto ssl_config_service_ptr = std::make_unique<SSLConfigServiceDefaults>(ssl_context_config);
+    context->set_ssl_config_service(std::move(ssl_config_service_ptr));
   }
 
   if (http_auth_handler_factory_) {
diff --git a/net/url_request/url_request_context_builder.h b/net/url_request/url_request_context_builder.h
index d2220a6a86bf1..dd0c3bdd107dd 100644
--- a/net/url_request/url_request_context_builder.h
+++ b/net/url_request/url_request_context_builder.h
@@ -193,6 +193,7 @@ class NET_EXPORT URLRequestContextBuilder {
   // have the headers already set.
   void set_accept_language(const std::string& accept_language);
   void set_user_agent(const std::string& user_agent);
+  void set_envoy_url(const std::string& envoy_url);
 
   // Makes the created URLRequestContext use a particular HttpUserAgentSettings
   // object. Not compatible with set_accept_language() / set_user_agent().
@@ -410,6 +411,7 @@ class NET_EXPORT URLRequestContextBuilder {
 
   std::string accept_language_;
   std::string user_agent_;
+  std::string envoy_url_;
   std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings_;
 
   bool http_cache_enabled_ = true;
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 0878808a8dc72..b9b6212bc0d64 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -18,6 +18,7 @@
 #include "base/compiler_specific.h"
 #include "base/containers/adapters.h"
 #include "base/file_version_info.h"
+#include "crypto/sha2.h"
 #include "base/location.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/field_trial.h"
@@ -34,6 +35,7 @@
 #include "base/types/optional_util.h"
 #include "base/values.h"
 #include "build/build_config.h"
+#include "base/strings/escape.h"
 #include "net/base/features.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/http_user_agent_settings.h"
@@ -558,6 +560,47 @@ void URLRequestHttpJob::StartTransactionInternal() {
 
       if (!throttling_entry_.get() ||
           !throttling_entry_->ShouldRejectRequest(*request_)) {
+        if (request_->context()->envoy_url().rfind("http://", 0) == 0 ||
+            request_->context()->envoy_url().rfind("https://", 0) == 0 ||
+            request_->context()->envoy_url().rfind("envoy://", 0) == 0) {
+          // https://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID
+          // default to random value, no cache at all
+          auto salt = base::RandBytesAsString(16);
+          auto envoy_url = GURL(request_->context()->envoy_url());
+          if (envoy_url.SchemeIsHTTPOrHTTPS()) {
+            request_info_.url = envoy_url; // TODO check is_vaid() before set
+          } else if (envoy_url.scheme().compare("envoy") == 0) {
+            std::string headerPrefix = "header_";
+            auto headerPrefixLength = headerPrefix.size();
+
+            for (QueryIterator it(envoy_url); !it.IsAtEnd(); it.Advance()) {
+              auto key = it.GetKey();
+              auto value = it.GetUnescapedValue();
+              if (key.compare("url") == 0) {
+                // see GetUnescapedValue, TODO check is_valid() before set
+                request_info_.url =
+                    GURL(base::UnescapeURLComponent(value, base::UnescapeRule::NORMAL));
+             } else if (key.compare("salt") == 0) {
+                     salt = value;
+              } else if (key.rfind(headerPrefix, 0) == 0 &&
+                         key.size() > headerPrefixLength) {
+                request_info_.extra_headers.SetHeader(
+                    key.substr(headerPrefixLength), value); // check for header Host, add :authority for http2; :path for http2
+              }
+            }
+          }
+
+          // count for cache key
+          auto digest = crypto::SHA256HashString(request_->url().spec() + salt);
+          request_info_.url =
+              AppendQueryParameter(request_info_.url, "_digest", digest);
+          // TODO encode field value
+          request_info_.extra_headers.SetHeader("Url-Orig",
+                                                request_->url().spec());
+          request_info_.extra_headers.SetHeader("Host-Orig",
+                                                request_->url().host());
+        }
+
         rv = transaction_->Start(
             &request_info_,
             base::BindOnce(&URLRequestHttpJob::OnStartCompleted,