[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] 3 commits: fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.

["ma1 \(@ma1\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>]

Title: GitLab

ma1 pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

• 255203a3
  by cypherpunks1 at 2023-08-21T19:11:56+00:00

  fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
  
  Bug 40175: Use first-party isolation on reader view
  

• 3f596978
  by cypherpunks1 at 2023-08-21T19:11:56+00:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 40175: Support circuit display on about:reader
  

• 5073f134
  by cypherpunks1 at 2023-08-21T19:11:56+00:00

  Bug 40175: Add origin attributes to about:reader top-level requests
  

4 changed files:

• browser/components/torcircuit/content/torCircuitPanel.js
• toolkit/components/reader/AboutReader.sys.mjs
• toolkit/components/reader/ReaderMode.sys.mjs
• toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs

Changes:

browser/components/torcircuit/content/torCircuitPanel.js

---

...	...	@@ -276,7 +276,18 @@ var gTorCircuitPanel = {
276	276	// will match up with the domain.
277	277	// In contrast, documentURI corresponds to the shown page. E.g. it could
278	278	// point to "about:certerror".
279		- const scheme = browser.currentURI?.scheme;
	279	+ let scheme = browser.currentURI?.scheme;
	280	+ if (scheme === "about" && browser.currentURI?.filePath === "reader") {
	281	+ const searchParams = new URLSearchParams(browser.currentURI.query);
	282	+ if (searchParams.has("url")) {
	283	+ try {
	284	+ const uri = Services.io.newURI(searchParams.get("url"));
	285	+ scheme = uri.scheme;
	286	+ } catch (err) {
	287	+ this._log.error(err);
	288	+ }
	289	+ }
	290	+ }
280	291
281	292	if (
282	293	this._currentBrowserData &&

toolkit/components/reader/AboutReader.sys.mjs

---

...	...	@@ -788,6 +788,7 @@ AboutReader.prototype = {
788	788	try {
789	789	article = await ReaderMode.downloadAndParseDocument(
790	790	url,
	791	+ { ...this._doc.nodePrincipal?.originAttributes },
791	792	docContentType
792	793	);
793	794	} catch (e) {

toolkit/components/reader/ReaderMode.sys.mjs

---

...	...	@@ -231,11 +231,12 @@ export var ReaderMode = {
231	231	* Downloads and parses a document from a URL.
232	232	*
233	233	* @param url URL to download and parse.
	234	+ * @param attrs OriginAttributes to use for the request.
234	235	* @return {Promise}
235	236	* @resolves JS object representing the article, or null if no article is found.
236	237	*/
237		- async downloadAndParseDocument(url, docContentType = "document") {
238		- let result = await this._downloadDocument(url, docContentType);
	238	+ async downloadAndParseDocument(url, attrs = {}, docContentType = "document") {
	239	+ let result = await this._downloadDocument(url, attrs, docContentType);
239	240	if (!result?.doc) {
240	241	return null;
241	242	}
...	...	@@ -258,9 +259,11 @@ export var ReaderMode = {
258	259	return article;
259	260	},
260	261
261		- _downloadDocument(url, docContentType = "document") {
	262	+ _downloadDocument(url, attrs = {}, docContentType = "document") {
	263	+ let uri;
262	264	try {
263		- if (!lazy.Readerable.shouldCheckUri(Services.io.newURI(url))) {
	265	+ uri = Services.io.newURI(url);
	266	+ if (!lazy.Readerable.shouldCheckUri(uri)) {
264	267	return null;
265	268	}
266	269	} catch (ex) {
...	...	@@ -272,9 +275,15 @@ export var ReaderMode = {
272	275	let histogram = Services.telemetry.getHistogramById(
273	276	"READER_MODE_DOWNLOAD_RESULT"
274	277	);
	278	+ try {
	279	+ attrs.firstPartyDomain = Services.eTLD.getSchemelessSite(uri);
	280	+ } catch (e) {
	281	+ console.error("Failed to get first party domain for about:reader", e);
	282	+ }
275	283	return new Promise((resolve, reject) => {
276	284	let xhr = new XMLHttpRequest();
277	285	xhr.open("GET", url, true);
	286	+ xhr.setOriginAttributes(attrs);
278	287	xhr.onerror = evt => reject(evt.error);
279	288	xhr.responseType = docContentType === "text/plain" ? "text" : "document";
280	289	xhr.onload = evt => {

toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs

---

...	...	@@ -300,6 +300,17 @@ class TorDomainIsolatorImpl {
300	300	const channel = aChannel.QueryInterface(Ci.nsIChannel);
301	301	let firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;
302	302	const userContextId = channel.loadInfo.originAttributes.userContextId;
	303	+ const loadingPrincipalURI = channel.loadInfo.loadingPrincipal?.URI;
	304	+ if (loadingPrincipalURI?.spec.startsWith("about:reader")) {
	305	+ try {
	306	+ const searchParams = new URLSearchParams(loadingPrincipalURI.query);
	307	+ if (searchParams.has("url")) {
	308	+ firstPartyDomain = Services.eTLD.getSchemelessSite(Services.io.newURI(searchParams.get("url")));
	309	+ }
	310	+ } catch (e) {
	311	+ logger.error("Failed to get first party domain for about:reader", e);
	312	+ }
	313	+ }
303	314	if (!firstPartyDomain) {
304	315	firstPartyDomain = CATCHALL_DOMAIN;
305	316	if (Date.now() - this.#catchallDirtySince > CATCHALL_MAX_LIFETIME) {
...	...	@@ -629,36 +640,43 @@ class TorDomainIsolatorImpl {
629	640	function getDomainForBrowser(browser) {
630	641	let fpd = browser.contentPrincipal.originAttributes.firstPartyDomain;
631	642
632		- // Bug 31562: For neterror or certerror, get the original URL from
633		- // browser.currentURI and use it to calculate the firstPartyDomain.
634		- const knownErrors = [
635		- "about:neterror",
636		- "about:certerror",
637		- "about:httpsonlyerror",
638		- ];
639	643	const { documentURI } = browser;
640		- if (
641		- documentURI &&
642		- documentURI.schemeIs("about") &&
643		- knownErrors.some(x => documentURI.spec.startsWith(x))
644		- ) {
645		- const knownSchemes = ["http", "https"];
646		- const currentURI = browser.currentURI;
647		- if (currentURI && knownSchemes.some(x => currentURI.schemeIs(x))) {
	644	+ if (documentURI && documentURI.schemeIs("about")) {
	645	+ // Bug 31562: For neterror or certerror, get the original URL from
	646	+ // browser.currentURI and use it to calculate the firstPartyDomain.
	647	+ const knownErrors = [
	648	+ "about:neterror",
	649	+ "about:certerror",
	650	+ "about:httpsonlyerror",
	651	+ ];
	652	+ if (knownErrors.some(x => documentURI.spec.startsWith(x))) {
	653	+ const knownSchemes = ["http", "https"];
	654	+ const currentURI = browser.currentURI;
	655	+ if (currentURI && knownSchemes.some(x => currentURI.schemeIs(x))) {
	656	+ try {
	657	+ fpd = Services.eTLD.getBaseDomainFromHost(currentURI.host);
	658	+ } catch (e) {
	659	+ if (
	660	+ e.result === Cr.NS_ERROR_HOST_IS_IP_ADDRESS ||
	661	+ e.result === Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
	662	+ ) {
	663	+ fpd = currentURI.host;
	664	+ } else {
	665	+ logger.error(
	666	+ `Failed to get first party domain for host ${currentURI.host}`,
	667	+ e
	668	+ );
	669	+ }
	670	+ }
	671	+ }
	672	+ } else if (documentURI.spec.startsWith("about:reader")) {
648	673	try {
649		- fpd = Services.eTLD.getBaseDomainFromHost(currentURI.host);
650		- } catch (e) {
651		- if (
652		- e.result === Cr.NS_ERROR_HOST_IS_IP_ADDRESS ||
653		- e.result === Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
654		- ) {
655		- fpd = currentURI.host;
656		- } else {
657		- logger.error(
658		- `Failed to get first party domain for host ${currentURI.host}`,
659		- e
660		- );
	674	+ const searchParams = new URLSearchParams(documentURI.query);
	675	+ if (searchParams.has("url")) {
	676	+ fpd = Services.eTLD.getSchemelessSite(Services.io.newURI(searchParams.get("url")));
661	677	}
	678	+ } catch (e) {
	679	+ logger.error("Failed to get first party domain for about:reader", e);
662	680	}
663	681	}
664	682	}

—
View it on GitLab.
You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits