[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Bug 23247: Communicating security expectations for .onion



Title: GitLab

ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

  • 8627f8e1
    by cypherpunks1 at 2023-11-06T21:22:17+00:00
    fixup! Bug 23247: Communicating security expectations for .onion
    
    Bug 42231: Improve the network monitor patch for http onion resources
    

2 changed files:

Changes:

  • devtools/client/netmonitor/src/components/SecurityState.js
    ... ... @@ -41,7 +41,7 @@ class SecurityState extends Component {
    41 41
     
    
    42 42
         const {
    
    43 43
           securityState,
    
    44
    -      urlDetails: { isLocal },
    
    44
    +      urlDetails: { host, isLocal },
    
    45 45
         } = item;
    
    46 46
         const iconClassList = ["requests-security-state-icon"];
    
    47 47
     
    
    ... ... @@ -50,7 +50,11 @@ class SecurityState extends Component {
    50 50
     
    
    51 51
         // Locally delivered files such as http://localhost and file:// paths
    
    52 52
         // are considered to have been delivered securely.
    
    53
    -    if (isLocal) {
    
    53
    +    if (
    
    54
    +      isLocal ||
    
    55
    +      (host?.endsWith(".onion") &&
    
    56
    +        Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false))
    
    57
    +    ) {
    
    54 58
           realSecurityState = "secure";
    
    55 59
         }
    
    56 60
     
    

  • devtools/shared/network-observer/NetworkHelper.sys.mjs
    ... ... @@ -596,9 +596,6 @@ export var NetworkHelper = {
    596 596
     
    
    597 597
         // The request did not contain any security info.
    
    598 598
         if (!securityInfo) {
    
    599
    -      if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
    
    600
    -        info.state = "secure";
    
    601
    -      }
    
    602 599
           return info;
    
    603 600
         }
    
    604 601
     
    
    ... ... @@ -650,11 +647,7 @@ export var NetworkHelper = {
    650 647
             // schemes other than https and wss are subject to
    
    651 648
             // downgrade/etc at the scheme level and should always be
    
    652 649
             // considered insecure
    
    653
    -        if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
    
    654
    -          info.state = "secure";
    
    655
    -        } else {
    
    656
    -          info.state = "insecure";
    
    657
    -        }
    
    650
    +        info.state = "insecure";
    
    658 651
           } else if (state & wpl.STATE_IS_SECURE) {
    
    659 652
             // The connection is secure if the scheme is sufficient
    
    660 653
             info.state = "secure";
    

  • _______________________________________________
    tor-commits mailing list
    tor-commits@xxxxxxxxxxxxxxxxxxxx
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits