[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbutton/maint-1.9.5] Bug 18589: Clear site security settings during New Identity

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torbutton/maint-1.9.5] Bug 18589: Clear site security settings during New Identity
From: gk@xxxxxxxxxxxxxx
Date: Mon, 29 Aug 2016 15:12:10 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Aug 2016 11:12:19 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 3c04ec4654270f2896db0efffc4bc72edc2e3018
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date:   Fri Aug 26 11:30:19 2016 +0000

    Bug 18589: Clear site security settings during New Identity
    
    We need to clear site security settings (like HSTS) explicitely now
    as they don't belong to the permissions manager anymore.
---
 src/chrome/content/torbutton.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 3256335..311c6f6 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -1696,7 +1696,8 @@ function torbutton_new_identity() {
  *      h. last open location url
  *      i. clear content prefs
  *      j. permissions
- *      k. IndexedDB and asmjscache storage
+ *      k. site security settings (e.g. HSTS)
+ *      l. IndexedDB and asmjscache storage
  *   3. Sends tor the NEWNYM signal to get a new circuit
  *   4. Opens a new window with the default homepage
  *   5. Closes this window
@@ -1799,16 +1800,21 @@ function torbutton_do_new_identity() {
   m_tb_prefs.setIntPref("security.OCSP.enabled", 0);
   m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp);
 
-  // This clears the STS cache and site permissions on Tor Browser
+  // This clears the site permissions on Tor Browser
   // XXX: Tie to some kind of disk-ok pref?
   try {
       Services.perms.removeAll();
   } catch(e) {
       // Actually, this catch does not appear to be needed. Leaving it in for
       // safety though.
-      torbutton_log(3, "Can't clear STS/Permissions: Not Tor Browser: "+e);
+      torbutton_log(3, "Can't clear permissions: Not Tor Browser: "+e);
   }
 
+   // Clear site security settings
+   let sss = Cc["@mozilla.org/ssservice;1"].
+     getService(Ci.nsISiteSecurityService);
+   sss.clearAll();
+
   // This clears the undo tab history.
   var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo");
   m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbutton/master] Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
Next by Author: [tor-commits] [tor-browser-bundle/master] Folding in changelogs
Previous by thread: [tor-commits] [torbutton/master] Bug 18589: Clear site security settings during New Identity
Next by thread: [tor-commits] [tor-messenger-build/master] Remove special case normalization from twitter prpl
Index(es):
- Author
- Thread