[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Bug 23247: Communicating security expectations for .onion

To: tor-commits@xxxxxxxxxxxxxxxxxxxx

Subject: [tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Bug 23247: Communicating security expectations for .onion

From: "ma1 \(@ma1\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 08 Sep 2023 22:07:34 +0000

Auto-submitted: auto-generated

Cc: "ma1 \(@ma1\)" <git@xxxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Fri, 08 Sep 2023 18:07:45 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1694210861; bh=JDfmF19degehu3QPhsbpsHOwnFhb0+4tuToyDHi3iXs=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=fujJMIJpuceRj//+5O9EeCBnn4TLOEINpDpkHSQ2wd2qemsel56AscgnOGSZWUwDq WNcYHVZc3NYQtaFGC+TU18uDtRAwkAXQDhyo9nRUztagVYP/rePcf15dPUdz2qfjpX UCh/tEZwIH9+w+RGCTxfUeWS7878LDT8Ity/Nz5ZHXxT4Y9Nz5sg5R8iM/gQVF2SYH fZD85SmHPaCcXH4F8j7M+l/jXUjsD97BBwDfeHpp7hae10jeGMR2v8IumB/EOD2zjA o5WiwS0REprtY9AP4A118Fo7yqORHRGkvEHvYs9aeZ0Or8y/N3Rr5VQ7wxWIqoASw1 Ug6+JtHS3Vrrg==

List-archive: <http://lists.torproject.org/pipermail/tor-commits/>

List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>

List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>

List-post: <mailto:tor-commits@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>

Reply-to: noreply@xxxxxxxxxxxxxx

Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

Title: GitLab

ma1 pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

03a24c6d

by cypherpunks1 at 2023-09-08T22:06:56+00:00

fixup! Bug 23247: Communicating security expectations for .onion

Bug 41934: Treat unencrypted websocket connections to onion services as secure

1 changed file:

dom/websocket/WebSocket.cpp

Changes:

dom/websocket/WebSocket.cpp

@@ -1734,12 +1734,15 @@ nsresult WebSocketImpl::Init(JSContext* aCx, bool aIsSecure,
+   }
    // Don't allow https:// to open ws://
 -  if (!mIsServerSide && !mSecure &&
 +  if (!mIsServerSide && !mSecure && aIsSecure &&
        !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
                              false) &&
        !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(
            mAsciiHost)) {
 -    if (aIsSecure) {
 +    nsCOMPtr<nsIURI> uri;
 +    nsresult rv = NS_NewURI(getter_AddRefs(uri), mURI);
 +    NS_ENSURE_SUCCESS(rv, rv);
 +    if (!nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(uri)) {
        return NS_ERROR_DOM_SECURITY_ERR;
+     }
+   }

_______________________________________________ tor-commits mailing list tor-commits@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits