July 2016 - tbb-commits - lists.torproject.org

[tor-browser/tor-browser-45.2.0esr-6.5-1] squash! Regression tests for Bug 1517: Reduce precision of time for Javascript.
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit 0f601022eee81c9a0d2fd94a59e4719163d155e4 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Tue Jun 21 14:34:52 2016 -0700 squash! Regression tests for Bug 1517: Reduce precision of time for Javascript. Plus tests for File API, e.g. `new File([], "").lastModifiedDate.getTime()` --- tbb-tests/test_tor_bug1517.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tbb-tests/test_tor_bug1517.html b/tbb-tests/test_tor_bug1517.html index 67d6693..2eed53e 100644 --- a/tbb-tests/test_tor_bug1517.html +++ b/tbb-tests/test_tor_bug1517.html @@ -60,6 +60,8 @@ https://trac.torproject.org/projects/tor/ticket/1517 'canvasStream.currentTime * 1000', 'video.currentTime * 1000', 'audio.currentTime * 1000', + 'new File([], "").lastModified', + 'new File([], "").lastModifiedDate.getTime()', ]; // Loop through each timeStampCode, evaluate it, // and check if it is rounded to the nearest 100 ms.

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Revert "Bug 16998: Disable link rel=preconnect"
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit b44b2b25bab1ebde9351c842f0ca66d2fdc87579 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 01:05:25 2016 -0700 Revert "Bug 16998: Disable link rel=preconnect" This reverts commit bba50a31b7c41ec4c74475ba083d23828fea8918. --- dom/base/nsDocument.cpp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index ef6dc64..586e199 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -9704,10 +9704,6 @@ nsDocument::MaybePreLoadImage(nsIURI* uri, const nsAString &aCrossOriginAttr, void nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) { - // Tor Browser: Here we disable <link rel="preconnect"> - // See #16998. - // TODO: Isolate preconnect by first party. -/* nsCOMPtr<nsIURI> uri; if (NS_FAILED(aOrigURI->Clone(getter_AddRefs(uri)))) { return; @@ -9742,7 +9738,6 @@ nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) } else { speculator->SpeculativeConnect(uri, nullptr); } -*/ } void

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Bug 16998: Isolate link rel=preconnect to first party
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit be96c4f788ab616d94457bcc4dd1d098b156d62c Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 00:56:09 2016 -0700 Bug 16998: Isolate link rel=preconnect to first party --- dom/base/nsDocument.cpp | 8 +++++-- netwerk/base/nsIOService.cpp | 41 +++++++++++++++++++++++++++++---- netwerk/base/nsIOService.h | 1 + netwerk/base/nsISpeculativeConnect.idl | 11 ++++++++- netwerk/ipc/NeckoParent.cpp | 7 +++--- netwerk/ipc/NeckoParent.h | 3 ++- netwerk/ipc/PNecko.ipdl | 2 +- netwerk/protocol/http/nsHttpHandler.cpp | 27 ++++++++++++++++++---- netwerk/protocol/http/nsHttpHandler.h | 1 + 9 files changed, 84 insertions(+), 17 deletions(-) diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 586e199..e7077a9 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -246,6 +246,8 @@ #include "nsISpeculativeConnect.h" +#include "ThirdPartyUtil.h" + #ifdef MOZ_MEDIA_NAVIGATOR #include "mozilla/MediaManager.h" #endif // MOZ_MEDIA_NAVIGATOR @@ -9733,10 +9735,12 @@ nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) return; } + nsCString firstPartyHost; + ThirdPartyUtil::GetFirstPartyHost(this, firstPartyHost); if (aCORSMode == CORS_ANONYMOUS) { - speculator->SpeculativeAnonymousConnect(uri, nullptr); + speculator->SpeculativeAnonymousConnectIsolated(uri, firstPartyHost, nullptr); } else { - speculator->SpeculativeConnect(uri, nullptr); + speculator->SpeculativeConnectIsolated(uri, firstPartyHost, nullptr); } } diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index ad86c95..a864d0e 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -51,6 +51,7 @@ #include "ClosingService.h" #include "ReferrerPolicy.h" #include "nsContentSecurityManager.h" +#include "ThirdPartyUtil.h" #ifdef MOZ_WIDGET_GONK #include "nsINetworkManager.h" @@ -1822,10 +1823,14 @@ IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request, nsIChannel *cha nsLoadFlags loadFlags = 0; channel->GetLoadFlags(&loadFlags); + + nsCString firstPartyHost; + ThirdPartyUtil::GetFirstPartyHost(channel, firstPartyHost); + if (loadFlags & nsIRequest::LOAD_ANONYMOUS) { - speculativeHandler->SpeculativeAnonymousConnect(uri, mCallbacks); + speculativeHandler->SpeculativeAnonymousConnectIsolated(uri, firstPartyHost, mCallbacks); } else { - speculativeHandler->SpeculativeConnect(uri, mCallbacks); + speculativeHandler->SpeculativeConnectIsolated(uri, firstPartyHost, mCallbacks); } return NS_OK; @@ -1833,6 +1838,7 @@ IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request, nsIChannel *cha nsresult nsIOService::SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool aAnonymous) { @@ -1867,6 +1873,17 @@ nsIOService::SpeculativeConnectInternal(nsIURI *aURI, getter_AddRefs(channel)); NS_ENSURE_SUCCESS(rv, rv); + // If we have an isolation key, use it as the document URI for this channel. + if (!aIsolationKey.IsEmpty()) { + nsCOMPtr<nsIHttpChannelInternal> channelInternal(do_QueryInterface(channel)); + if (channelInternal) { + nsCString documentURISpec("https://"); + documentURISpec.Append(aIsolationKey); + nsCOMPtr<nsIURI> documentURI; + /* nsresult rv = */ NS_NewURI(getter_AddRefs(documentURI), documentURISpec); + channelInternal->SetDocumentURI(documentURI); + } + } if (aAnonymous) { nsLoadFlags loadFlags = 0; channel->GetLoadFlags(&loadFlags); @@ -1885,17 +1902,33 @@ nsIOService::SpeculativeConnectInternal(nsIURI *aURI, } NS_IMETHODIMP +nsIOService::SpeculativeConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, false); +} + +NS_IMETHODIMP nsIOService::SpeculativeConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, false); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, false); +} + +NS_IMETHODIMP +nsIOService::SpeculativeAnonymousConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, true); } NS_IMETHODIMP nsIOService::SpeculativeAnonymousConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, true); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, true); } void diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index e948ffd..308cee7 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -133,6 +133,7 @@ private: nsIChannel** result); nsresult SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool aAnonymous); diff --git a/netwerk/base/nsISpeculativeConnect.idl b/netwerk/base/nsISpeculativeConnect.idl index 15d63e1..eed9570 100644 --- a/netwerk/base/nsISpeculativeConnect.idl +++ b/netwerk/base/nsISpeculativeConnect.idl @@ -8,7 +8,7 @@ interface nsIURI; interface nsIInterfaceRequestor; -[scriptable, uuid(d74a17ac-5b8a-4824-a309-b1f04a3c4aed)] +[scriptable, uuid(60cf321d-9f09-403a-b8b6-db221e6ca3a1)] interface nsISpeculativeConnect : nsISupports { /** @@ -21,6 +21,7 @@ interface nsISpeculativeConnect : nsISupports * to actually open the new channel. * * @param aURI the URI of the hinted transaction + * @param aIsolationKey the isolation key for the connection * @param aCallbacks any security callbacks for use with SSL for interfaces * such as nsIBadCertListener. May be null. * @@ -30,6 +31,14 @@ interface nsISpeculativeConnect : nsISupports void speculativeAnonymousConnect(in nsIURI aURI, in nsIInterfaceRequestor aCallbacks); + + void speculativeConnectIsolated(in nsIURI aURI, + in AUTF8String aIsolationKey, + in nsIInterfaceRequestor aCallbacks); + + void speculativeAnonymousConnectIsolated(in nsIURI aURI, + in AUTF8String aIsolationKey, + in nsIInterfaceRequestor aCallbacks); }; /** diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp index 796e78f..fa4911b 100644 --- a/netwerk/ipc/NeckoParent.cpp +++ b/netwerk/ipc/NeckoParent.cpp @@ -728,15 +728,16 @@ NeckoParent::DeallocPRemoteOpenFileParent(PRemoteOpenFileParent* actor) } bool -NeckoParent::RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous) +NeckoParent::RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous, + const nsCString& aIsolationKey) { nsCOMPtr<nsISpeculativeConnect> speculator(gIOService); nsCOMPtr<nsIURI> uri = DeserializeURI(aURI); if (uri && speculator) { if (aAnonymous) { - speculator->SpeculativeAnonymousConnect(uri, nullptr); + speculator->SpeculativeAnonymousConnectIsolated(uri, aIsolationKey, nullptr); } else { - speculator->SpeculativeConnect(uri, nullptr); + speculator->SpeculativeConnectIsolated(uri, aIsolationKey, nullptr); } } diff --git a/netwerk/ipc/NeckoParent.h b/netwerk/ipc/NeckoParent.h index 508ab6f..900328c 100644 --- a/netwerk/ipc/NeckoParent.h +++ b/netwerk/ipc/NeckoParent.h @@ -167,7 +167,8 @@ protected: const uint32_t& flags, const nsCString& aNetworkInterface) override; virtual bool DeallocPDNSRequestParent(PDNSRequestParent*) override; - virtual bool RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous) override; + virtual bool RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous, + const nsCString& aFirstPartyHost) override; virtual bool RecvHTMLDNSPrefetch(const nsString& hostname, const uint16_t& flags) override; virtual bool RecvCancelHTMLDNSPrefetch(const nsString& hostname, diff --git a/netwerk/ipc/PNecko.ipdl b/netwerk/ipc/PNecko.ipdl index 2e1f2f5..0d0c7f8 100644 --- a/netwerk/ipc/PNecko.ipdl +++ b/netwerk/ipc/PNecko.ipdl @@ -89,7 +89,7 @@ parent: URIParams fileuri, OptionalURIParams appuri); - SpeculativeConnect(URIParams uri, bool anonymous); + SpeculativeConnect(URIParams uri, bool anonymous, nsCString isolationKey); HTMLDNSPrefetch(nsString hostname, uint16_t flags); CancelHTMLDNSPrefetch(nsString hostname, uint16_t flags, nsresult reason); diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index e425c22..97461fe 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -2126,13 +2126,15 @@ nsHttpHandler::Observe(nsISupports *subject, nsresult nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool anonymous) { + nsCString isolationKey(aIsolationKey); if (IsNeckoChild()) { ipc::URIParams params; SerializeURI(aURI, params); - gNeckoChild->SendSpeculativeConnect(params, anonymous); + gNeckoChild->SendSpeculativeConnect(params, anonymous, isolationKey); return NS_OK; } @@ -2205,26 +2207,41 @@ nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI, nsAutoCString username; aURI->GetUsername(username); - // TODO: Fix isolation for speculative connect. nsHttpConnectionInfo *ci = - new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr, EmptyCString(), usingSSL); + new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr, aIsolationKey, usingSSL); ci->SetAnonymous(anonymous); return SpeculativeConnect(ci, aCallbacks); } NS_IMETHODIMP +nsHttpHandler::SpeculativeConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, false); +} + +NS_IMETHODIMP nsHttpHandler::SpeculativeConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, false); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, false); +} + +NS_IMETHODIMP +nsHttpHandler::SpeculativeAnonymousConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, true); } NS_IMETHODIMP nsHttpHandler::SpeculativeAnonymousConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, true); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, true); } void diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h index 1205dad..cf15775 100644 --- a/netwerk/protocol/http/nsHttpHandler.h +++ b/netwerk/protocol/http/nsHttpHandler.h @@ -596,6 +596,7 @@ private: private: nsresult SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool anonymous); };

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] fixup! Bug #13749.2: Regression tests for first-party isolation of cache
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit 8cfeded9b52a1bbc93622c6dbe6ca59f987b43c0 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 15:26:48 2016 -0700 fixup! Bug #13749.2: Regression tests for first-party isolation of cache --- netwerk/test/browser/browser_cacheFirstParty.js | 70 ++++++++++++++++--------- netwerk/test/browser/firstPartyParent.html | 1 + 2 files changed, 45 insertions(+), 26 deletions(-) diff --git a/netwerk/test/browser/browser_cacheFirstParty.js b/netwerk/test/browser/browser_cacheFirstParty.js index 967c597..7e66726 100644 --- a/netwerk/test/browser/browser_cacheFirstParty.js +++ b/netwerk/test/browser/browser_cacheFirstParty.js @@ -27,6 +27,8 @@ Cu.import("resource://gre/modules/LoadContextInfo.jsm", tempScope); let LoadContextInfo = tempScope.LoadContextInfo; let thirdPartyUtil = Cc["@mozilla.org/thirdpartyutil;1"] .getService(Ci.mozIThirdPartyUtil); +let protocolProxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"] + .getService(Ci.nsIProtocolProxyService); // __listen(target, eventType, timeoutMs, useCapture)__. // Calls addEventListener on target, with the given eventType. @@ -116,12 +118,12 @@ let privacyPref = "privacy.thirdparty.isolate", "request.html", "worker.request.html", "import.js"]; -// __checkCachePopulation(pref, numberOfDomains)__. +// __checkCachePopulation(isolate, numberOfDomains)__. // Check if the number of entries found in the cache for each // embedded file type matches the number we expect, given the // number of domains and the isolation state. -let checkCachePopulation = function* (pref, numberOfDomains) { - let expectedEntryCount = (pref === 2) ? numberOfDomains : 1; +let checkCachePopulation = function* (isolate, numberOfDomains) { + let expectedEntryCount = isolate ? numberOfDomains : 1; // Collect cache data. let data = yield cacheDataForContext(LoadContextInfo.default, 2000); data = data.concat(yield cacheDataForContext(LoadContextInfo.private, 2000)); @@ -148,17 +150,21 @@ let checkCachePopulation = function* (pref, numberOfDomains) { }; // __observeChannels(onChannel)__. -// onChannel is called for every http channel request. Returns a zero-arg stop() function. +// onChannel is called for every channel request. Returns a zero-arg stop() function. let observeChannels = function (onChannel) { - let channelObserver = { - observe: function(subject, topic, data) { - if (topic === "http-on-modify-request") { - onChannel(subject.QueryInterface(Components.interfaces.nsIHttpChannel)); - } + // We use a dummy proxy filter to catch all channels, even those that do not + // generate an "http-on-modify-request" notification, such as link preconnects. + let proxyFilter = { + applyFilter : function (aProxyService, aChannel, aProxy) { + // We have the channel; provide it to the callback. + onChannel(aChannel); + // Pass on aProxy unmodified. + return aProxy; } }; - Services.obs.addObserver(channelObserver, "http-on-modify-request", /* ownsWeak */ false); - return function () { Services.obs.removeObserver(channelObserver, "http-on-modify-request"); }; + protocolProxyService.registerChannelFilter(proxyFilter, 0); + // Return the stop() function: + return () => protocolProxyService.unregisterChannelFilter(proxyFilter); }; // __channelFirstPartyHost(aChannel)__. @@ -170,28 +176,38 @@ let channelFirstPartyHost = function (aChannel) { return thirdPartyUtil.getFirstPartyHostForIsolation(firstPartyURI); } -// The main testing function. -// Launch a Task.jsm coroutine so we can open tabs and wait for each of them to open, -// one by one. -add_task(function* () { - // Here we check to see if each channel has the correct first party assigned. - // All "thirdPartyChild" resources are loaded from a third-party - // "example.net" host, but they should all report either an "example.com" - // or an "example.org" first-party domain. +// __startObservingChannels()__. +// Checks to see if each channel has the correct first party assigned. +// All "thirdPartyChild" resources are loaded from a third-party +// "example.net" host, but they should all report either an "example.com" +// or an "example.org" first-party domain. Returns a stop() function. +let startObservingChannels = function() { let stopObservingChannels = observeChannels(function (channel) { - if (channel.originalURI.spec.contains("thirdPartyChild")) { + let originalURISpec = channel.originalURI.spec; + if (originalURISpec.contains("example.net")) { let firstPartyHost = channelFirstPartyHost(channel); - ok(firstPartyHost === "example.com" || firstPartyHost === "example.org", "first party is " + firstPartyHost); + ok(firstPartyHost === "example.com" || firstPartyHost === "example.org", "first party for " + originalURISpec + " is " + firstPartyHost); } }); + return stopObservingChannels; +}; + +// The main testing function. +// Launch a Task.jsm coroutine so we can open tabs and wait for each of them to open, +// one by one. +add_task(function* () { // Keep original pref value for restoring after the tests. let originalPrefValue = Services.prefs.getIntPref(privacyPref); // Test the pref with both values: 2 (isolating by first party) or 0 (not isolating) - for (let pref of [2, 0]) { + for (let isolate of [true, false]) { + let stopObservingChannels; + if (isolate) { + stopObservingChannels = startObservingChannels(); + } // Clear the cache. Services.cache2.clear(); // Set the pref to desired value - Services.prefs.setIntPref(privacyPref, pref); + Services.prefs.setIntPref(privacyPref, isolate ? 2 : 0); // Open test tabs let tabs = []; for (let domain of duplicatedDomains) { @@ -199,13 +215,15 @@ add_task(function* () { tabs.push(yield loadURLinNewTab("http://" + domain + ".example.org" + grandParentPage)); } // Run checks to make sure cache has expected number of entries for - // the chosen pref state. + // the chosen isolation state. let firstPartyDomainCount = 2; // example.com and example.org - yield checkCachePopulation(pref, firstPartyDomainCount); + yield checkCachePopulation(isolate, firstPartyDomainCount); // Clean up by removing tabs. tabs.forEach(tab => gBrowser.removeTab(tab)); + if (isolate) { + stopObservingChannels(); + } } - stopObservingChannels(); // Restore the pref to its original value. Services.prefs.setIntPref(privacyPref, originalPrefValue); }); diff --git a/netwerk/test/browser/firstPartyParent.html b/netwerk/test/browser/firstPartyParent.html index fa29a74..ba1248f 100644 --- a/netwerk/test/browser/firstPartyParent.html +++ b/netwerk/test/browser/firstPartyParent.html @@ -7,6 +7,7 @@ href="http://example.net/browser/netwerk/test/browser/thirdPartyChild.link.css"> <link rel="icon" type="image/ico" href="http://example.net/browser/netwerk/test/browser/thirdPartyChild.favicon.ico"> + <link rel="preconnect" href="http://example.net"> </head> <body> <div>firstPartyParent.html</div>

1 0