- tbb-commits - lists.torproject.org

[tor-launcher/master] Bug 19568: Set CurProcD for Thunderbird/Instantbird
by gk＠torproject.org 13 Jul '16

13 Jul '16

commit 44c1cc246e8736e88906c74058f2c582aa6178ed Author: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon Jul 4 11:59:34 2016 -0400 Bug 19568: Set CurProcD for Thunderbird/Instantbird For Thunderbird/Instantbird, the CurProcD (topDir) is not browser/, so we need to iterate one level less than Firefox. --- src/components/tl-process.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/components/tl-process.js b/src/components/tl-process.js index 4f9928a..8e42feb 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -31,6 +31,8 @@ TorProcessService.prototype = { kContractID : "@torproject.org/torlauncher-process-service;1", kServiceName : "Tor Launcher Process Service", + kThunderbirdID: "{3550f703-e582-4d05-9a08-453d09bdfdc6}", + kInstantbirdID: "{33cb9019-c295-46dd-be21-8c4936574bee}", kClassID: Components.ID("{FE7B4CAF-BCF4-4848-8BFF-EFA66C9AFDA1}"), kTorLauncherExtPath: "tor-launcher(a)torproject.org", // This could vary. @@ -873,6 +875,14 @@ TorProcessService.prototype = // Because topDir points to Contents/Resources/browser on Mac OS, // we need to go up 3 levels. let tbbBrowserDepth = (TorLauncherUtil.isMac) ? 3 : 1; + if ((appInfo.ID == this.kThunderbirdID) || + (appInfo.ID == this.kInstantbirdID)) + { + // On Thunderbird/Instantbird, the topDir is the root dir and not + // browser/, so we need to iterate one level less than Firefox. + --tbbBrowserDepth; + } + while (tbbBrowserDepth > 0) { let didRemove = (topDir.leafName != ".");

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Revert "Bug 18923: Add a script to run all Tor Browser specific tests"
by gk＠torproject.org 12 Jul '16

12 Jul '16

commit 091d27e7bea0f055410b9793f7c722178f2730df Author: Georg Koppen <gk(a)torproject.org> Date: Tue Jul 12 15:06:46 2016 +0000 Revert "Bug 18923: Add a script to run all Tor Browser specific tests" This reverts commit 94d46ebdeaa375db4feff102264a768873d9fff8. The patch has not been ready yet. --- run-tbb-tests | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/run-tbb-tests b/run-tbb-tests deleted file mode 100755 index 116ef34..0000000 --- a/run-tbb-tests +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -function mochitest() { - ./mach mochitest --log-tbpl tbb-tests.log.tmp "$@" - cat tbb-tests.log.tmp >> tbb-tests.log - rm -f tbb-tests.log.tmp -} - -rm -f tbb-tests.log - -mochitest --setpref security.nocertdb=false docshell/test/test_tor_bug16620.html \ - tbb-tests -mochitest dom/base/test/test_tor_bug17207.html \ - dom/base/test/test_tor_bug15502.html \ - dom/base/test/test_tor_bug15564.html \ - dom/base/test/test_tor_bug15703.html \ - dom/events/test/test_tor_bug15646.html -mochitest dom/tests/browser/browser_tor_bug17009.js \ - netwerk/test/browser/browser_cacheFirstParty.js - -# Disabled tests: -# - #19575: Test for privacy.thirdparty.isolate fails with a timeout -# dom/tests/mochitest/localstorage/test_localStorageByFirstParty.html - -echo ************************* -echo ************************* -echo "Summary of failed tests:" -grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Bug 18923: Add a script to run all Tor Browser specific tests
by gk＠torproject.org 12 Jul '16

12 Jul '16

commit 94d46ebdeaa375db4feff102264a768873d9fff8 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jun 27 19:39:47 2016 +0200 Bug 18923: Add a script to run all Tor Browser specific tests --- run-tbb-tests | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/run-tbb-tests b/run-tbb-tests new file mode 100755 index 0000000..116ef34 --- /dev/null +++ b/run-tbb-tests @@ -0,0 +1,28 @@ +#!/bin/bash + +function mochitest() { + ./mach mochitest --log-tbpl tbb-tests.log.tmp "$@" + cat tbb-tests.log.tmp >> tbb-tests.log + rm -f tbb-tests.log.tmp +} + +rm -f tbb-tests.log + +mochitest --setpref security.nocertdb=false docshell/test/test_tor_bug16620.html \ + tbb-tests +mochitest dom/base/test/test_tor_bug17207.html \ + dom/base/test/test_tor_bug15502.html \ + dom/base/test/test_tor_bug15564.html \ + dom/base/test/test_tor_bug15703.html \ + dom/events/test/test_tor_bug15646.html +mochitest dom/tests/browser/browser_tor_bug17009.js \ + netwerk/test/browser/browser_cacheFirstParty.js + +# Disabled tests: +# - #19575: Test for privacy.thirdparty.isolate fails with a timeout +# dom/tests/mochitest/localstorage/test_localStorageByFirstParty.html + +echo ************************* +echo ************************* +echo "Summary of failed tests:" +grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] fixup! Regression tests for Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
by gk＠torproject.org 12 Jul '16

12 Jul '16

commit aec1680a450746fd045c54d85c77be06db008fc1 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Jul 6 09:48:25 2016 +0000 fixup! Regression tests for Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent --- dom/events/test/test_tor_bug15646.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom/events/test/test_tor_bug15646.html b/dom/events/test/test_tor_bug15646.html index 463781f..17c7d26 100644 --- a/dom/events/test/test_tor_bug15646.html +++ b/dom/events/test/test_tor_bug15646.html @@ -124,7 +124,7 @@ https://trac.torproject.org/15646 }; // Run tests asynchronously. - spawnTask(function* () { + spawn_task(function* () { for (let keyData of [allKeyData, allShiftKeyData]) { for (let resistFingerprinting of [false, true]) { let expectedShiftKey = keyData === allShiftKeyData && resistFingerprinting;

1 0

[tor-browser/tor-browser-45.2.0esr-6.0-1] fixup! Regression tests for Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
by gk＠torproject.org 12 Jul '16

12 Jul '16

commit a5cecbcd9f41d0c267705748e63c18d246e541ff Author: Georg Koppen <gk(a)torproject.org> Date: Wed Jul 6 09:48:25 2016 +0000 fixup! Regression tests for Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent --- dom/events/test/test_tor_bug15646.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom/events/test/test_tor_bug15646.html b/dom/events/test/test_tor_bug15646.html index 463781f..17c7d26 100644 --- a/dom/events/test/test_tor_bug15646.html +++ b/dom/events/test/test_tor_bug15646.html @@ -124,7 +124,7 @@ https://trac.torproject.org/15646 }; // Run tests asynchronously. - spawnTask(function* () { + spawn_task(function* () { for (let keyData of [allKeyData, allShiftKeyData]) { for (let resistFingerprinting of [false, true]) { let expectedShiftKey = keyData === allShiftKeyData && resistFingerprinting;

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] squash! Regression tests for Bug 1517: Reduce precision of time for Javascript.
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit 0f601022eee81c9a0d2fd94a59e4719163d155e4 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Tue Jun 21 14:34:52 2016 -0700 squash! Regression tests for Bug 1517: Reduce precision of time for Javascript. Plus tests for File API, e.g. `new File([], "").lastModifiedDate.getTime()` --- tbb-tests/test_tor_bug1517.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tbb-tests/test_tor_bug1517.html b/tbb-tests/test_tor_bug1517.html index 67d6693..2eed53e 100644 --- a/tbb-tests/test_tor_bug1517.html +++ b/tbb-tests/test_tor_bug1517.html @@ -60,6 +60,8 @@ https://trac.torproject.org/projects/tor/ticket/1517 'canvasStream.currentTime * 1000', 'video.currentTime * 1000', 'audio.currentTime * 1000', + 'new File([], "").lastModified', + 'new File([], "").lastModifiedDate.getTime()', ]; // Loop through each timeStampCode, evaluate it, // and check if it is rounded to the nearest 100 ms.

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] squash! Bug 1517: Reduce precision of time for Javascript.
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit f2291c41ff45ff3108ef05539fadf7fafac2e7cd Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Tue Jun 21 14:31:45 2016 -0700 squash! Bug 1517: Reduce precision of time for Javascript. Bug 19478: Prevent File API from leaking ms-resolution current time --- dom/base/File.cpp | 3 ++- dom/base/MultipartBlobImpl.cpp | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/dom/base/File.cpp b/dom/base/File.cpp index 5cc20a7..694f8fb 100644 --- a/dom/base/File.cpp +++ b/dom/base/File.cpp @@ -750,7 +750,8 @@ BlobImplBase::GetLastModified(ErrorResult& aRv) { NS_ASSERTION(mIsFile, "Should only be called on files"); if (IsDateUnknown()) { - mLastModificationDate = PR_Now(); + // Round to nearest 100 ms. + mLastModificationDate = floor(PR_Now() / 100000) * 100000; } return mLastModificationDate / PR_USEC_PER_MSEC; diff --git a/dom/base/MultipartBlobImpl.cpp b/dom/base/MultipartBlobImpl.cpp index 9867142..b1e088a 100644 --- a/dom/base/MultipartBlobImpl.cpp +++ b/dom/base/MultipartBlobImpl.cpp @@ -273,7 +273,9 @@ MultipartBlobImpl::SetLengthAndModifiedDate(ErrorResult& aRv) // x.getTime() < f.dateModified.getTime() // could fail. mLastModificationDate = - lastModifiedSet ? lastModified * PR_USEC_PER_MSEC : JS_Now(); + lastModifiedSet ? lastModified * PR_USEC_PER_MSEC + // Round to nearest 100 ms + : floor(JS_Now() / 100000) * 100000; } }

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Bug 16998: Isolate link rel=preconnect to first party
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit be96c4f788ab616d94457bcc4dd1d098b156d62c Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 00:56:09 2016 -0700 Bug 16998: Isolate link rel=preconnect to first party --- dom/base/nsDocument.cpp | 8 +++++-- netwerk/base/nsIOService.cpp | 41 +++++++++++++++++++++++++++++---- netwerk/base/nsIOService.h | 1 + netwerk/base/nsISpeculativeConnect.idl | 11 ++++++++- netwerk/ipc/NeckoParent.cpp | 7 +++--- netwerk/ipc/NeckoParent.h | 3 ++- netwerk/ipc/PNecko.ipdl | 2 +- netwerk/protocol/http/nsHttpHandler.cpp | 27 ++++++++++++++++++---- netwerk/protocol/http/nsHttpHandler.h | 1 + 9 files changed, 84 insertions(+), 17 deletions(-) diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 586e199..e7077a9 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -246,6 +246,8 @@ #include "nsISpeculativeConnect.h" +#include "ThirdPartyUtil.h" + #ifdef MOZ_MEDIA_NAVIGATOR #include "mozilla/MediaManager.h" #endif // MOZ_MEDIA_NAVIGATOR @@ -9733,10 +9735,12 @@ nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) return; } + nsCString firstPartyHost; + ThirdPartyUtil::GetFirstPartyHost(this, firstPartyHost); if (aCORSMode == CORS_ANONYMOUS) { - speculator->SpeculativeAnonymousConnect(uri, nullptr); + speculator->SpeculativeAnonymousConnectIsolated(uri, firstPartyHost, nullptr); } else { - speculator->SpeculativeConnect(uri, nullptr); + speculator->SpeculativeConnectIsolated(uri, firstPartyHost, nullptr); } } diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index ad86c95..a864d0e 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -51,6 +51,7 @@ #include "ClosingService.h" #include "ReferrerPolicy.h" #include "nsContentSecurityManager.h" +#include "ThirdPartyUtil.h" #ifdef MOZ_WIDGET_GONK #include "nsINetworkManager.h" @@ -1822,10 +1823,14 @@ IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request, nsIChannel *cha nsLoadFlags loadFlags = 0; channel->GetLoadFlags(&loadFlags); + + nsCString firstPartyHost; + ThirdPartyUtil::GetFirstPartyHost(channel, firstPartyHost); + if (loadFlags & nsIRequest::LOAD_ANONYMOUS) { - speculativeHandler->SpeculativeAnonymousConnect(uri, mCallbacks); + speculativeHandler->SpeculativeAnonymousConnectIsolated(uri, firstPartyHost, mCallbacks); } else { - speculativeHandler->SpeculativeConnect(uri, mCallbacks); + speculativeHandler->SpeculativeConnectIsolated(uri, firstPartyHost, mCallbacks); } return NS_OK; @@ -1833,6 +1838,7 @@ IOServiceProxyCallback::OnProxyAvailable(nsICancelable *request, nsIChannel *cha nsresult nsIOService::SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool aAnonymous) { @@ -1867,6 +1873,17 @@ nsIOService::SpeculativeConnectInternal(nsIURI *aURI, getter_AddRefs(channel)); NS_ENSURE_SUCCESS(rv, rv); + // If we have an isolation key, use it as the document URI for this channel. + if (!aIsolationKey.IsEmpty()) { + nsCOMPtr<nsIHttpChannelInternal> channelInternal(do_QueryInterface(channel)); + if (channelInternal) { + nsCString documentURISpec("https://"); + documentURISpec.Append(aIsolationKey); + nsCOMPtr<nsIURI> documentURI; + /* nsresult rv = */ NS_NewURI(getter_AddRefs(documentURI), documentURISpec); + channelInternal->SetDocumentURI(documentURI); + } + } if (aAnonymous) { nsLoadFlags loadFlags = 0; channel->GetLoadFlags(&loadFlags); @@ -1885,17 +1902,33 @@ nsIOService::SpeculativeConnectInternal(nsIURI *aURI, } NS_IMETHODIMP +nsIOService::SpeculativeConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, false); +} + +NS_IMETHODIMP nsIOService::SpeculativeConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, false); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, false); +} + +NS_IMETHODIMP +nsIOService::SpeculativeAnonymousConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, true); } NS_IMETHODIMP nsIOService::SpeculativeAnonymousConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, true); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, true); } void diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index e948ffd..308cee7 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -133,6 +133,7 @@ private: nsIChannel** result); nsresult SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool aAnonymous); diff --git a/netwerk/base/nsISpeculativeConnect.idl b/netwerk/base/nsISpeculativeConnect.idl index 15d63e1..eed9570 100644 --- a/netwerk/base/nsISpeculativeConnect.idl +++ b/netwerk/base/nsISpeculativeConnect.idl @@ -8,7 +8,7 @@ interface nsIURI; interface nsIInterfaceRequestor; -[scriptable, uuid(d74a17ac-5b8a-4824-a309-b1f04a3c4aed)] +[scriptable, uuid(60cf321d-9f09-403a-b8b6-db221e6ca3a1)] interface nsISpeculativeConnect : nsISupports { /** @@ -21,6 +21,7 @@ interface nsISpeculativeConnect : nsISupports * to actually open the new channel. * * @param aURI the URI of the hinted transaction + * @param aIsolationKey the isolation key for the connection * @param aCallbacks any security callbacks for use with SSL for interfaces * such as nsIBadCertListener. May be null. * @@ -30,6 +31,14 @@ interface nsISpeculativeConnect : nsISupports void speculativeAnonymousConnect(in nsIURI aURI, in nsIInterfaceRequestor aCallbacks); + + void speculativeConnectIsolated(in nsIURI aURI, + in AUTF8String aIsolationKey, + in nsIInterfaceRequestor aCallbacks); + + void speculativeAnonymousConnectIsolated(in nsIURI aURI, + in AUTF8String aIsolationKey, + in nsIInterfaceRequestor aCallbacks); }; /** diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp index 796e78f..fa4911b 100644 --- a/netwerk/ipc/NeckoParent.cpp +++ b/netwerk/ipc/NeckoParent.cpp @@ -728,15 +728,16 @@ NeckoParent::DeallocPRemoteOpenFileParent(PRemoteOpenFileParent* actor) } bool -NeckoParent::RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous) +NeckoParent::RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous, + const nsCString& aIsolationKey) { nsCOMPtr<nsISpeculativeConnect> speculator(gIOService); nsCOMPtr<nsIURI> uri = DeserializeURI(aURI); if (uri && speculator) { if (aAnonymous) { - speculator->SpeculativeAnonymousConnect(uri, nullptr); + speculator->SpeculativeAnonymousConnectIsolated(uri, aIsolationKey, nullptr); } else { - speculator->SpeculativeConnect(uri, nullptr); + speculator->SpeculativeConnectIsolated(uri, aIsolationKey, nullptr); } } diff --git a/netwerk/ipc/NeckoParent.h b/netwerk/ipc/NeckoParent.h index 508ab6f..900328c 100644 --- a/netwerk/ipc/NeckoParent.h +++ b/netwerk/ipc/NeckoParent.h @@ -167,7 +167,8 @@ protected: const uint32_t& flags, const nsCString& aNetworkInterface) override; virtual bool DeallocPDNSRequestParent(PDNSRequestParent*) override; - virtual bool RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous) override; + virtual bool RecvSpeculativeConnect(const URIParams& aURI, const bool& aAnonymous, + const nsCString& aFirstPartyHost) override; virtual bool RecvHTMLDNSPrefetch(const nsString& hostname, const uint16_t& flags) override; virtual bool RecvCancelHTMLDNSPrefetch(const nsString& hostname, diff --git a/netwerk/ipc/PNecko.ipdl b/netwerk/ipc/PNecko.ipdl index 2e1f2f5..0d0c7f8 100644 --- a/netwerk/ipc/PNecko.ipdl +++ b/netwerk/ipc/PNecko.ipdl @@ -89,7 +89,7 @@ parent: URIParams fileuri, OptionalURIParams appuri); - SpeculativeConnect(URIParams uri, bool anonymous); + SpeculativeConnect(URIParams uri, bool anonymous, nsCString isolationKey); HTMLDNSPrefetch(nsString hostname, uint16_t flags); CancelHTMLDNSPrefetch(nsString hostname, uint16_t flags, nsresult reason); diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index e425c22..97461fe 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -2126,13 +2126,15 @@ nsHttpHandler::Observe(nsISupports *subject, nsresult nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool anonymous) { + nsCString isolationKey(aIsolationKey); if (IsNeckoChild()) { ipc::URIParams params; SerializeURI(aURI, params); - gNeckoChild->SendSpeculativeConnect(params, anonymous); + gNeckoChild->SendSpeculativeConnect(params, anonymous, isolationKey); return NS_OK; } @@ -2205,26 +2207,41 @@ nsHttpHandler::SpeculativeConnectInternal(nsIURI *aURI, nsAutoCString username; aURI->GetUsername(username); - // TODO: Fix isolation for speculative connect. nsHttpConnectionInfo *ci = - new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr, EmptyCString(), usingSSL); + new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr, aIsolationKey, usingSSL); ci->SetAnonymous(anonymous); return SpeculativeConnect(ci, aCallbacks); } NS_IMETHODIMP +nsHttpHandler::SpeculativeConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, false); +} + +NS_IMETHODIMP nsHttpHandler::SpeculativeConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, false); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, false); +} + +NS_IMETHODIMP +nsHttpHandler::SpeculativeAnonymousConnectIsolated(nsIURI *aURI, + const nsACString& aIsolationKey, + nsIInterfaceRequestor *aCallbacks) +{ + return SpeculativeConnectInternal(aURI, aIsolationKey, aCallbacks, true); } NS_IMETHODIMP nsHttpHandler::SpeculativeAnonymousConnect(nsIURI *aURI, nsIInterfaceRequestor *aCallbacks) { - return SpeculativeConnectInternal(aURI, aCallbacks, true); + return SpeculativeConnectInternal(aURI, EmptyCString(), aCallbacks, true); } void diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h index 1205dad..cf15775 100644 --- a/netwerk/protocol/http/nsHttpHandler.h +++ b/netwerk/protocol/http/nsHttpHandler.h @@ -596,6 +596,7 @@ private: private: nsresult SpeculativeConnectInternal(nsIURI *aURI, + const nsACString& aIsolationKey, nsIInterfaceRequestor *aCallbacks, bool anonymous); };

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] fixup! Bug #13749.2: Regression tests for first-party isolation of cache
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit 8cfeded9b52a1bbc93622c6dbe6ca59f987b43c0 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 15:26:48 2016 -0700 fixup! Bug #13749.2: Regression tests for first-party isolation of cache --- netwerk/test/browser/browser_cacheFirstParty.js | 70 ++++++++++++++++--------- netwerk/test/browser/firstPartyParent.html | 1 + 2 files changed, 45 insertions(+), 26 deletions(-) diff --git a/netwerk/test/browser/browser_cacheFirstParty.js b/netwerk/test/browser/browser_cacheFirstParty.js index 967c597..7e66726 100644 --- a/netwerk/test/browser/browser_cacheFirstParty.js +++ b/netwerk/test/browser/browser_cacheFirstParty.js @@ -27,6 +27,8 @@ Cu.import("resource://gre/modules/LoadContextInfo.jsm", tempScope); let LoadContextInfo = tempScope.LoadContextInfo; let thirdPartyUtil = Cc["@mozilla.org/thirdpartyutil;1"] .getService(Ci.mozIThirdPartyUtil); +let protocolProxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"] + .getService(Ci.nsIProtocolProxyService); // __listen(target, eventType, timeoutMs, useCapture)__. // Calls addEventListener on target, with the given eventType. @@ -116,12 +118,12 @@ let privacyPref = "privacy.thirdparty.isolate", "request.html", "worker.request.html", "import.js"]; -// __checkCachePopulation(pref, numberOfDomains)__. +// __checkCachePopulation(isolate, numberOfDomains)__. // Check if the number of entries found in the cache for each // embedded file type matches the number we expect, given the // number of domains and the isolation state. -let checkCachePopulation = function* (pref, numberOfDomains) { - let expectedEntryCount = (pref === 2) ? numberOfDomains : 1; +let checkCachePopulation = function* (isolate, numberOfDomains) { + let expectedEntryCount = isolate ? numberOfDomains : 1; // Collect cache data. let data = yield cacheDataForContext(LoadContextInfo.default, 2000); data = data.concat(yield cacheDataForContext(LoadContextInfo.private, 2000)); @@ -148,17 +150,21 @@ let checkCachePopulation = function* (pref, numberOfDomains) { }; // __observeChannels(onChannel)__. -// onChannel is called for every http channel request. Returns a zero-arg stop() function. +// onChannel is called for every channel request. Returns a zero-arg stop() function. let observeChannels = function (onChannel) { - let channelObserver = { - observe: function(subject, topic, data) { - if (topic === "http-on-modify-request") { - onChannel(subject.QueryInterface(Components.interfaces.nsIHttpChannel)); - } + // We use a dummy proxy filter to catch all channels, even those that do not + // generate an "http-on-modify-request" notification, such as link preconnects. + let proxyFilter = { + applyFilter : function (aProxyService, aChannel, aProxy) { + // We have the channel; provide it to the callback. + onChannel(aChannel); + // Pass on aProxy unmodified. + return aProxy; } }; - Services.obs.addObserver(channelObserver, "http-on-modify-request", /* ownsWeak */ false); - return function () { Services.obs.removeObserver(channelObserver, "http-on-modify-request"); }; + protocolProxyService.registerChannelFilter(proxyFilter, 0); + // Return the stop() function: + return () => protocolProxyService.unregisterChannelFilter(proxyFilter); }; // __channelFirstPartyHost(aChannel)__. @@ -170,28 +176,38 @@ let channelFirstPartyHost = function (aChannel) { return thirdPartyUtil.getFirstPartyHostForIsolation(firstPartyURI); } -// The main testing function. -// Launch a Task.jsm coroutine so we can open tabs and wait for each of them to open, -// one by one. -add_task(function* () { - // Here we check to see if each channel has the correct first party assigned. - // All "thirdPartyChild" resources are loaded from a third-party - // "example.net" host, but they should all report either an "example.com" - // or an "example.org" first-party domain. +// __startObservingChannels()__. +// Checks to see if each channel has the correct first party assigned. +// All "thirdPartyChild" resources are loaded from a third-party +// "example.net" host, but they should all report either an "example.com" +// or an "example.org" first-party domain. Returns a stop() function. +let startObservingChannels = function() { let stopObservingChannels = observeChannels(function (channel) { - if (channel.originalURI.spec.contains("thirdPartyChild")) { + let originalURISpec = channel.originalURI.spec; + if (originalURISpec.contains("example.net")) { let firstPartyHost = channelFirstPartyHost(channel); - ok(firstPartyHost === "example.com" || firstPartyHost === "example.org", "first party is " + firstPartyHost); + ok(firstPartyHost === "example.com" || firstPartyHost === "example.org", "first party for " + originalURISpec + " is " + firstPartyHost); } }); + return stopObservingChannels; +}; + +// The main testing function. +// Launch a Task.jsm coroutine so we can open tabs and wait for each of them to open, +// one by one. +add_task(function* () { // Keep original pref value for restoring after the tests. let originalPrefValue = Services.prefs.getIntPref(privacyPref); // Test the pref with both values: 2 (isolating by first party) or 0 (not isolating) - for (let pref of [2, 0]) { + for (let isolate of [true, false]) { + let stopObservingChannels; + if (isolate) { + stopObservingChannels = startObservingChannels(); + } // Clear the cache. Services.cache2.clear(); // Set the pref to desired value - Services.prefs.setIntPref(privacyPref, pref); + Services.prefs.setIntPref(privacyPref, isolate ? 2 : 0); // Open test tabs let tabs = []; for (let domain of duplicatedDomains) { @@ -199,13 +215,15 @@ add_task(function* () { tabs.push(yield loadURLinNewTab("http://" + domain + ".example.org" + grandParentPage)); } // Run checks to make sure cache has expected number of entries for - // the chosen pref state. + // the chosen isolation state. let firstPartyDomainCount = 2; // example.com and example.org - yield checkCachePopulation(pref, firstPartyDomainCount); + yield checkCachePopulation(isolate, firstPartyDomainCount); // Clean up by removing tabs. tabs.forEach(tab => gBrowser.removeTab(tab)); + if (isolate) { + stopObservingChannels(); + } } - stopObservingChannels(); // Restore the pref to its original value. Services.prefs.setIntPref(privacyPref, originalPrefValue); }); diff --git a/netwerk/test/browser/firstPartyParent.html b/netwerk/test/browser/firstPartyParent.html index fa29a74..ba1248f 100644 --- a/netwerk/test/browser/firstPartyParent.html +++ b/netwerk/test/browser/firstPartyParent.html @@ -7,6 +7,7 @@ href="http://example.net/browser/netwerk/test/browser/thirdPartyChild.link.css"> <link rel="icon" type="image/ico" href="http://example.net/browser/netwerk/test/browser/thirdPartyChild.favicon.ico"> + <link rel="preconnect" href="http://example.net"> </head> <body> <div>firstPartyParent.html</div>

1 0

[tor-browser/tor-browser-45.2.0esr-6.5-1] Revert "Bug 16998: Disable link rel=preconnect"
by gk＠torproject.org 01 Jul '16

01 Jul '16

commit b44b2b25bab1ebde9351c842f0ca66d2fdc87579 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 6 01:05:25 2016 -0700 Revert "Bug 16998: Disable link rel=preconnect" This reverts commit bba50a31b7c41ec4c74475ba083d23828fea8918. --- dom/base/nsDocument.cpp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index ef6dc64..586e199 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -9704,10 +9704,6 @@ nsDocument::MaybePreLoadImage(nsIURI* uri, const nsAString &aCrossOriginAttr, void nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) { - // Tor Browser: Here we disable <link rel="preconnect"> - // See #16998. - // TODO: Isolate preconnect by first party. -/* nsCOMPtr<nsIURI> uri; if (NS_FAILED(aOrigURI->Clone(getter_AddRefs(uri)))) { return; @@ -9742,7 +9738,6 @@ nsDocument::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) } else { speculator->SpeculativeConnect(uri, nullptr); } -*/ } void

1 0