commit fc00aef1fd552784dfca72dcdbb78e72e2f9932e Author: Georg Koppen gk@torproject.org Date: Wed Mar 1 20:55:34 2017 +0000
Bug 21396: Allow leaking of resource/chrome URIs
Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246 is filtering content requests to resource:// and chrome:// URIs in a way that neuters this fingerprinting vector while not breaking standard Tor Browser functionality.
However, there are extensions like Session Manager that are broken with this strategy. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that get a preference they can toggle now.
'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by default 'false' but setting it to 'true' effectively disables our defense we developed in #8725 and related bugs. --- src/components/content-policy.js | 18 +++++++++++++++--- src/defaults/preferences/preferences.js | 1 + 2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js index 5c0ecf5..b11c4e7 100644 --- a/src/components/content-policy.js +++ b/src/components/content-policy.js @@ -12,8 +12,16 @@ const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils
// Import XPCOMUtils object. Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +let { bindPrefAndInit } = + Cu.import("resource://torbutton/modules/utils.js", {});
-function ContentPolicy() {} +function ContentPolicy() { + this.uriFingerprinting = null; + bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting", + function (enabled) { + this.uriFingerprinting = enabled; + }); +}
ContentPolicy.prototype = { classDescription: "ContentPolicy", @@ -44,9 +52,13 @@ ContentPolicy.prototype = {
shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
- // Accept if no content URI or scheme is not a resource/chrome. - if (!aContentLocation || !(aContentLocation.schemeIs('resource') || aContentLocation.schemeIs('chrome'))) + // Accept if the user does not care, no content URI is available or scheme + // is not resource/chrome. + if (this.uriFingerprinting || !aContentLocation || + !(aContentLocation.schemeIs('resource') || + aContentLocation.schemeIs('chrome'))) { return Ci.nsIContentPolicy.ACCEPT; + }
// Accept if no origin URI or if origin scheme is chrome/resource/about. if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about')) diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js index a8eea21..d91fd77 100644 --- a/src/defaults/preferences/preferences.js +++ b/src/defaults/preferences/preferences.js @@ -39,6 +39,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last pref("extensions.torbutton.tor_memory_jar",false); pref("extensions.torbutton.nontor_memory_jar",false); pref("extensions.torbutton.launch_warning",true); +pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false); // Opt out of Firefox addon pings: // https://developer.mozilla.org/en/Addons/Working_with_AMO pref("extensions.torbutton@torproject.org.getAddons.cache.enabled", false);