commit 3c04ec4654270f2896db0efffc4bc72edc2e3018 Author: Georg Koppen <gk@torproject.org> Date: Fri Aug 26 11:30:19 2016 +0000 Bug 18589: Clear site security settings during New Identity We need to clear site security settings (like HSTS) explicitely now as they don't belong to the permissions manager anymore. --- src/chrome/content/torbutton.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 3256335..311c6f6 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -1696,7 +1696,8 @@ function torbutton_new_identity() { * h. last open location url * i. clear content prefs * j. permissions - * k. IndexedDB and asmjscache storage + * k. site security settings (e.g. HSTS) + * l. IndexedDB and asmjscache storage * 3. Sends tor the NEWNYM signal to get a new circuit * 4. Opens a new window with the default homepage * 5. Closes this window @@ -1799,16 +1800,21 @@ function torbutton_do_new_identity() { m_tb_prefs.setIntPref("security.OCSP.enabled", 0); m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp); - // This clears the STS cache and site permissions on Tor Browser + // This clears the site permissions on Tor Browser // XXX: Tie to some kind of disk-ok pref? try { Services.perms.removeAll(); } catch(e) { // Actually, this catch does not appear to be needed. Leaving it in for // safety though. - torbutton_log(3, "Can't clear STS/Permissions: Not Tor Browser: "+e); + torbutton_log(3, "Can't clear permissions: Not Tor Browser: "+e); } + // Clear site security settings + let sss = Cc["@mozilla.org/ssservice;1"]. + getService(Ci.nsISiteSecurityService); + sss.clearAll(); + // This clears the undo tab history. var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo"); m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);