commit 5e8874a14151a24ed7c6e8706ac8d6966986b916 Author: Arthur Edelstein <arthuredelstein@gmail.com> Date: Sat Jul 14 08:50:55 2018 -0700 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. --- toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm index ffa42297073e..82c7a3b950c2 100644 --- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm +++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm @@ -74,6 +74,9 @@ class RemoteWebNavigation { fixupFlags |= Services.uriFixup.FIXUP_FLAG_PRIVATE_CONTEXT; } uri = Services.uriFixup.createFixupURI(aURI, fixupFlags); +/******************************************************************************* + TOR BROWSER: Disable the following speculative connect until + we can make it properly obey first-party isolation. // We know the url is going to be loaded, let's start requesting network // connection before the content process asks. @@ -97,6 +100,7 @@ class RemoteWebNavigation { } Services.io.speculativeConnect(uri, principal, null); } +*******************************************************************************/ } catch (ex) { // Can't setup speculative connection for this uri string for some // reason (such as failing to parse the URI), just ignore it.