Pier Angelo Vendrame pushed to branch mullvad-browser-128.5.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser
Commits: c1966f06 by Kershaw Chang at 2024-12-17T12:40:47+01:00 Bug 1910593 - Don't prefetch HTTPS RR if proxyDNS is enabled, r=necko-reviewers,valentin
Differential Revision: https://phabricator.services.mozilla.com/D219528
- - - - -
15 changed files:
- dom/chrome-webidl/NetDashboard.webidl - netwerk/base/Dashboard.cpp - netwerk/base/DashboardTypes.h - netwerk/dns/nsHostResolver.cpp - netwerk/protocol/http/nsHttp.cpp - netwerk/protocol/http/nsHttp.h - netwerk/protocol/http/nsHttpChannel.cpp - netwerk/protocol/http/nsHttpChannel.h - netwerk/protocol/http/nsHttpConnectionInfo.h - netwerk/protocol/http/nsHttpConnectionMgr.cpp - netwerk/protocol/http/nsHttpHandler.cpp - netwerk/protocol/http/nsHttpHandler.h - + netwerk/test/unit/test_proxyDNS_leak.js - netwerk/test/unit/xpcshell.toml - toolkit/content/aboutNetworking.js
Changes:
===================================== dom/chrome-webidl/NetDashboard.webidl ===================================== @@ -68,6 +68,7 @@ dictionary DnsCacheEntry { boolean trr = false; DOMString originAttributesSuffix = ""; DOMString flags = ""; + unsigned short type = 0; };
[GenerateConversionToJS]
===================================== netwerk/base/Dashboard.cpp ===================================== @@ -906,10 +906,13 @@ nsresult Dashboard::GetDNSCacheEntries(DnsData* dnsData) { CopyASCIItoUTF16(dnsData->mData[i].hostaddr[j], *addr); }
- if (dnsData->mData[i].family == PR_AF_INET6) { - entry.mFamily.AssignLiteral(u"ipv6"); - } else { - entry.mFamily.AssignLiteral(u"ipv4"); + entry.mType = dnsData->mData[i].resolveType; + if (entry.mType == nsIDNSService::RESOLVE_TYPE_DEFAULT) { + if (dnsData->mData[i].family == PR_AF_INET6) { + entry.mFamily.AssignLiteral(u"ipv6"); + } else { + entry.mFamily.AssignLiteral(u"ipv4"); + } }
entry.mOriginAttributesSuffix =
===================================== netwerk/base/DashboardTypes.h ===================================== @@ -35,12 +35,12 @@ struct DnsAndConnectSockets { struct DNSCacheEntries { nsCString hostname; nsTArray<nsCString> hostaddr; - uint16_t family; - int64_t expiration; - nsCString netInterface; - bool TRR; + uint16_t family{0}; + int64_t expiration{0}; + bool TRR{false}; nsCString originAttributesSuffix; nsCString flags; + uint16_t resolveType{0}; };
struct HttpConnInfo { @@ -99,8 +99,10 @@ struct ParamTraitsmozilla::net::DNSCacheEntries { WriteParam(aWriter, aParam.hostaddr); WriteParam(aWriter, aParam.family); WriteParam(aWriter, aParam.expiration); - WriteParam(aWriter, aParam.netInterface); WriteParam(aWriter, aParam.TRR); + WriteParam(aWriter, aParam.originAttributesSuffix); + WriteParam(aWriter, aParam.flags); + WriteParam(aWriter, aParam.resolveType); }
static bool Read(MessageReader* aReader, paramType* aResult) { @@ -108,8 +110,10 @@ struct ParamTraitsmozilla::net::DNSCacheEntries { ReadParam(aReader, &aResult->hostaddr) && ReadParam(aReader, &aResult->family) && ReadParam(aReader, &aResult->expiration) && - ReadParam(aReader, &aResult->netInterface) && - ReadParam(aReader, &aResult->TRR); + ReadParam(aReader, &aResult->TRR) && + ReadParam(aReader, &aResult->originAttributesSuffix) && + ReadParam(aReader, &aResult->flags) && + ReadParam(aReader, &aResult->resolveType); } };
===================================== netwerk/dns/nsHostResolver.cpp ===================================== @@ -1999,20 +1999,13 @@ void nsHostResolver::GetDNSCacheEntries(nsTArray<DNSCacheEntries>* args) { continue; }
- // For now we only show A/AAAA records. - if (!rec->IsAddrRecord()) { - continue; - } - - RefPtr<AddrHostRecord> addrRec = do_QueryObject(rec); - MOZ_ASSERT(addrRec); - if (!addrRec || !addrRec->addr_info) { - continue; - } - DNSCacheEntries info; + info.resolveType = rec->type; info.hostname = rec->host; info.family = rec->af; + if (rec->mValidEnd.IsNull()) { + continue; + } info.expiration = (int64_t)(rec->mValidEnd - TimeStamp::NowLoRes()).ToSeconds(); if (info.expiration <= 0) { @@ -2020,7 +2013,12 @@ void nsHostResolver::GetDNSCacheEntries(nsTArray<DNSCacheEntries>* args) { continue; }
- { + info.originAttributesSuffix = recordEntry.GetKey().originSuffix; + info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type, rec->flags, + rec->af, rec->pb, rec->mTrrServer.get()); + + RefPtr<AddrHostRecord> addrRec = do_QueryObject(rec); + if (addrRec && addrRec->addr_info) { MutexAutoLock lock(addrRec->addr_info_lock); for (const auto& addr : addrRec->addr_info->Addresses()) { char buf[kIPv6CStrBufSize]; @@ -2031,10 +2029,6 @@ void nsHostResolver::GetDNSCacheEntries(nsTArray<DNSCacheEntries>* args) { info.TRR = addrRec->addr_info->IsTRR(); }
- info.originAttributesSuffix = recordEntry.GetKey().originSuffix; - info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type, rec->flags, - rec->af, rec->pb, rec->mTrrServer.get()); - args->AppendElement(std::move(info)); } }
===================================== netwerk/protocol/http/nsHttp.cpp ===================================== @@ -35,6 +35,8 @@ namespace mozilla { namespace net {
+extern const char kProxyType_SOCKS[]; + const uint32_t kHttp3VersionCount = 5; const nsCString kHttp3Versions[] = {"h3-29"_ns, "h3-30"_ns, "h3-31"_ns, "h3-32"_ns, "h3"_ns}; @@ -1165,5 +1167,19 @@ void DisallowHTTPSRR(uint32_t& aCaps) { aCaps = (aCaps | NS_HTTP_DISALLOW_HTTPS_RR) & ~NS_HTTP_FORCE_WAIT_HTTP_RR; }
+ProxyDNSStrategy GetProxyDNSStrategyHelper(const char* aType, uint32_t aFlag) { + if (!aType) { + return ProxyDNSStrategy::ORIGIN; + } + + if (!(aFlag & nsIProxyInfo::TRANSPARENT_PROXY_RESOLVES_HOST)) { + if (aType == kProxyType_SOCKS) { + return ProxyDNSStrategy::ORIGIN; + } + } + + return ProxyDNSStrategy::PROXY; +} + } // namespace net } // namespace mozilla
===================================== netwerk/protocol/http/nsHttp.h ===================================== @@ -527,6 +527,16 @@ bool PossibleZeroRTTRetryError(nsresult aReason);
void DisallowHTTPSRR(uint32_t& aCaps);
+enum class ProxyDNSStrategy : uint8_t { + // To resolve the origin of the end server we are connecting + // to. + ORIGIN = 1 << 0, + // To resolve the host name of the proxy. + PROXY = 1 << 1 +}; + +ProxyDNSStrategy GetProxyDNSStrategyHelper(const char* aType, uint32_t aFlag); + } // namespace net } // namespace mozilla
===================================== netwerk/protocol/http/nsHttpChannel.cpp ===================================== @@ -762,6 +762,10 @@ nsresult nsHttpChannel::MaybeUseHTTPSRRForUpgrade(bool aShouldUpgrade, }
auto shouldSkipUpgradeWithHTTPSRR = [&]() -> bool { + if (mCaps & NS_HTTP_DISALLOW_HTTPS_RR) { + return true; + } + // Skip using HTTPS RR to upgrade when this is not a top-level load and the // loading principal is http. if ((mLoadInfo->GetExternalContentPolicyType() != @@ -784,6 +788,11 @@ nsresult nsHttpChannel::MaybeUseHTTPSRRForUpgrade(bool aShouldUpgrade, return true; }
+ auto dnsStrategy = GetProxyDNSStrategy(); + if (dnsStrategy != ProxyDNSStrategy::ORIGIN) { + return true; + } + nsAutoCString uriHost; mURI->GetAsciiHost(uriHost);
@@ -808,11 +817,6 @@ nsresult nsHttpChannel::MaybeUseHTTPSRRForUpgrade(bool aShouldUpgrade, return ContinueOnBeforeConnect(hasHTTPSRR, aStatus, hasHTTPSRR); }
- auto dnsStrategy = GetProxyDNSStrategy(); - if (!(dnsStrategy & DNS_PREFETCH_ORIGIN)) { - return ContinueOnBeforeConnect(aShouldUpgrade, aStatus); - } - LOG(("nsHttpChannel::MaybeUseHTTPSRRForUpgrade [%p] wait for HTTPS RR", this));
@@ -1218,13 +1222,13 @@ void nsHttpChannel::SpeculativeConnect() { NS_NewNotificationCallbacksAggregation(mCallbacks, mLoadGroup, getter_AddRefs(callbacks)); if (!callbacks) return; - - Unused << gHttpHandler->SpeculativeConnect( + bool httpsRRAllowed = !(mCaps & NS_HTTP_DISALLOW_HTTPS_RR); + Unused << gHttpHandler->MaybeSpeculativeConnectWithHTTPSRR( mConnectionInfo, callbacks, mCaps & (NS_HTTP_DISALLOW_SPDY | NS_HTTP_TRR_MODE_MASK | NS_HTTP_DISABLE_IPV4 | NS_HTTP_DISABLE_IPV6 | NS_HTTP_DISALLOW_HTTP3 | NS_HTTP_REFRESH_DNS), - gHttpHandler->EchConfigEnabled()); + gHttpHandler->EchConfigEnabled() && httpsRRAllowed); }
void nsHttpChannel::DoNotifyListenerCleanup() { @@ -6538,27 +6542,16 @@ nsHttpChannel::GetOrCreateChannelClassifier() { return classifier.forget(); }
-uint16_t nsHttpChannel::GetProxyDNSStrategy() { - // This function currently only supports returning DNS_PREFETCH_ORIGIN. - // Support for the rest of the DNS_* flags will be added later. - - if (!mProxyInfo) { - return DNS_PREFETCH_ORIGIN; +ProxyDNSStrategy nsHttpChannel::GetProxyDNSStrategy() { + // When network_dns_force_use_https_rr is true, return DNS_PREFETCH_ORIGIN. + // This ensures that we always perform HTTPS RR query. + nsCOMPtr<nsProxyInfo> proxyInfo(static_cast<nsProxyInfo*>(mProxyInfo.get())); + if (!proxyInfo || StaticPrefs::network_dns_force_use_https_rr()) { + return ProxyDNSStrategy::ORIGIN; }
- uint32_t flags = 0; - nsAutoCString type; - mProxyInfo->GetFlags(&flags); - mProxyInfo->GetType(type); - // If the proxy is not to perform name resolution itself. - if (!(flags & nsIProxyInfo::TRANSPARENT_PROXY_RESOLVES_HOST)) { - if (type.EqualsLiteral("socks")) { - return DNS_PREFETCH_ORIGIN; - } - } - - return 0; + return GetProxyDNSStrategyHelper(proxyInfo->Type(), proxyInfo->Flags()); }
// BeginConnect() SHOULD NOT call AsyncAbort(). AsyncAbort will be called by @@ -6744,11 +6737,13 @@ nsresult nsHttpChannel::BeginConnect() { }
bool trrEnabled = false; + auto dnsStrategy = GetProxyDNSStrategy(); bool httpsRRAllowed = !LoadBeConservative() && !(mCaps & NS_HTTP_BE_CONSERVATIVE) && !(mLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() && mLoadInfo->GetExternalContentPolicyType() != ExtContentPolicy::TYPE_DOCUMENT) && + dnsStrategy == ProxyDNSStrategy::ORIGIN && !mConnectionInfo->UsingConnect() && canUseHTTPSRRonNetwork(trrEnabled) && StaticPrefs::network_dns_use_https_rr_as_altsvc(); if (!httpsRRAllowed) { @@ -6859,16 +6854,7 @@ nsresult nsHttpChannel::BeginConnect() { ReEvaluateReferrerAfterTrackingStatusIsKnown(); }
- rv = MaybeStartDNSPrefetch(); - if (NS_FAILED(rv)) { - auto dnsStrategy = GetProxyDNSStrategy(); - if (dnsStrategy & DNS_BLOCK_ON_ORIGIN_RESOLVE) { - // TODO: Should this be fatal? - return rv; - } - // Otherwise this shouldn't be fatal. - return NS_OK; - } + MaybeStartDNSPrefetch();
rv = CallOrWaitForResume( [](nsHttpChannel* self) { return self->PrepareToConnect(); }); @@ -6888,7 +6874,7 @@ nsresult nsHttpChannel::BeginConnect() { return NS_OK; }
-nsresult nsHttpChannel::MaybeStartDNSPrefetch() { +void nsHttpChannel::MaybeStartDNSPrefetch() { // Start a DNS lookup very early in case the real open is queued the DNS can // happen in parallel. Do not do so in the presence of an HTTP proxy as // all lookups other than for the proxy itself are done by the proxy. @@ -6904,7 +6890,7 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() { // timing we used. if ((mLoadFlags & (LOAD_NO_NETWORK_IO | LOAD_ONLY_FROM_CACHE)) || LoadAuthRedirectedChannel()) { - return NS_OK; + return; }
auto dnsStrategy = GetProxyDNSStrategy(); @@ -6912,10 +6898,10 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() { LOG( ("nsHttpChannel::MaybeStartDNSPrefetch [this=%p, strategy=%u] " "prefetching%s\n", - this, dnsStrategy, + this, static_cast<uint32_t>(dnsStrategy), mCaps & NS_HTTP_REFRESH_DNS ? ", refresh requested" : ""));
- if (dnsStrategy & DNS_PREFETCH_ORIGIN) { + if (dnsStrategy == ProxyDNSStrategy::ORIGIN) { OriginAttributes originAttributes; StoragePrincipalHelper::GetOriginAttributesForNetworkState( this, originAttributes); @@ -6927,20 +6913,8 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() { if (mCaps & NS_HTTP_REFRESH_DNS) { dnsFlags |= nsIDNSService::RESOLVE_BYPASS_CACHE; } - nsresult rv = mDNSPrefetch->PrefetchHigh(dnsFlags);
- if (dnsStrategy & DNS_BLOCK_ON_ORIGIN_RESOLVE) { - LOG((" blocking on prefetching origin")); - - if (NS_WARN_IF(NS_FAILED(rv))) { - LOG((" lookup failed with 0x%08" PRIx32 ", aborting request", - static_cast<uint32_t>(rv))); - return rv; - } - - // Resolved in OnLookupComplete. - mDNSBlockingThenable = mDNSBlockingPromise.Ensure(__func__); - } + Unused << mDNSPrefetch->PrefetchHigh(dnsFlags);
bool unused; if (StaticPrefs::network_dns_use_https_rr_as_altsvc() && !mHTTPSSVCRecord && @@ -6960,8 +6934,6 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() { }); } } - - return NS_OK; }
NS_IMETHODIMP
===================================== netwerk/protocol/http/nsHttpChannel.h ===================================== @@ -303,23 +303,11 @@ class nsHttpChannel final : public HttpBaseChannel, // Connections will only be established in this function. // (including DNS prefetch and speculative connection.) void MaybeResolveProxyAndBeginConnect(); - nsresult MaybeStartDNSPrefetch(); - - // Tells the channel to resolve the origin of the end server we are connecting - // to. - static uint16_t const DNS_PREFETCH_ORIGIN = 1 << 0; - // Tells the channel to resolve the host name of the proxy. - static uint16_t const DNS_PREFETCH_PROXY = 1 << 1; - // Will be set if the current channel uses an HTTP/HTTPS proxy. - static uint16_t const DNS_PROXY_IS_HTTP = 1 << 2; - // Tells the channel to wait for the result of the origin server resolution - // before any connection attempts are made. - static uint16_t const DNS_BLOCK_ON_ORIGIN_RESOLVE = 1 << 3; + void MaybeStartDNSPrefetch();
// Based on the proxy configuration determine the strategy for resolving the // end server host name. - // Returns a combination of the above flags. - uint16_t GetProxyDNSStrategy(); + ProxyDNSStrategy GetProxyDNSStrategy();
// We might synchronously or asynchronously call BeginConnect, // which includes DNS prefetch and speculative connection, according to
===================================== netwerk/protocol/http/nsHttpConnectionInfo.h ===================================== @@ -127,6 +127,13 @@ class nsHttpConnectionInfo final : public ARefBase { const char* ProxyPassword() const { return mProxyInfo ? mProxyInfo->Password().get() : nullptr; } + uint32_t ProxyFlag() const { + uint32_t flags = 0; + if (mProxyInfo) { + mProxyInfo->GetFlags(&flags); + } + return flags; + }
const nsCString& ProxyAuthorizationHeader() const { return mProxyInfo ? mProxyInfo->ProxyAuthorizationHeader() : EmptyCString();
===================================== netwerk/protocol/http/nsHttpConnectionMgr.cpp ===================================== @@ -3573,9 +3573,15 @@ void nsHttpConnectionMgr::DoSpeculativeConnectionInternal( return; }
- if (aFetchHTTPSRR && NS_SUCCEEDED(aTrans->FetchHTTPSRR())) { - // nsHttpConnectionMgr::DoSpeculativeConnection will be called again when - // HTTPS RR is available. + ProxyDNSStrategy strategy = GetProxyDNSStrategyHelper( + aEnt->mConnInfo->ProxyType(), aEnt->mConnInfo->ProxyFlag()); + // Speculative connections can be triggered by non-Necko consumers, + // so add an extra check to ensure HTTPS RR isn't fetched when a proxy is + // used. + if (aFetchHTTPSRR && strategy == ProxyDNSStrategy::ORIGIN && + NS_SUCCEEDED(aTrans->FetchHTTPSRR())) { + // nsHttpConnectionMgr::DoSpeculativeConnection will be called again + // when HTTPS RR is available. return; }
===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -2388,7 +2388,9 @@ nsresult nsHttpHandler::SpeculativeConnectInternal( } }
- return SpeculativeConnect(ci, aCallbacks); + // When ech is enabled, always do speculative connect with HTTPS RR. + return MaybeSpeculativeConnectWithHTTPSRR(ci, aCallbacks, 0, + EchConfigEnabled()); }
NS_IMETHODIMP
===================================== netwerk/protocol/http/nsHttpHandler.h ===================================== @@ -296,14 +296,13 @@ class nsHttpHandler final : public nsIHttpProtocolHandler, return mConnMgr->GetSocketThreadTarget(target); }
- [[nodiscard]] nsresult SpeculativeConnect(nsHttpConnectionInfo* ci, - nsIInterfaceRequestor* callbacks, - uint32_t caps = 0, - bool aFetchHTTPSRR = false) { + [[nodiscard]] nsresult MaybeSpeculativeConnectWithHTTPSRR( + nsHttpConnectionInfo* ci, nsIInterfaceRequestor* callbacks, uint32_t caps, + bool aFetchHTTPSRR) { TickleWifi(callbacks); RefPtr<nsHttpConnectionInfo> clone = ci->Clone(); return mConnMgr->SpeculativeConnect(clone, callbacks, caps, nullptr, - aFetchHTTPSRR | EchConfigEnabled()); + aFetchHTTPSRR); }
[[nodiscard]] nsresult SpeculativeConnect(nsHttpConnectionInfo* ci,
===================================== netwerk/test/unit/test_proxyDNS_leak.js ===================================== @@ -0,0 +1,111 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Test when socks proxy is registered, we don't try to resolve HTTPS record. +// Steps: +// 1. Use addHTTPSRecordOverride to add an override for service.com. +// 2. Add a proxy filter to use socks proxy. +// 3. Create a request to load service.com. +// 4. See if the HTTPS record is in DNS cache entries. + +"use strict"; + +const gDashboard = Cc["@mozilla.org/network/dashboard;1"].getService( + Ci.nsIDashboard +); +const pps = Cc["@mozilla.org/network/protocol-proxy-service;1"].getService(); + +add_task(async function setup() { + Services.prefs.setBoolPref("network.dns.native_https_query", true); + Services.prefs.setBoolPref("network.dns.native_https_query_win10", true); + const override = Cc["@mozilla.org/network/native-dns-override;1"].getService( + Ci.nsINativeDNSResolverOverride + ); + + let rawBuffer = [ + 0, 0, 128, 0, 0, 0, 0, 1, 0, 0, 0, 0, 7, 115, 101, 114, 118, 105, 99, 101, + 3, 99, 111, 109, 0, 0, 65, 0, 1, 0, 0, 0, 55, 0, 13, 0, 1, 0, 0, 1, 0, 6, 2, + 104, 50, 2, 104, 51, + ]; + override.addHTTPSRecordOverride("service.com", rawBuffer, rawBuffer.length); + override.addIPOverride("service.com", "127.0.0.1"); + registerCleanupFunction(() => { + Services.prefs.clearUserPref("network.dns.native_https_query"); + Services.prefs.clearUserPref("network.dns.native_https_query_win10"); + Services.prefs.clearUserPref("network.dns.localDomains"); + override.clearOverrides(); + }); +}); + +function makeChan(uri) { + let chan = NetUtil.newChannel({ + uri, + loadUsingSystemPrincipal: true, + contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT, + }).QueryInterface(Ci.nsIHttpChannel); + chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI; + return chan; +} + +function channelOpenPromise(chan, flags) { + return new Promise(resolve => { + function finish(req, buffer) { + resolve([req, buffer]); + } + chan.asyncOpen(new ChannelListener(finish, null, flags)); + }); +} + +async function isRecordFound(hostname) { + return new Promise(resolve => { + gDashboard.requestDNSInfo(function (data) { + let found = false; + for (let i = 0; i < data.entries.length; i++) { + if ( + data.entries[i].hostname == hostname && + data.entries[i].type == Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC + ) { + found = true; + break; + } + } + resolve(found); + }); + }); +} + +async function do_test_with_proxy_filter(filter) { + pps.registerFilter(filter, 10); + + let chan = makeChan(`https://service.com/%60); + await channelOpenPromise(chan, CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL); + + let found = await isRecordFound("service.com"); + pps.unregisterFilter(filter); + + return found; +} + +add_task(async function test_proxyDNS_do_leak() { + let filter = new NodeProxyFilter("socks", "localhost", 443, 0); + + let res = await do_test_with_proxy_filter(filter); + + Assert.ok(res, "Should find a DNS entry"); +}); + +add_task(async function test_proxyDNS_dont_leak() { + Services.dns.clearCache(false); + + let filter = new NodeProxyFilter( + "socks", + "localhost", + 443, + Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST + ); + + let res = await do_test_with_proxy_filter(filter); + + Assert.ok(!res, "Should not find a DNS entry"); +});
===================================== netwerk/test/unit/xpcshell.toml ===================================== @@ -983,6 +983,12 @@ run-sequentially = "node server exceptions dont replay well"
["test_proxy_pac.js"]
+["test_proxyDNS_leak.js"] +skip-if = [ + "os == 'android'", + "socketprocess_networking", +] + ["test_proxyconnect.js"] skip-if = [ "tsan",
===================================== toolkit/content/aboutNetworking.js ===================================== @@ -116,6 +116,11 @@ function displayDns(data) { new_cont.setAttribute("id", "dns_content");
for (let i = 0; i < data.entries.length; i++) { + // TODO: Will be supported in bug 1889387. + if (data.entries[i].type != Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT) { + continue; + } + let row = document.createElement("tr"); row.appendChild(col(data.entries[i].hostname)); row.appendChild(col(data.entries[i].family));
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/c196...
tbb-commits@lists.torproject.org