commit b9b87bcb3105e7aafb42f162b4bb1e8fc7dc54ba Author: Arthur Edelstein arthuredelstein@gmail.com Date: Mon Aug 13 09:55:40 2018 -0700
Bug 26189: Remove content-policy.js
Our old patch for Bug 8725 was upstreamed in https://bugzilla.mozilla.org/show_bug.cgi?id=863246 --- src/components/content-policy.js | 174 -------------------------------- src/components/startup-observer.js | 7 +- src/defaults/preferences/preferences.js | 2 +- 3 files changed, 3 insertions(+), 180 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js deleted file mode 100644 index db72efea..00000000 --- a/src/components/content-policy.js +++ /dev/null @@ -1,174 +0,0 @@ -/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* - * Based on ResourceFilter: A direct workaround for https://bugzil.la/863246 - * https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-fi... - */ - -const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils; - -// Import XPCOMUtils object. -Cu.import("resource://gre/modules/XPCOMUtils.jsm"); -let { bindPrefAndInit } = - Cu.import("resource://torbutton/modules/utils.js", {}); - -function ContentPolicy() { - this.uriFingerprinting = null; - let that = this; - bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting", - function (enabled) { - that.uriFingerprinting = enabled; - }); - - // Register as an nsIContentPolicy filter. - let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar); - registrar.registerFactory(this.classID, this.classDescription, - this.contractID, this); - - let catMan = Cc["@mozilla.org/categorymanager;1"] - .getService(Ci.nsICategoryManager); - catMan.addCategoryEntry("content-policy", this.contractID, this.contractID, - false, true); -} - -ContentPolicy.prototype = { - classDescription: "ContentPolicy", - classID: Components.ID("{4c03be7d-492f-990e-f0da-f3689e564898}"), - contractID: "@torproject.org/content-policy;1", - - uriWhitelist: { - // Video playback. - "chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT, - "resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - "chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL, - - // Image display. - "resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - "resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - - // Scrollbars, text box resizer, and content keyboard shortcuts. - "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL, - "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL, - - // Directory listing. - "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - }, - - uriRegexWhitelist: [ - // Video playback: whitelist png and svg images under chrome://global/skin/media - { regex: /^chrome://global/skin/media/.+.(png|svg)$/, - type: Ci.nsIContentPolicy.TYPE_IMAGE }, - - // Video playback and image display: whitelist css files under chrome://global/skin/media - { regex: /^chrome://global/skin/media/.+.css$/, - type: Ci.nsIContentPolicy.TYPE_STYLESHEET }, - ], - - // nsISupports - QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory, - Ci.nsISupportsWeakReference]), - - // nsIFactory - createInstance: function(outer, iid) - { - if (outer) - throw Cr.NS_ERROR_NO_AGGREGATION; - return this.QueryInterface(iid); - }, - - // nsIContentPolicy - shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) { - - // Accept if the user does not care, no content URI is available or scheme - // is not resource/chrome. - if (this.uriFingerprinting || !aContentLocation || - !(aContentLocation.schemeIs('resource') || - aContentLocation.schemeIs('chrome'))) { - return Ci.nsIContentPolicy.ACCEPT; - } - - // Accept if no origin URI or if origin scheme is - // chrome/resource/about/view-source. - if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || - aRequestOrigin.schemeIs('chrome') || - aRequestOrigin.schemeIs('about') || - aRequestOrigin.schemeIs('view-source')) - return Ci.nsIContentPolicy.ACCEPT; - - // Accept if resource directly loaded into a tab. - if (Ci.nsIContentPolicy.TYPE_DOCUMENT === aContentType) - return Ci.nsIContentPolicy.ACCEPT; - - // There's certain things that break horribly if they aren't allowed to - // access URIs with proscribed schemes, with `aContentOrigin` basically - // set to arbibrary URIs. - // - // XXX: Feature gate this behind the security slider or something, I don't - // give a fuck. - if (aContentLocation.spec in this.uriWhitelist) - if (this.uriWhitelist[aContentLocation.spec] == aContentType) - return Ci.nsIContentPolicy.ACCEPT; - - for (let wlObj of this.uriRegexWhitelist) { - if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec)) - return Ci.nsIContentPolicy.ACCEPT; - } - - return Ci.nsIContentPolicy.REJECT_REQUEST; - }, - - shouldProcess: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeType, aExtra) { - return Ci.nsIContentPolicy.ACCEPT; - }, -}; - -// Install a HTTP response handler to check for redirects to URLs with schemes -// that should be internal to the browser. There's various safeguards and -// checks that cause the body to be unavailable, but the `onLoad()` behavior -// is inconsistent, which results in leaking information about the specific -// user agent instance (eg: what addons are installed). -var requestObserver = { - ioService: Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService), - observerService: Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService), - - start: function() { - this.observerService.addObserver(this, "http-on-examine-response", false); - }, - - observe: function(aSubject, aTopic, aData) { - let aChannel = aSubject.QueryInterface(Ci.nsIHttpChannel); - let aStatus = aChannel.responseStatus; - - // If this is a redirect... - // - // Note: `304 Not Modifed` isn't a redirect, so there is no Location header to check - // in that case. - if (aStatus >= 300 && aStatus < 400 && aStatus != 304) { - let location = aChannel.getResponseHeader("Location"); - let aUri = this.ioService.newURI(location, null, null); - - // And it's redirecting into the browser or addon's internal URLs... - if (aUri.schemeIs("resource") || aUri.schemeIs("chrome") || aUri.schemeIs("about")) { - // Cancel the request. - aSubject.cancel(Components.results.NS_BINDING_ABORTED); - } - } - }, -}; - -// Create a content policy object; initialization is done in the contructor. -var cp = new ContentPolicy(); - -// In the chrome process, register the request observer to handle redirects. -if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_DEFAULT) { - requestObserver.start(); -} diff --git a/src/components/startup-observer.js b/src/components/startup-observer.js index 144d600a..cd9e7d2c 100644 --- a/src/components/startup-observer.js +++ b/src/components/startup-observer.js @@ -62,13 +62,10 @@ function StartupObserver() { this.logger.log(4, "Early proxy change failed. Will try again at profile load. Error: "+e); }
- // Arrange for our nsIContentPolicy filter and about:tor handler to be - // loaded in the default (chrome) process as well as in each content - // process. + // Arrange for our about:tor handler to be loaded in the default (chrome) + // process as well as in each content process. let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"] .getService(Ci.nsIProcessScriptLoader); - ppmm.loadProcessScript("resource://torbutton/components/content-policy.js", - true); ppmm.loadProcessScript("resource://torbutton/components/aboutTor.js", true); } diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js index 43401ad0..428e70bc 100644 --- a/src/defaults/preferences/preferences.js +++ b/src/defaults/preferences/preferences.js @@ -34,7 +34,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last pref("extensions.torbutton.tor_memory_jar",false); pref("extensions.torbutton.nontor_memory_jar",false); pref("extensions.torbutton.launch_warning",true); -pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false); + // Opt out of Firefox addon pings: // https://developer.mozilla.org/en/Addons/Working_with_AMO pref("extensions.torbutton@torproject.org.getAddons.cache.enabled", false);
tbb-commits@lists.torproject.org