ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits: 91e057ca by cypherpunks1 at 2023-12-04T13:06:55+01:00 fixup! Bug 23247: Communicating security expectations for .onion
Bug 42231: Improve the network monitor patch for http onion resources
- - - - -
2 changed files:
- devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs
Changes:
===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component {
const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"];
@@ -50,7 +50,11 @@ class SecurityState extends Component {
// Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; }
===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = {
// The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; }
@@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure";
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91e057ca...
tbb-commits@lists.torproject.org