GitLab

at 2025-03-18T15:25:24+00:00

fixup! TB 40933: Add tor-launcher functionality

TB 43405: Split TorProvider writeSettings into separate methods for the
proxy, firewall and bridges settings.

We also call TorSettings.setTorProvider instead of
TorProvider.writeSettings so that TorSettings can handle the application
errors.

@@ -96,6 +96,8 @@ ChromeUtils.defineESModuleGetters(lazy, {
    TorConnect: "resource://gre/modules/TorConnect.sys.mjs",
    TorConnectTopics: "resource://gre/modules/TorConnect.sys.mjs",
    TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs",
 +  TorSettingsNotification:
 +    "resource:///modules/TorSettingsNotification.sys.mjs",
    UIState: "resource://services-sync/UIState.sys.mjs",
    UrlbarPrefs: "resource:///modules/UrlbarPrefs.sys.mjs",
    WebChannel: "resource://gre/modules/WebChannel.sys.mjs",
@@ -2030,6 +2032,8 @@ BrowserGlue.prototype = {
      lazy.TorProviderBuilder.firstWindowLoaded();
 +    lazy.TorSettingsNotification.ready();
++
      ClipboardPrivacy.startup();
      this._firstWindowTelemetry(aWindow);

@@ -61,6 +61,7 @@
          <html:input
            id="torPreferences-localProxy-textboxAddress"
            type="text"
 +          required="required"
            class="torMarginFix"
            data-l10n-id="tor-advanced-dialog-proxy-address-input"
          />
@@ -75,7 +76,8 @@
            class="proxy-port-input torMarginFix"
            hidespinbuttons="true"
            type="number"
 -          min="0"
 +          required="required"
 +          min="1"
            max="65535"
            maxlength="5"
          />
@@ -121,11 +123,14 @@
          />
        </hbox>
        <hbox id="torPreferences-connection-hboxAllowedPorts" align="center">
 +        <!-- NOTE: The pattern allows comma-separated strictly positive
 +           - integers. In particular "0" is not allowed. -->
          <html:input
            id="torPreferences-connection-textboxAllowedPorts"
            type="text"
 +          required="required"
 +          pattern="^(\s*,\s*)*[1-9][0-9]*((\s*,\s*)|([1-9][0-9]*))*$"
            class="torMarginFix"
 -          value="80,443"
            data-l10n-id="tor-advanced-dialog-firewall-ports-input"
          />
        </hbox>

 +const lazy = {};
++
 +ChromeUtils.defineESModuleGetters(lazy, {
 +  BrowserWindowTracker: "resource:///modules/BrowserWindowTracker.sys.mjs",
 +  TorSettings: "resource://gre/modules/TorSettings.sys.mjs",
 +  TorSettingsTopics: "resource://gre/modules/TorSettings.sys.mjs",
 +});
++
 +ChromeUtils.defineLazyGetter(lazy, "NotificationStrings", function () {
 +  return new Localization(["toolkit/global/tor-browser.ftl"]);
 +});
++
 +/**
 + * Shows a notification whenever we get an ApplyError.
 + */
 +export const TorSettingsNotification = {
 +  /**
 +   * Whether we have already been initialised.
 +   *
 +   * @type {boolean}
 +   */
 +  _initialized: false,
++
 +  /**
 +   * Called when the UI is ready to show a notification.
 +   */
 +  ready() {
 +    if (this._initialized) {
 +      return;
 +    }
 +    this._initialized = true;
 +    Services.obs.addObserver(this, lazy.TorSettingsTopics.ApplyError);
++
 +    // Show the notification for each group of settings if they have an error
 +    // that was triggered prior to `ready` being called.
 +    this.showNotification("bridges");
 +    this.showNotification("proxy");
 +    this.showNotification("firewall");
 +  },
++
 +  observe(subject, topic) {
 +    if (topic === lazy.TorSettingsTopics.ApplyError) {
 +      this.showNotification(subject.wrappedJSObject.group);
 +    }
 +  },
++
 +  /**
 +   * A promise for the `showNotification` method to ensure we only show one
 +   * notification at a time.
 +   *
 +   * @type {?Promise}
 +   */
 +  _notificationPromise: null,
++
 +  /**
 +   * Show a notification for the given group of settings if `TorSettings` has an
 +   * error for them.
 +   *
 +   * @param {string} group - The settings group to show the notification for.
 +   */
 +  async showNotification(group) {
 +    const prevNotificationPromise = this._notificationPromise;
 +    let notificationComplete;
 +    ({ promise: this._notificationPromise, resolve: notificationComplete } =
 +      Promise.withResolvers());
 +    // Only want to show one notification at a time, so queue behind the
 +    // previous one.
 +    await prevNotificationPromise;
++
 +    // NOTE: We only show the notification for a single `group` at a time, even
 +    // when TorSettings has errors for multiple groups. This keeps the strings
 +    // simple and means we can show different buttons depending on `canUndo` for
 +    // each group individually.
 +    // If we do have multiple errors the notification for each group will simply
 +    // queue behind each other.
 +    try {
 +      // Grab the latest error value, which may have changed since
 +      // showNotification was first called.
 +      const error = lazy.TorSettings.getApplyError(group);
 +      if (!error) {
 +        // No current error for this group.
 +        return;
 +      }
++
 +      const { canUndo } = error;
++
 +      let titleId;
 +      let introId;
 +      switch (group) {
 +        case "bridges":
 +          titleId = "tor-settings-failed-notification-title-bridges";
 +          introId = "tor-settings-failed-notification-cause-bridges";
 +          break;
 +        case "proxy":
 +          titleId = "tor-settings-failed-notification-title-proxy";
 +          introId = "tor-settings-failed-notification-cause-proxy";
 +          break;
 +        case "firewall":
 +          titleId = "tor-settings-failed-notification-title-firewall";
 +          introId = "tor-settings-failed-notification-cause-firewall";
 +          break;
 +      }
++
 +      const [
 +        titleText,
 +        introText,
 +        bodyText,
 +        primaryButtonText,
 +        secondaryButtonText,
 +      ] = await lazy.NotificationStrings.formatValues([
 +        { id: titleId },
 +        { id: introId },
 +        {
 +          id: canUndo
 +            ? "tor-settings-failed-notification-body-undo"
 +            : "tor-settings-failed-notification-body-default",
 +        },
 +        {
 +          id: canUndo
 +            ? "tor-settings-failed-notification-button-undo"
 +            : "tor-settings-failed-notification-button-clear",
 +        },
 +        { id: "tor-settings-failed-notification-button-fix-myself" },
 +      ]);
++
 +      const propBag = await Services.prompt.asyncConfirmEx(
 +        lazy.BrowserWindowTracker.getTopWindow()?.browsingContext ?? null,
 +        Services.prompt.MODAL_TYPE_INTERNAL_WINDOW,
 +        titleText,
 +        // Concatenate the intro text and the body text. Really these should be
 +        // separate paragraph elements, but the prompt service does not support
 +        // this. We split them with a double newline, which will hopefully avoid
 +        // the usual problems with concatenating localised strings.
 +        `${introText}\n\n${bodyText}`,
 +        Services.prompt.BUTTON_TITLE_IS_STRING * Services.prompt.BUTTON_POS_0 +
 +          Services.prompt.BUTTON_TITLE_IS_STRING * Services.prompt.BUTTON_POS_1,
 +        primaryButtonText,
 +        secondaryButtonText,
 +        null,
 +        null,
 +        null,
 +        {}
 +      );
++
 +      const buttonNum = propBag.get("buttonNumClicked");
++
 +      if (buttonNum === 0) {
 +        if (canUndo) {
 +          // Wait for these methods in case they resolve the error for a pending
 +          // showNotification call.
 +          await lazy.TorSettings.undoFailedSettings(group);
 +        } else {
 +          await lazy.TorSettings.clearFailedSettings(group);
 +        }
 +      } else if (buttonNum === 1) {
 +        let win = lazy.BrowserWindowTracker.getTopWindow();
 +        if (!win) {
 +          win = await lazy.BrowserWindowTracker.promiseOpenWindow();
 +        }
 +        // Open the preferences or switch to its tab and highlight the Tor log.
 +        win.openPreferences("connection-viewlogs");
 +      }
 +    } finally {
 +      notificationComplete();
 +    }
 +  },
 +};

@@ -129,6 +129,7 @@ EXTRA_JS_MODULES += [
      "SelectionChangedMenulist.sys.mjs",
      "SiteDataManager.sys.mjs",
      "SitePermissions.sys.mjs",
 +    "TorSettingsNotification.sys.mjs",
      "TorUIUtils.sys.mjs",
      "TransientPrefs.sys.mjs",
      "URILoadingHelper.sys.mjs",

@@ -210,7 +210,7 @@ export class TorProvider {
      if (this.ownsTorDaemon) {
        try {
          await lazy.TorSettings.initializedPromise;
 -        await this.writeSettings();
 +        await lazy.TorSettings.setTorProvider(this);
        } catch (e) {
          logger.warn(
            "Failed to initialize TorSettings or to write our initial settings. Continuing the initialization anyway.",
@@ -252,44 +252,65 @@ export class TorProvider {
    /**
     * Send settings to the tor daemon.
+    *
 -   * This should only be called internally or by the TorSettings module.
 +   * @param {Map<string, ?string>} torSettings - The key value pairs to pass in.
     */
 -  async writeSettings() {
 -    // Fetch the current settings.
 -    // We set the useTemporary parameter since we want to apply temporary
 -    // bridges if they are available.
 -    const settings = lazy.TorSettings.getSettings(true);
 -    logger.debug("TorProvider.writeSettings", settings);
 +  async #writeSettings(torSettings) {
 +    logger.debug("Mapped settings object", torSettings);
++
 +    // NOTE: The order in which TorProvider.#writeSettings should match the
 +    // order in which the configuration is passed onto setConf. In turn,
 +    // TorControlPort.setConf should similarly ensure that the configuration
 +    // reaches the tor process in the same order.
 +    // In particular, we do not want a race where an earlier call to
 +    // TorProvider.#writeSettings for overlapping settings can be delayed and
 +    // override a later call.
 +    await this.#controller.setConf(Array.from(torSettings));
 +  }
++
 +  /**
 +   * Send bridge settings to the tor daemon.
 +   *
 +   * This should only be called by the `TorSettings` module.
 +   *
 +   * @param {TorBridgeSettings} bridges - The bridge settings to apply.
 +   */
 +  async writeBridgeSettings(bridges) {
 +    logger.debug("TorProvider.writeBridgeSettings", bridges);
      const torSettings = new Map();
      // Bridges
 -    const haveBridges =
 -      settings.bridges?.enabled && !!settings.bridges.bridge_strings.length;
 +    const haveBridges = bridges?.enabled && !!bridges.bridge_strings.length;
      torSettings.set(TorConfigKeys.useBridges, haveBridges);
 -    if (haveBridges) {
 -      torSettings.set(
 -        TorConfigKeys.bridgeList,
 -        settings.bridges.bridge_strings
 -      );
 -    } else {
 -      torSettings.set(TorConfigKeys.bridgeList, null);
 -    }
 +    torSettings.set(
 +      TorConfigKeys.bridgeList,
 +      haveBridges ? bridges.bridge_strings : null
 +    );
++
 +    await this.#writeSettings(torSettings);
 +  }
++
 +  /**
 +   * Send proxy settings to the tor daemon.
 +   *
 +   * This should only be called by the `TorSettings` module.
 +   *
 +   * @param {TorProxySettings} proxy - The proxy settings to apply.
 +   */
 +  async writeProxySettings(proxy) {
 +    logger.debug("TorProvider.writeProxySettings", proxy);
 +    const torSettings = new Map();
 -    // Proxy
      torSettings.set(TorConfigKeys.socks4Proxy, null);
      torSettings.set(TorConfigKeys.socks5Proxy, null);
      torSettings.set(TorConfigKeys.socks5ProxyUsername, null);
      torSettings.set(TorConfigKeys.socks5ProxyPassword, null);
      torSettings.set(TorConfigKeys.httpsProxy, null);
      torSettings.set(TorConfigKeys.httpsProxyAuthenticator, null);
 -    if (settings.proxy && !settings.proxy.enabled) {
 -      settings.proxy.type = null;
 -    }
 -    const address = settings.proxy?.address;
 -    const port = settings.proxy?.port;
 -    const username = settings.proxy?.username;
 -    const password = settings.proxy?.password;
 -    switch (settings.proxy?.type) {
++
 +    const type = proxy.enabled ? proxy.type : null;
 +    const { address, port, username, password } = proxy;
++
 +    switch (type) {
        case lazy.TorProxyType.Socks4:
          torSettings.set(TorConfigKeys.socks4Proxy, `${address}:${port}`);
          break;
@@ -307,27 +328,28 @@ export class TorProvider {
          break;
+     }
 -    // Firewall
 -    if (settings.firewall?.enabled) {
 -      const reachableAddresses = settings.firewall.allowed_ports
 -        .map(port => `*:${port}`)
 -        .join(",");
 -      torSettings.set(TorConfigKeys.reachableAddresses, reachableAddresses);
 -    } else {
 -      torSettings.set(TorConfigKeys.reachableAddresses, null);
 -    }
 +    await this.#writeSettings(torSettings);
 +  }
 -    logger.debug("Mapped settings object", settings, torSettings);
 +  /**
 +   * Send firewall settings to the tor daemon.
 +   *
 +   * This should only be called by the `TorSettings` module.
 +   *
 +   * @param {TorFirewallSettings} firewall - The firewall settings to apply.
 +   */
 +  async writeFirewallSettings(firewall) {
 +    logger.debug("TorProvider.writeFirewallSettings", firewall);
 +    const torSettings = new Map();
 -    // Send settings to the tor process.
 -    // NOTE: Since everything up to this point has been non-async, the order in
 -    // which TorProvider.writeSettings is called should match the order in which
 -    // the configuration is passed onto setConf. In turn, TorControlPort.setConf
 -    // should similarly ensure that the configuration reaches the tor process in
 -    // the same order.
 -    // In particular, we do not want a race where an earlier call to
 -    // TorProvider.writeSettings can be delayed and override a later call.
 -    await this.#controller.setConf(Array.from(torSettings));
 +    torSettings.set(
 +      TorConfigKeys.reachableAddresses,
 +      firewall.enabled
 +        ? firewall.allowed_ports.map(port => `*:${port}`).join(",")
 +        : null
 +    );
++
 +    await this.#writeSettings(torSettings);
+   }
    async flushSettings() {

henry pushed to branch tor-browser-128.8.0esr-14.5-1 at The Tor Project / Applications / Tor Browser

Commits:

8 changed files:

Changes:

@@ -5,6 +5,7 @@ const { TorSettings, TorProxyType } = ChromeUtils.importESModule(
  );
  const gConnectionSettingsDialog = {
 +  _acceptButton: null,
    _useProxyCheckbox: null,
    _proxyTypeLabel: null,
    _proxyTypeMenulist: null,
@@ -38,25 +39,43 @@ const gConnectionSettingsDialog = {
        "input#torPreferences-connection-textboxAllowedPorts",
    },
 -  // disables the provided list of elements
 -  _setElementsDisabled(elements, disabled) {
 -    for (let currentElement of elements) {
 -      currentElement.disabled = disabled;
 -    }
 -  },
 +  /**
 +   * The "proxy" and "firewall" settings to pass on to TorSettings.
 +   *
 +   * Each group is `null` whilst the inputs are invalid.
 +   *
 +   * @type {{proxy: ?object, firewall: ?object}}
 +   */
 +  _settings: { proxy: null, firewall: null },
    init() {
 +    const currentSettings = TorSettings.getSettings();
++
 +    const dialog = document.getElementById("torPreferences-connection-dialog");
 +    dialog.addEventListener("dialogaccept", event => {
 +      if (!this._settings.proxy || !this._settings.firewall) {
 +        // Do not close yet.
 +        event.preventDefault();
 +        return;
 +      }
 +      // TODO: Maybe wait for the method to resolve before closing. Although
 +      // this can take a few seconds. See tor-browser#43467.
 +      TorSettings.changeSettings(this._settings);
 +    });
 +    this._acceptButton = dialog.getButton("accept");
++
      const selectors = this.selectors;
      // Local Proxy
      this._useProxyCheckbox = document.querySelector(selectors.useProxyCheckbox);
 +    this._useProxyCheckbox.checked = currentSettings.proxy.enabled;
      this._useProxyCheckbox.addEventListener("command", () => {
 -      const checked = this._useProxyCheckbox.checked;
 -      this.onToggleProxy(checked);
 +      this.updateProxyType();
      });
++
      this._proxyTypeLabel = document.querySelector(selectors.proxyTypeLabel);
 -    let mockProxies = [
 +    const mockProxies = [
+       {
          value: TorProxyType.Socks4,
          l10nId: "tor-advanced-dialog-proxy-socks4-menuitem",
@@ -72,15 +91,17 @@ const gConnectionSettingsDialog = {
      ];
      this._proxyTypeMenulist = document.querySelector(selectors.proxyTypeList);
      this._proxyTypeMenulist.addEventListener("command", () => {
 -      const value = this._proxyTypeMenulist.value;
 -      this.onSelectProxyType(value);
 +      this.updateProxyType();
      });
 -    for (let currentProxy of mockProxies) {
 +    for (const currentProxy of mockProxies) {
        let menuEntry = window.document.createXULElement("menuitem");
        menuEntry.setAttribute("value", currentProxy.value);
        menuEntry.setAttribute("data-l10n-id", currentProxy.l10nId);
        this._proxyTypeMenulist.querySelector("menupopup").appendChild(menuEntry);
+     }
 +    this._proxyTypeMenulist.value = currentSettings.proxy.enabled
 +      ? currentSettings.proxy.type
 +      : "";
      this._proxyAddressLabel = document.querySelector(
        selectors.proxyAddressLabel
@@ -89,13 +110,15 @@ const gConnectionSettingsDialog = {
        selectors.proxyAddressTextbox
      );
      this._proxyAddressTextbox.addEventListener("blur", () => {
 +      // If the address includes a port move it to the port input instead.
        let value = this._proxyAddressTextbox.value.trim();
        let colon = value.lastIndexOf(":");
        if (colon != -1) {
 -        let maybePort = parseInt(value.substr(colon + 1));
 -        if (!isNaN(maybePort) && maybePort > 0 && maybePort < 65536) {
 +        let maybePort = this.parsePort(value.substr(colon + 1));
 +        if (maybePort !== null) {
            this._proxyAddressTextbox.value = value.substr(0, colon);
            this._proxyPortTextbox.value = maybePort;
 +          this.updateProxy();
+         }
+       }
      });
@@ -114,23 +137,36 @@ const gConnectionSettingsDialog = {
        selectors.proxyPasswordTextbox
      );
 -    this.onToggleProxy(false);
 -    if (TorSettings.proxy.enabled) {
 -      this.onToggleProxy(true);
 -      this.onSelectProxyType(TorSettings.proxy.type);
 -      this._proxyAddressTextbox.value = TorSettings.proxy.address;
 -      this._proxyPortTextbox.value = TorSettings.proxy.port;
 -      this._proxyUsernameTextbox.value = TorSettings.proxy.username;
 -      this._proxyPasswordTextbox.value = TorSettings.proxy.password;
 +    if (currentSettings.proxy.enabled) {
 +      this._proxyAddressTextbox.value = currentSettings.proxy.address;
 +      this._proxyPortTextbox.value = currentSettings.proxy.port;
 +      this._proxyUsernameTextbox.value = currentSettings.proxy.username;
 +      this._proxyPasswordTextbox.value = currentSettings.proxy.password;
 +    } else {
 +      this._proxyAddressTextbox.value = "";
 +      this._proxyPortTextbox.value = "";
 +      this._proxyUsernameTextbox.value = "";
 +      this._proxyPasswordTextbox.value = "";
 +    }
++
 +    for (const el of [
 +      this._proxyAddressTextbox,
 +      this._proxyPortTextbox,
 +      this._proxyUsernameTextbox,
 +      this._proxyPasswordTextbox,
 +    ]) {
 +      el.addEventListener("input", () => {
 +        this.updateProxy();
 +      });
+     }
      // Local firewall
      this._useFirewallCheckbox = document.querySelector(
        selectors.useFirewallCheckbox
      );
 +    this._useFirewallCheckbox.checked = currentSettings.firewall.enabled;
      this._useFirewallCheckbox.addEventListener("command", () => {
 -      const checked = this._useFirewallCheckbox.checked;
 -      this.onToggleFirewall(checked);
 +      this.updateFirewallEnabled();
      });
      this._allowedPortsLabel = document.querySelector(
        selectors.firewallAllowedPortsLabel
@@ -138,182 +174,161 @@ const gConnectionSettingsDialog = {
      this._allowedPortsTextbox = document.querySelector(
        selectors.firewallAllowedPortsTextbox
      );
 +    this._allowedPortsTextbox.value = currentSettings.firewall.enabled
 +      ? currentSettings.firewall.allowed_ports.join(",")
 +      : "80,443";
 -    this.onToggleFirewall(false);
 -    if (TorSettings.firewall.enabled) {
 -      this.onToggleFirewall(true);
 -      this._allowedPortsTextbox.value =
 -        TorSettings.firewall.allowed_ports.join(", ");
 -    }
+-
 -    const dialog = document.getElementById("torPreferences-connection-dialog");
 -    dialog.addEventListener("dialogaccept", () => {
 -      this._applySettings();
 +    this._allowedPortsTextbox.addEventListener("input", () => {
 +      this.updateFirewall();
      });
 -  },
 -  // callback when proxy is toggled
 -  onToggleProxy(enabled) {
 -    this._useProxyCheckbox.checked = enabled;
 -    let disabled = !enabled;
 +    this.updateProxyType();
 +    this.updateFirewallEnabled();
 +  },
 -    this._setElementsDisabled(
 -      [
 -        this._proxyTypeLabel,
 -        this._proxyTypeMenulist,
 -        this._proxyAddressLabel,
 -        this._proxyAddressTextbox,
 -        this._proxyPortLabel,
 -        this._proxyPortTextbox,
 -        this._proxyUsernameLabel,
 -        this._proxyUsernameTextbox,
 -        this._proxyPasswordLabel,
 -        this._proxyPasswordTextbox,
 -      ],
 -      disabled
 -    );
 -    if (enabled) {
 -      this.onSelectProxyType(this._proxyTypeMenulist.value);
 +  /**
 +   * Convert a string into a port number.
 +   *
 +   * @param {string} portStr - The string to convert.
 +   * @returns {?integer} - The port number, or `null` if the given string could
 +   *   not be converted.
 +   */
 +  parsePort(portStr) {
 +    const portRegex = /^[1-9][0-9]*$/; // Strictly-positive decimal integer.
 +    if (!portRegex.test(portStr)) {
 +      return null;
+     }
 +    const port = parseInt(portStr, 10);
 +    if (TorSettings.validPort(port)) {
 +      return port;
 +    }
 +    return null;
    },
 -  // callback when proxy type is changed
 -  onSelectProxyType(value) {
 -    if (typeof value === "string") {
 -      value = parseInt(value);
 -    }
 +  /**
 +   * Update the disabled state of the accept button.
 +   */
 +  updateAcceptButton() {
 +    this._acceptButton.disabled =
 +      !this._settings.proxy || !this._settings.firewall;
 +  },
 -    this._proxyTypeMenulist.value = value;
 -    switch (value) {
 -      case TorProxyType.Invalid: {
 -        this._setElementsDisabled(
 -          [
 -            this._proxyAddressLabel,
 -            this._proxyAddressTextbox,
 -            this._proxyPortLabel,
 -            this._proxyPortTextbox,
 -            this._proxyUsernameLabel,
 -            this._proxyUsernameTextbox,
 -            this._proxyPasswordLabel,
 -            this._proxyPasswordTextbox,
 -          ],
 -          true
 -        ); // DISABLE
 +  /**
 +   * Update the UI when the proxy setting is enabled or disabled, or the proxy
 +   * type changes.
 +   */
 +  updateProxyType() {
 +    const enabled = this._useProxyCheckbox.checked;
 +    const haveType = enabled && Boolean(this._proxyTypeMenulist.value);
 +    const type = parseInt(this._proxyTypeMenulist.value, 10);
 -        this._proxyAddressTextbox.value = "";
 -        this._proxyPortTextbox.value = "";
 -        this._proxyUsernameTextbox.value = "";
 -        this._proxyPasswordTextbox.value = "";
 -        break;
 -      }
 -      case TorProxyType.Socks4: {
 -        this._setElementsDisabled(
 -          [
 -            this._proxyAddressLabel,
 -            this._proxyAddressTextbox,
 -            this._proxyPortLabel,
 -            this._proxyPortTextbox,
 -          ],
 -          false
 -        ); // ENABLE
 -        this._setElementsDisabled(
 -          [
 -            this._proxyUsernameLabel,
 -            this._proxyUsernameTextbox,
 -            this._proxyPasswordLabel,
 -            this._proxyPasswordTextbox,
 -          ],
 -          true
 -        ); // DISABLE
 +    this._proxyTypeLabel.disabled = !enabled;
 +    this._proxyTypeMenulist.disabled = !enabled;
 +    this._proxyAddressLabel.disabled = !haveType;
 +    this._proxyAddressTextbox.disabled = !haveType;
 +    this._proxyPortLabel.disabled = !haveType;
 +    this._proxyPortTextbox.disabled = !haveType;
 +    this._proxyUsernameTextbox.disabled =
 +      !haveType || type === TorProxyType.Socks4;
 +    this._proxyPasswordTextbox.disabled =
 +      !haveType || type === TorProxyType.Socks4;
 +    if (type === TorProxyType.Socks4) {
 +      // Clear unused value.
 +      this._proxyUsernameTextbox.value = "";
 +      this._proxyPasswordTextbox.value = "";
 +    }
 -        this._proxyUsernameTextbox.value = "";
 -        this._proxyPasswordTextbox.value = "";
 -        break;
 -      }
 -      case TorProxyType.Socks5:
 -      case TorProxyType.HTTPS: {
 -        this._setElementsDisabled(
 -          [
 -            this._proxyAddressLabel,
 -            this._proxyAddressTextbox,
 -            this._proxyPortLabel,
 -            this._proxyPortTextbox,
 -            this._proxyUsernameLabel,
 -            this._proxyUsernameTextbox,
 -            this._proxyPasswordLabel,
 -            this._proxyPasswordTextbox,
 -          ],
 -          false
 -        ); // ENABLE
 -        break;
 +    this.updateProxy();
 +  },
++
 +  /**
 +   * Update the dialog's stored proxy values.
 +   */
 +  updateProxy() {
 +    if (this._useProxyCheckbox.checked) {
 +      const typeStr = this._proxyTypeMenulist.value;
 +      const type = parseInt(typeStr, 10);
 +      // TODO: Validate the address. See tor-browser#43467.
 +      const address = this._proxyAddressTextbox.value;
 +      const portStr = this._proxyPortTextbox.value;
 +      const username =
 +        type === TorProxyType.Socks4 ? "" : this._proxyUsernameTextbox.value;
 +      const password =
 +        type === TorProxyType.Socks4 ? "" : this._proxyPasswordTextbox.value;
 +      const port = parseInt(portStr, 10);
 +      if (
 +        !typeStr ||
 +        !address ||
 +        !portStr ||
 +        !TorSettings.validPort(port) ||
 +        // SOCKS5 needs either both username and password, or neither.
 +        (type === TorProxyType.Socks5 &&
 +          !TorSettings.validSocks5Credentials(username, password))
 +      ) {
 +        // Invalid.
 +        this._settings.proxy = null;
 +      } else {
 +        this._settings.proxy = {
 +          enabled: true,
 +          type,
 +          address,
 +          port,
 +          username,
 +          password,
 +        };
+       }
 +    } else {
 +      this._settings.proxy = { enabled: false };
+     }
++
 +    this.updateAcceptButton();
    },
 -  // callback when firewall proxy is toggled
 -  onToggleFirewall(enabled) {
 -    this._useFirewallCheckbox.checked = enabled;
 -    let disabled = !enabled;
 +  /**
 +   * Update the UI when the firewall setting is enabled or disabled.
 +   */
 +  updateFirewallEnabled() {
 +    const enabled = this._useFirewallCheckbox.checked;
 +    this._allowedPortsLabel.disabled = !enabled;
 +    this._allowedPortsTextbox.disabled = !enabled;
 -    this._setElementsDisabled(
 -      [this._allowedPortsLabel, this._allowedPortsTextbox],
 -      disabled
 -    );
 +    this.updateFirewall();
    },
 -  // pushes settings from UI to tor
 -  _applySettings() {
 -    const type = this._useProxyCheckbox.checked
 -      ? parseInt(this._proxyTypeMenulist.value)
 -      : TorProxyType.Invalid;
 -    const address = this._proxyAddressTextbox.value;
 -    const port = this._proxyPortTextbox.value;
 -    const username = this._proxyUsernameTextbox.value;
 -    const password = this._proxyPasswordTextbox.value;
 -    const settings = { proxy: {}, firewall: {} };
 -    switch (type) {
 -      case TorProxyType.Invalid:
 -        settings.proxy.enabled = false;
 -        break;
 -      case TorProxyType.Socks4:
 -        settings.proxy.enabled = true;
 -        settings.proxy.type = type;
 -        settings.proxy.address = address;
 -        settings.proxy.port = port;
 -        settings.proxy.username = "";
 -        settings.proxy.password = "";
 -        break;
 -      case TorProxyType.Socks5:
 -        settings.proxy.enabled = true;
 -        settings.proxy.type = type;
 -        settings.proxy.address = address;
 -        settings.proxy.port = port;
 -        settings.proxy.username = username;
 -        settings.proxy.password = password;
 -        break;
 -      case TorProxyType.HTTPS:
 -        settings.proxy.enabled = true;
 -        settings.proxy.type = type;
 -        settings.proxy.address = address;
 -        settings.proxy.port = port;
 -        settings.proxy.username = username;
 -        settings.proxy.password = password;
 -        break;
 -    }
+-
 -    let portListString = this._useFirewallCheckbox.checked
 -      ? this._allowedPortsTextbox.value
 -      : "";
 -    if (portListString) {
 -      settings.firewall.enabled = true;
 -      settings.firewall.allowed_ports = portListString;
 +  /**
 +   * Update the dialog's stored firewall values.
 +   */
 +  updateFirewall() {
 +    if (this._useFirewallCheckbox.checked) {
 +      const portList = [];
 +      let listInvalid = false;
 +      for (const portStr of this._allowedPortsTextbox.value.split(
 +        /(?:\s*,\s*)+/g
 +      )) {
 +        if (!portStr) {
 +          // Trailing or leading comma.
 +          continue;
 +        }
 +        const port = this.parsePort(portStr);
 +        if (port === null) {
 +          listInvalid = true;
 +          break;
 +        }
 +        portList.push(port);
 +      }
 +      if (!listInvalid && portList.length) {
 +        this._settings.firewall = {
 +          enabled: true,
 +          allowed_ports: portList,
 +        };
 +      } else {
 +        this._settings.firewall = null;
 +      }
      } else {
 -      settings.firewall.enabled = false;
 +      this._settings.firewall = { enabled: false };
+     }
 -    // FIXME: What if this fails? Should we prevent the dialog to close and show
 -    // an error?
 -    TorSettings.changeSettings(settings);
 +    this.updateAcceptButton();
    },
  };

@@ -467,6 +467,29 @@ tor-advanced-dialog-firewall-ports-input-label = Allowed ports
  tor-advanced-dialog-firewall-ports-input =
      .placeholder = Comma-separated values
 +## Tor settings error notification.
++
 +# Shown when the user's Tor bridge settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-title-bridges = Your Tor bridge settings could not be applied
 +# Shown when the user's Tor bridge settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-cause-bridges = This could be due to an invalid bridge address.
 +# Shown when the user's Tor proxy settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-title-proxy = Your Tor proxy settings could not be applied
 +# Shown when the user's Tor proxy settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-cause-proxy = This could be due to invalid proxy information.
 +# Shown when the user's Tor firewall settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-title-firewall = Your Tor firewall settings could not be applied
 +# Shown when the user's Tor firewall settings could not be passed on to the Tor daemon.
 +tor-settings-failed-notification-cause-firewall = This could be due to invalid firewall information.
 +tor-settings-failed-notification-body-undo = Until fixed, your Tor connection will continue to use your previous settings. You can either undo the latest changes to restore the previous working settings or check the Tor log to find and fix the issue yourself.
 +tor-settings-failed-notification-body-default = Until fixed, your Tor connection will continue to use default settings. You can either clear the problematic settings to restore them to default or check the Tor log to find and fix the issue yourself.
 +# Button to revert the latest user settings.
 +tor-settings-failed-notification-button-undo = Undo changes
 +# Button to clear the user settings.
 +tor-settings-failed-notification-button-clear = Clear
 +# Button for the user to declare that they will fix the problematic settings by themself.
 +tor-settings-failed-notification-button-fix-myself = Fix myself
++
  ## About Tor Browser dialog.
  # '<label data-l10n-name="project-link">' and '</label>' should wrap the link text for the Tor Project, and will link to the Tor Project web page.

@@ -9,7 +9,6 @@ ChromeUtils.defineESModuleGetters(lazy, {
    Lox: "resource://gre/modules/Lox.sys.mjs",
    LoxTopics: "resource://gre/modules/Lox.sys.mjs",
    TorParsers: "resource://gre/modules/TorParsers.sys.mjs",
 -  TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs",
  });
  ChromeUtils.defineLazyGetter(lazy, "logger", () => {
@@ -23,6 +22,7 @@ ChromeUtils.defineLazyGetter(lazy, "logger", () => {
  export const TorSettingsTopics = Object.freeze({
    Ready: "torsettings:ready",
    SettingsChanged: "torsettings:settings-changed",
 +  ApplyError: "torsettings:apply-error",
  });
  /* Prefs used to store settings in TorBrowser prefs */
@@ -162,44 +162,74 @@ function arrayShuffle(array) {
    return array;
+ }
 +/**
 + * @typedef {Object} TorBridgeSettings
 + *
 + * Represents the Tor bridge settings.
 + *
 + * @property {boolean} enabled - Whether bridges are enabled.
 + * @property {integer} source - The source of bridges. One of the values in
 + *   `TorBridgeSource`.
 + * @property {string} lox_id - The ID of the lox credentials to get bridges for.
 + *   Or "" if not using a `Lox` `source`.
 + * @property {string} builtin_type - The name of the built-in bridge type. Or ""
 + *   if not using a `BuiltIn` `source`.
 + * @property {string[]} bridge_strings - The bridge lines to be passed to the
 + *   provider. Should be empty if and only if the `source` is `Invalid`.
 + */
++
 +/**
 + * @typedef {Object} TorProxySettings
 + *
 + * Represents the Tor proxy settings.
 + *
 + * @property {boolean} enabled - Whether the proxy should be enabled.
 + * @property {integer} type - The proxy type. One of the values in
 + *   `TorProxyType`.
 + * @property {string} address - The proxy address, or "" if the proxy is not
 + *   being used.
 + * @property {integer} port - The proxy port, or 0 if the proxy is not being
 + *   used.
 + * @property {string} username - The proxy user name, or "" if this is not
 + *   needed.
 + * @property {string} password - The proxy password, or "" if this is not
 + *   needed.
 + */
++
 +/**
 + * @typedef {Object} TorFirewallSettings
 + *
 + * Represents the Tor firewall settings.
 + *
 + * @property {boolean} enabled - Whether the firewall settings should be
 + *   enabled.
 + * @property {integer[]} allowed_ports - The list of ports that are allowed.
 + */
++
 +/**
 + * @typedef {Object} TorCombinedSettings
 + *
 + * A combination of Tor settings.
 + *
 + * @property {TorBridgeSettings} bridges - The bridge settings.
 + * @property {TorProxySettings} proxy - The proxy settings.
 + * @property {TorFirewallSettings} firewall - The firewall settings.
 + */
++
  /* TorSettings module */
  class TorSettingsImpl {
    /**
 -   * The underlying settings values.
 +   * The default settings to use.
+    *
 -   * @type {object}
 +   * @type {TorCombinedSettings}
     */
 -  #settings = {
 +  #defaultSettings = {
      bridges: {
 -      /**
 -       * Whether the bridges are enabled or not.
 -       *
 -       * @type {boolean}
 -       */
        enabled: false,
        source: TorBridgeSource.Invalid,
 -      /**
 -       * The lox id is used with the Lox "source", and remains set with the
 -       * stored value when other sources are used.
 -       *
 -       * @type {string}
 -       */
        lox_id: "",
 -      /**
 -       * The built-in type to use when using the BuiltIn "source", or empty when
 -       * using any other source.
 -       *
 -       * @type {string}
 -       */
        builtin_type: "",
 -      /**
 -       * The current bridge strings.
 -       *
 -       * Can only be non-empty if the "source" is not Invalid.
 -       *
 -       * @type {Array<string>}
 -       */
        bridge_strings: [],
      },
      proxy: {
@@ -216,10 +246,71 @@ class TorSettingsImpl {
      },
    };
 +  /**
 +   * The underlying settings values.
 +   *
 +   * @type {TorCombinedSettings}
 +   */
 +  #settings = structuredClone(this.#defaultSettings);
++
 +  /**
 +   * The last successfully applied settings for the current `TorProvider`, if
 +   * any.
 +   *
 +   * NOTE: Should only be written to within `#applySettings`.
 +   *
 +   * @type {{
 +   *   bridges: ?TorBridgeSettings,
 +   *   proxy: ?TorProxySettings,
 +   *   firewall: ?TorFirewallSettings
 +   * }}
 +   */
 +  #successfulSettings = { bridges: null, proxy: null, firewall: null };
++
 +  /**
 +   * Whether temporary bridge settings have been applied to the current
 +   * `TorProvider`.
 +   *
 +   * @type {boolean}
 +   */
 +  #temporaryBridgesApplied = false;
++
 +  /**
 +   * @typedef {TorSettingsApplyError}
 +   *
 +   * @property {boolean} canUndo - Whether the latest error can be "undone".
 +   *   When this is `false`, the TorProvider will be using its default values
 +   *   instead.
 +   */
++
 +  /**
 +   * A summary of the latest failures to apply our settings, if any.
 +   *
 +   * NOTE: Should only be written to within `#applySettings`.
 +   *
 +   * @type {{
 +   *   bridges: ?TorSettingsApplyError,
 +   *   proxy: ?TorSettingsApplyError,
 +   *   firewall: ?TorSettingsApplyError,
 +   * }}
 +   */
 +  #applyErrors = { bridges: null, proxy: null, firewall: null };
++
 +  /**
 +   * Get the latest failure for the given setting, if any.
 +   *
 +   * @param {string} group - The settings to get the error details for.
 +   *
 +   * @returns {?TorSettingsApplyError} - The error details, if any.
 +   */
 +  getApplyError(group) {
 +    return structuredClone(this.#applyErrors[group]);
 +  }
++
    /**
     * Temporary bridge settings to apply instead of #settings.bridges.
+    *
 -   * @type {?Object}
 +   * @type {?TorBridgeSettings}
     */
    #temporaryBridgeSettings = null;
@@ -342,38 +433,39 @@ class TorSettingsImpl {
+   }
    /**
 -   * Regular expression for a decimal non-negative integer.
 +   * Verify a port number is within bounds.
+    *
 -   * @type {RegExp}
 +   * @param {integer} val - The value to verify.
 +   * @return {boolean} - Whether the port is within range.
     */
 -  #portRegex = /^[0-9]+$/;
 +  validPort(val) {
 +    return Number.isInteger(val) && val >= 1 && val <= 65535;
 +  }
++
    /**
 -   * Parse a string as a port number.
 +   * Verify that some SOCKS5 credentials are valid.
+    *
 -   * @param {string|integer} val - The value to parse.
 -   * @param {boolean} trim - Whether a string value can be stripped of
 -   *   whitespace before parsing.
 -   *
 -   * @return {integer?} - The port number, or null if the given value was not
 -   *   valid.
 +   * @param {string} username - The SOCKS5 username.
 +   * @param {string} password - The SOCKS5 password.
 +   * @return {boolean} - Whether the credentials are valid.
     */
 -  #parsePort(val, trim) {
 -    if (typeof val === "string") {
 -      if (trim) {
 -        val = val.trim();
 +  validSocks5Credentials(username, password) {
 +    if (!username && !password) {
 +      // Both empty is valid.
 +      return true;
 +    }
 +    for (const val of [username, password]) {
 +      if (typeof val !== "string") {
 +        return false;
+       }
 -      // ensure port string is a valid positive integer
 -      if (this.#portRegex.test(val)) {
 -        val = Number.parseInt(val, 10);
 -      } else {
 -        throw new Error(`Invalid port string "${val}"`);
 +      const byteLen = new TextEncoder().encode(val).length;
 +      if (byteLen < 1 || byteLen > 255) {
 +        return false;
+       }
+     }
 -    if (!Number.isInteger(val) || val < 1 || val > 65535) {
 -      throw new Error(`Port out of range: ${val}`);
 -    }
 -    return val;
 +    return true;
+   }
++
    /**
     * Test whether two arrays have equal members and order.
+    *
@@ -659,10 +751,11 @@ class TorSettingsImpl {
        false
      );
      if (firewall.enabled) {
 -      firewall.allowed_ports = Services.prefs.getStringPref(
 -        TorSettingsPrefs.firewall.allowed_ports,
 -        ""
 -      );
 +      firewall.allowed_ports = Services.prefs
 +        .getStringPref(TorSettingsPrefs.firewall.allowed_ports, "")
 +        .split(",")
 +        .filter(p => p.trim())
 +        .map(p => parseInt(p, 10));
+     }
      try {
        this.#fixupFirewallSettings(firewall);
@@ -767,19 +860,221 @@ class TorSettingsImpl {
+     }
+   }
 +  /**
 +   * A blocker promise for the #applySettings method.
 +   *
 +   * Ensures only one active caller to protect the #applyErrors and
 +   * #successfulSettings properties.
 +   *
 +   * @type {?Promise}
 +   */
 +  #applySettingsTask = null;
++
    /**
     * Push our settings down to the tor provider.
+    *
     * Even though this introduces a circular depdency, it makes the API nicer for
     * frontend consumers.
+    *
 -   * @param {boolean} flush - Whether to also flush the settings to disk.
 +   * @param {Object} apply - The list of settings to apply.
 +   * @param {boolean} [apply.bridges] - Whether to apply our bridge settings.
 +   * @param {boolean} [apply.proxy] - Whether to apply our proxy settings.
 +   * @param {boolean} [apply.firewall] - Whether to apply our firewall settings.
 +   * @param {boolean} [details] - Optional details.
 +   * @param {boolean} [details.useTemporaryBridges] - Whether the caller wants
 +   *   to apply temporary bridges.
 +   * @param {boolean} [details.newProvider] - Whether the caller is initialising
 +   *   a new `TorProvider`.
     */
 -  async #applySettings(flush) {
 -    const provider = await lazy.TorProviderBuilder.build();
 -    await provider.writeSettings();
 -    if (flush) {
 -      provider.flushSettings();
 +  async #applySettings(apply, details) {
 +    // Grab this provider before awaiting.
 +    // In particular, if the provider is changed we do not want to switch to
 +    // writing to the new instance.
 +    const providerRef = this.#providerRef;
 +    const provider = providerRef?.deref();
 +    if (!provider) {
 +      // Wait until setTorProvider is called.
 +      lazy.logger.info("No TorProvider yet");
 +      return;
 +    }
++
 +    // We only want one instance of #applySettings to be running at any given
 +    // time, so we await the previous call first.
 +    // Read and replace #applySettingsTask before we do any async operations.
 +    // I.e. this is effectively an atomic read and replace.
 +    const prevTask = this.#applySettingsTask;
 +    let taskComplete;
 +    ({ promise: this.#applySettingsTask, resolve: taskComplete } =
 +      Promise.withResolvers());
 +    await prevTask;
++
 +    try {
 +      let flush = false;
 +      const errors = [];
++
 +      // Test whether the provider is no longer running or has been replaced.
 +      const providerRunning = () => {
 +        return providerRef === this.#providerRef && provider.isRunning;
 +      };
++
 +      lazy.logger.debug("Passing on settings to the provider", apply, details);
++
 +      if (details?.newProvider) {
 +        // If we have a new provider we clear our successful settings.
 +        // In particular, the user may have changed their settings several times
 +        // whilst the tor process was not running. In the event of an
 +        // "ApplyError", we want to correctly show to the user that they are now
 +        // using default settings and we do not want to allow them to "undo"
 +        // since the previous successful settings may be out of date.
 +        // NOTE: We do not do this within `setTorProvider` since some other
 +        // caller's `#applySettingsTask` may still be running and writing to
 +        // these values when `setTorProvider` is called.
 +        this.#successfulSettings.bridges = null;
 +        this.#successfulSettings.proxy = null;
 +        this.#successfulSettings.firewall = null;
 +        this.#applyErrors.bridges = null;
 +        this.#applyErrors.proxy = null;
 +        this.#applyErrors.firewall = null;
 +        // Temporary bridges are not applied to the new provider.
 +        this.#temporaryBridgesApplied = false;
 +      }
++
 +      for (const group of ["bridges", "proxy", "firewall"]) {
 +        if (!apply[group]) {
 +          continue;
 +        }
++
 +        if (!providerRunning()) {
 +          lazy.logger.info("The TorProvider is no longer running");
 +          // Bail on this task since the old provider should not accept
 +          // settings. setTorProvider will be called for the new provider and
 +          // will already handle applying the same settings.
 +          return;
 +        }
++
 +        let usingSettings = true;
 +        if (group === "bridges") {
 +          // Only record successes or failures when using the user settings.
 +          if (this.#temporaryBridgeSettings && !details?.useTemporaryBridges) {
 +            // #temporaryBridgeSettings were written whilst awaiting the
 +            // previous task. Do nothing and allow applyTemporarySettings to
 +            // apply the temporary bridges instead.
 +            lazy.logger.info(
 +              "Not apply bridges since temporary bridges were applied"
 +            );
 +            continue;
 +          }
 +          if (!this.#temporaryBridgeSettings && details?.useTemporaryBridges) {
 +            // #temporaryBridgeSettings were cleared whilst awaiting the
 +            // previous task. Do nothing and allow changeSettings or
 +            // clearTemporaryBridges to apply the non-temporary bridges
 +            // instead.
 +            lazy.logger.info(
 +              "Not apply temporary bridges since they were cleared"
 +            );
 +            continue;
 +          }
 +          usingSettings = !details?.useTemporaryBridges;
 +        }
++
 +        try {
 +          switch (group) {
 +            case "bridges": {
 +              const bridges = structuredClone(
 +                usingSettings
 +                  ? this.#settings.bridges
 +                  : this.#temporaryBridgeSettings
 +              );
++
 +              try {
 +                await provider.writeBridgeSettings(bridges);
 +              } catch (e) {
 +                if (
 +                  usingSettings &&
 +                  this.#temporaryBridgesApplied &&
 +                  providerRunning()
 +                ) {
 +                  lazy.logger.warn(
 +                    "Recovering to clear temporary bridges from the provider"
 +                  );
 +                  // The TorProvider is still using the temporary bridges. As a
 +                  // priority we want to try and restore the TorProvider to the
 +                  // state it was in prior to the temporary bridges being
 +                  // applied.
 +                  const prevBridges = structuredClone(
 +                    this.#successfulSettings.bridges ??
 +                      this.#defaultSettings.bridges
 +                  );
 +                  try {
 +                    await provider.writeBridgeSettings(prevBridges);
 +                    this.#temporaryBridgesApplied = false;
 +                  } catch (e) {
 +                    lazy.logger.error(
 +                      "Failed to clear the temporary bridges from the provider",
 +                      e
 +                    );
 +                  }
 +                }
 +                throw e;
 +              }
++
 +              if (usingSettings) {
 +                this.#successfulSettings.bridges = bridges;
 +                this.#temporaryBridgesApplied = false;
 +                this.#applyErrors.bridges = null;
 +                flush = true;
 +              } else {
 +                this.#temporaryBridgesApplied = true;
 +                // Do not flush the temporary bridge settings until they are
 +                // saved.
 +              }
 +              break;
 +            }
 +            case "proxy": {
 +              const proxy = structuredClone(this.#settings.proxy);
 +              await provider.writeProxySettings(proxy);
 +              this.#successfulSettings.proxy = proxy;
 +              this.#applyErrors.proxy = null;
 +              flush = true;
 +              break;
 +            }
 +            case "firewall": {
 +              const firewall = structuredClone(this.#settings.firewall);
 +              await provider.writeFirewallSettings(firewall);
 +              this.#successfulSettings.firewall = firewall;
 +              this.#applyErrors.firewall = null;
 +              flush = true;
 +              break;
 +            }
 +          }
 +        } catch (e) {
 +          // Store the error and throw later.
 +          errors.push(e);
 +          if (usingSettings && providerRunning()) {
 +            // Record and signal the error.
 +            // NOTE: We do not signal ApplyError when we fail to apply temporary
 +            // bridges.
 +            this.#applyErrors[group] = {
 +              canUndo: Boolean(this.#successfulSettings[group]),
 +            };
 +            lazy.logger.debug(`Signalling new ApplyError for ${group}`);
 +            Services.obs.notifyObservers(
 +              { group },
 +              TorSettingsTopics.ApplyError
 +            );
 +          }
 +        }
 +      }
 +      if (flush && providerRunning()) {
 +        provider.flushSettings();
 +      }
 +      if (errors.length) {
 +        lazy.logger.error("Failed to apply settings", errors);
 +        throw new Error(`Failed to apply settings. ${errors.join(". ")}.`);
 +      }
 +    } finally {
 +      // Allow the next caller to proceed.
 +      taskComplete();
+     }
+   }
@@ -869,7 +1164,30 @@ class TorSettingsImpl {
      if (!Object.values(TorProxyType).includes(proxy.type)) {
        throw new Error(`Invalid proxy type: ${proxy.type}`);
+     }
 -    proxy.port = this.#parsePort(proxy.port, false);
 +    // Do not allow port value to be 0.
 +    // Whilst Socks4Proxy, Socks5Proxy and HTTPSProxyPort allow you to pass in
 +    // `<address>:0` this will select a default port. Our UI does not indicate
 +    // that `0` maps to a different value, so we disallow it.
 +    if (!this.validPort(proxy.port)) {
 +      throw new Error(`Invalid proxy port: ${proxy.port}`);
 +    }
++
 +    switch (proxy.type) {
 +      case TorProxyType.Socks4:
 +        // Never use the username or password.
 +        proxy.username = "";
 +        proxy.password = "";
 +        break;
 +      case TorProxyType.Socks5:
 +        if (!this.validSocks5Credentials(proxy.username, proxy.password)) {
 +          throw new Error("Invalid SOCKS5 credentials");
 +        }
 +        break;
 +      case TorProxyType.HTTPS:
 +        // username and password are both optional.
 +        break;
 +    }
++
      proxy.address = String(proxy.address);
      proxy.username = String(proxy.username);
      proxy.password = String(proxy.password);
@@ -890,22 +1208,82 @@ class TorSettingsImpl {
        return;
+     }
 -    let allowed_ports = firewall.allowed_ports;
 -    if (!Array.isArray(allowed_ports)) {
 -      allowed_ports = allowed_ports === "" ? [] : allowed_ports.split(",");
 +    if (!Array.isArray(firewall.allowed_ports)) {
 +      throw new Error("allowed_ports should be an array of ports");
+     }
 -    // parse and remove duplicates
 -    const portSet = new Set();
+-
 -    for (const port of allowed_ports) {
 -      try {
 -        portSet.add(this.#parsePort(port, true));
 -      } catch (e) {
 -        // Do not throw for individual ports.
 -        lazy.logger.error(`Failed to parse the port ${port}. Ignoring.`, e);
 +    for (const port of firewall.allowed_ports) {
 +      if (!this.validPort(port)) {
 +        throw new Error(`Invalid firewall port: ${port}`);
+       }
+     }
 -    firewall.allowed_ports = [...portSet];
 +    // Remove duplicates
 +    firewall.allowed_ports = [...new Set(firewall.allowed_ports)];
 +  }
++
 +  /**
 +   * The current `TorProvider` instance we are using, if any.
 +   *
 +   * @type {?WeakRef<TorProvider>}
 +   */
 +  #providerRef = null;
++
 +  /**
 +   * Called whenever we have a new provider to send settings to.
 +   *
 +   * @param {TorProvider} provider - The provider to apply our settings to.
 +   */
 +  async setTorProvider(provider) {
 +    lazy.logger.debug("Applying settings to new provider");
 +    this.#checkIfInitialized();
++
 +    // Use a WeakRef to not keep the TorProvider instance alive.
 +    this.#providerRef = new WeakRef(provider);
 +    // NOTE: We need the caller to pass in the TorProvider instance because
 +    // TorProvider's initialisation waits for this method. In particular, we
 +    // cannot await TorProviderBuilder.build since it would hang!
 +    await this.#applySettings(
 +      { bridges: true, proxy: true, firewall: true },
 +      { newProvider: true }
 +    );
 +  }
++
 +  /**
 +   * Undo settings that have failed to be applied by restoring the last
 +   * successfully applied settings instead.
 +   *
 +   * @param {string} group - The group to undo the settings for.
 +   */
 +  async undoFailedSettings(group) {
 +    if (!this.#applyErrors[group]) {
 +      lazy.logger.warn(
 +        `${group} settings have already been successfully replaced.`
 +      );
 +      return;
 +    }
 +    if (!this.#successfulSettings[group]) {
 +      // Unexpected.
 +      lazy.logger.warn(
 +        `Cannot undo ${group} settings since we have no successful settings.`
 +      );
 +      return;
 +    }
 +    await this.changeSettings({ [group]: this.#successfulSettings[group] });
 +  }
++
 +  /**
 +   * Clear settings that have failed to be applied by using the default settings
 +   * instead.
 +   *
 +   * @param {string} group - The group to clear the settings for.
 +   */
 +  async clearFailedSettings(group) {
 +    if (!this.#applyErrors[group]) {
 +      lazy.logger.warn(
 +        `${group} settings have already been successfully replaced.`
 +      );
 +      return;
 +    }
 +    await this.changeSettings({ [group]: this.#defaultSettings[group] });
+   }
    /**
@@ -919,8 +1297,8 @@ class TorSettingsImpl {
     * + proxy settings can be set as a group.
     * + firewall settings can be set a group.
+    *
 -   * @param {object} newValues - The new setting values, a subset of the
 -   *   complete settings that should be changed.
 +   * @param {object} newValues - The new setting values that should be changed.
 +   *   A subset of the `TorCombinedSettings` object.
     */
    async changeSettings(newValues) {
      lazy.logger.debug("changeSettings()", newValues);
@@ -932,6 +1310,7 @@ class TorSettingsImpl {
      const completeSettings = structuredClone(this.#settings);
      const changes = [];
 +    const apply = {};
      /**
       * Change the given setting to a new value. Does nothing if the new value
@@ -950,10 +1329,11 @@ class TorSettingsImpl {
+       }
        completeSettings[group][prop] = value;
        changes.push(`${group}.${prop}`);
 +      // Apply these settings.
 +      apply[group] = true;
      };
      if ("bridges" in newValues) {
 -      const changesLength = changes.length;
        if ("source" in newValues.bridges) {
          this.#fixupBridgeSettings(newValues.bridges);
          changeSetting("bridges", "source", newValues.bridges.source);
@@ -984,7 +1364,7 @@ class TorSettingsImpl {
          changeSetting("bridges", "enabled", newValues.bridges.enabled);
+       }
 -      if (this.#temporaryBridgeSettings && changes.length !== changesLength) {
 +      if (this.#temporaryBridgeSettings && apply.bridges) {
          // A change in the bridges settings.
          // We want to clear the temporary bridge settings to ensure that they
          // cannot be used to overwrite these user-provided settings.
@@ -1034,34 +1414,22 @@ class TorSettingsImpl {
      lazy.logger.debug("setSettings result", this.#settings, changes);
 -    // After we have sent out the notifications for the changed settings and
 -    // saved the preferences we send the new settings to TorProvider.
 -    // Some properties are unread by TorProvider. So if only these values change
 -    // there is no need to re-apply the settings.
 -    const unreadProps = ["bridges.builtin_type", "bridges.lox_id"];
 -    const shouldApply = changes.some(prop => !unreadProps.includes(prop));
 -    if (shouldApply) {
 -      await this.#applySettings(true);
 +    if (apply.bridges || apply.proxy || apply.firewall) {
 +      // After we have sent out the notifications for the changed settings and
 +      // saved the preferences we send the new settings to TorProvider.
 +      await this.#applySettings(apply);
+     }
+   }
    /**
     * Get a copy of all our settings.
+    *
 -   * @param {boolean} [useTemporary=false] - Whether the returned settings
 -   *   should use the temporary bridge settings, if any, instead.
 -   *
 -   * @returns {object} A copy of the settings object
 +   * @returns {TorCombinedSettings} A copy of the current settings.
     */
 -  getSettings(useTemporary = false) {
 +  getSettings() {
      lazy.logger.debug("getSettings()");
      this.#checkIfInitialized();
 -    const settings = structuredClone(this.#settings);
 -    if (useTemporary && this.#temporaryBridgeSettings) {
 -      // Override the bridge settings with our temporary ones.
 -      settings.bridges = structuredClone(this.#temporaryBridgeSettings);
 -    }
 -    return settings;
 +    return structuredClone(this.#settings);
+   }
    /**
@@ -1109,8 +1477,8 @@ class TorSettingsImpl {
      // After checks are complete, we commit them.
      this.#temporaryBridgeSettings = bridgeSettings;
 -    // Do not flush the temporary bridge settings until they are saved.
 -    await this.#applySettings(false);
++
 +    await this.#applySettings({ bridges: true }, { useTemporaryBridges: true });
+   }
    /**
@@ -1137,7 +1505,7 @@ class TorSettingsImpl {
        return;
+     }
      this.#temporaryBridgeSettings = null;
 -    await this.#applySettings();
 +    await this.#applySettings({ bridges: true });
+   }
+ }