commit a6af0da52a1c534799e563beba047ef02cc0a9e8 Author: David Fifield david@bamsoftware.com Date: Wed Dec 21 02:06:49 2016 -0800

Remove "facilitator" query string parameter.

This could be used to cause browsers to issue requests to a third-party URL. --- proxy/flashproxy.js | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index 24c7a0d..64a2b90 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -1,6 +1,6 @@ /* Query string parameters. These change how the program runs from the outside. * For example: - * http://www.example.com/embed.html?facilitator=http://127.0.0.1:9002&debu... + * http://www.example.com/embed.html?debug=1 * * cookierequired=0|1 * If true, the proxy will disable itself if the user has not explicitly opted @@ -27,10 +27,6 @@ * disables the limit. The default is DEFAULT_RATE_LIMIT. There is a * sanity-check minimum of "10K". * - * facilitator=https://host:port/ - * The URL of the facilitator CGI script. By default it is - * DEFAULT_FACILITATOR_URL. - * * debug=0|1 * If true, show verbose terminal-like output instead of the badge. The values * "1", "true", and the empty string "" all enable debug mode. Any other value @@ -62,7 +58,7 @@ * http://autobahn.ws/testsuite/reports/clients/index.html */

-var DEFAULT_FACILITATOR_URL = "https://fp-facilitator.org/"; +var FACILITATOR_URL = "https://fp-facilitator.org/";

/* Start two connections because some versions of Tor make two PT connections: https://lists.torproject.org/pipermail/tor-dev/2012-December/004221.html @@ -495,7 +491,7 @@ function FlashProxy() { var relay_addr; var rate_limit_bytes;

- this.fac_url = get_param_string(query, "facilitator", DEFAULT_FACILITATOR_URL); + this.fac_url = FACILITATOR_URL;

this.max_num_clients = get_param_integer(query, "max_clients", DEFAULT_MAX_NUM_CLIENTS); if (this.max_num_clients === null || this.max_num_clients < 0) {