ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8627f8e1 by cypherpunks1 at 2023-11-06T21:22:17+00:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42231: Improve the network monitor patch for http onion resources - - - - - 2 changed files: - devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs Changes: ===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component { const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"]; @@ -50,7 +50,11 @@ class SecurityState extends Component { // Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; } ===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = { // The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; } @@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e1... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e1... You're receiving this email because of your account on gitlab.torproject.org.