ma1 pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits: 03a24c6d by cypherpunks1 at 2023-09-08T22:06:56+00:00 fixup! Bug 23247: Communicating security expectations for .onion
Bug 41934: Treat unencrypted websocket connections to onion services as secure
- - - - -
1 changed file:
- dom/websocket/WebSocket.cpp
Changes:
===================================== dom/websocket/WebSocket.cpp ===================================== @@ -1734,12 +1734,15 @@ nsresult WebSocketImpl::Init(JSContext* aCx, bool aIsSecure, }
// Don't allow https:// to open ws:// - if (!mIsServerSide && !mSecure && + if (!mIsServerSide && !mSecure && aIsSecure && !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS", false) && !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost( mAsciiHost)) { - if (aIsSecure) { + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), mURI); + NS_ENSURE_SUCCESS(rv, rv); + if (!nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(uri)) { return NS_ERROR_DOM_SECURITY_ERR; } }
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/03a24c6d...
tor-commits@lists.torproject.org