ma1 pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 03a24c6d by cypherpunks1 at 2023-09-08T22:06:56+00:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 41934: Treat unencrypted websocket connections to onion services as secure - - - - - 1 changed file: - dom/websocket/WebSocket.cpp Changes: ===================================== dom/websocket/WebSocket.cpp ===================================== @@ -1734,12 +1734,15 @@ nsresult WebSocketImpl::Init(JSContext* aCx, bool aIsSecure, } // Don't allow https:// to open ws:// - if (!mIsServerSide && !mSecure && + if (!mIsServerSide && !mSecure && aIsSecure && !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS", false) && !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost( mAsciiHost)) { - if (aIsSecure) { + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), mURI); + NS_ENSURE_SUCCESS(rv, rv); + if (!nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(uri)) { return NS_ERROR_DOM_SECURITY_ERR; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/03a24c6d... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/03a24c6d... You're receiving this email because of your account on gitlab.torproject.org.