[tbb-bugs] #23439 [Applications/Tor Browser]: Exempt .onion domains from mixed content warnings

Wed Mar 21 08:22:56 UTC 2018

#23439: Exempt .onion domains from mixed content warnings
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  gk
     Type:  defect                               |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  TorBrowserTeam201803R,               |  Actual Points:
  GeorgKoppen201803                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed

Comment:

 Replying to [comment:21 mcs]:
 > Replying to [comment:18 arthuredelstein]:
 > > As a version of these patches have landed in Mozilla, shall we
 backport them to include in the next Tor Browser alpha?
 >
 > I thought of doing this a couple of weeks ago, but I got stuck because
 the automated test fails for a strange reason, at least in my non-rbm
 macOS build. What happens is that an
 SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED error occurs while trying to
 load
 https://example.com/browser/browser/base/content/test/siteIdentity/test_no_mcb_for_onions.html
 >
 > Manually testing does show that the patch is correct. The main advantage
 over the patches from comment:15 is that pref caching is included. You can
 find the two commits here:
 > https://gitweb.torproject.org/user/brade/tor-
 browser.git/log/?h=bug23439-01

 Hm. So, I think the test in your branch is at the wrong place. In ESR 52
 the MCB tests are under browser/base/content/test/general. They got later
 moved to /browser/base/content/test/siteIdentity. We should keep that
 place while we are on ESR 52 I think. I actually wonder how running that
 test got that far for you given that `assertMixedContentBlockingState()`
 is defined in browser/base/content/test/general/head.js. I remember that
 one being broken made me actually realize that the location of the tests
 moved between ESR52 and m-c. Anyway, I've fixed that in
 1316acb053d6191176e9ae4e4f502415b068525e.

 The code backport looks good although I think I am not so happy about
 essentially reverting e3f5021a4103f1cdc4e902c6ecded73bdcf5327b without
 actually indicating that. But in order to avoid another roundtrip I'll
 take it as-is. (commit 680dece41e71d30afd4616aa19001c60e55dc852). Both
 commits landed on `tor-browser-52.7.2esr-8.0-1`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23439#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online