[tbb-commits] [tor-browser] 24/76: Bug 26353: Prevent speculative connect that violated FPI.

gitolite role git at cupani.torproject.org
Fri Sep 23 17:16:11 UTC 2022


This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-102.3.0esr-12.0-1
in repository tor-browser.

commit f28139e93ab9a62a92b1a074d0406538b6b7e1fc
Author: Arthur Edelstein <arthuredelstein at gmail.com>
AuthorDate: Sat Jul 14 08:50:55 2018 -0700

    Bug 26353: Prevent speculative connect that violated FPI.
    
    Connections were observed in the catch-all circuit when
    the user entered an https or http URL in the URL bar, or
    typed a search term.
---
 toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
index 5d46b1dd8e3b..c2fea54d0744 100644
--- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
+++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
@@ -95,6 +95,9 @@ class RemoteWebNavigation {
       }
 
       uri = Services.uriFixup.getFixupURIInfo(aURI, fixupFlags).preferredURI;
+/*******************************************************************************
+   Disable the following speculative connect until
+   we can make it properly obey first-party isolation.
 
       // We know the url is going to be loaded, let's start requesting network
       // connection before the content process asks.
@@ -118,6 +121,7 @@ class RemoteWebNavigation {
         }
         Services.io.speculativeConnect(uri, principal, null);
       }
+*******************************************************************************/
     } catch (ex) {
       // Can't setup speculative connection for this uri string for some
       // reason (such as failing to parse the URI), just ignore it.

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list