[tor-commits] [flashproxy/master] Handle opt-in cookie in flashproxy.js

dcf at torproject.org dcf at torproject.org
Fri Dec 28 14:13:54 UTC 2012 

commit fb83ae8524ca94f802598d02ed4ed8eba63320a1
Author: Alexandre Allaire <alexandre.allaire at mail.mcgill.ca>
Date:   Fri Dec 21 18:59:59 2012 -0500

    Handle opt-in cookie in flashproxy.js
    
    The proxy disables itself if either the user has opted out
    or opt-in is required and the user has not opted-in. To
    determine if opt-in is required it checks for a "cookierequired"
    boolean query parameter. To determine the user's opt-in setting
    it parses document.cookie and interprets the value of the
    cookie as a boolean parameter.
---
 proxy/flashproxy-test.js |    7 +++--
 proxy/flashproxy.js      |   49 ++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/proxy/flashproxy-test.js b/proxy/flashproxy-test.js
index ba2b8a0..86c48d9 100755
--- a/proxy/flashproxy-test.js
+++ b/proxy/flashproxy-test.js
@@ -11,6 +11,7 @@ var num_tests = 0;
 var num_failed = 0;
 
 var window = {location: {search: "?"}};
+var document = {cookie: ""};
 
 load("flashproxy.js");
 
@@ -159,7 +160,7 @@ function test_parse_query_string()
     }
 }
 
-function test_get_query_param_boolean()
+function test_get_param_boolean()
 {
     var TESTS = [
         { qs: "param=true",
@@ -187,7 +188,7 @@ function test_get_query_param_boolean()
         var query;
 
         query = parse_query_string(test.qs);
-        actual = get_query_param_boolean(query, "param", false);
+        actual = get_param_boolean(query, "param", false);
         if (objects_equal(actual, test.expected))
             pass(test.qs);
         else
@@ -266,7 +267,7 @@ function test_get_query_param_addr()
 
 test_build_url();
 test_parse_query_string();
-test_get_query_param_boolean();
+test_get_param_boolean();
 test_parse_addr_spec();
 test_get_query_param_addr();
 
diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js
index 3bdae8e..e5eb419 100644
--- a/proxy/flashproxy.js
+++ b/proxy/flashproxy.js
@@ -12,6 +12,12 @@
  * "1", "true", and the empty string "" all enable debug mode. Any other value
  * uses the normal badge display.
  *
+ * cookierequired=0|1
+ * If present with value "1", "true", or "", the proxy will disable
+ * itself if the user has not explicitly opted in by setting a cookie
+ * through the options page. If absent, set to "0" or "false", the proxy
+ * will run unless the user has explicitly opted out.
+ *
  * facilitator=https://host:port/
  * The URL of the facilitator CGI script. By default it is
  * DEFAULT_FACILITATOR_URL.
@@ -62,13 +68,16 @@ var DEFAULT_RATE_LIMIT = undefined;
 var MIN_RATE_LIMIT = 10 * 1024;
 var RATE_LIMIT_HISTORY = 5.0;
 
+/* Name of cookie that controls opt-in/opt-out. */
+var OPT_IN_COOKIE = "flashproxy-allow";
 /* Firefox before version 11.0 uses the name MozWebSocket. Whether the global
    variable WebSocket is defined indicates whether WebSocket is supported at
    all. */
 var WebSocket = window.WebSocket || window.MozWebSocket;
 
 var query = parse_query_string(window.location.search.substr(1));
-var DEBUG = get_query_param_boolean(query, "debug", false);
+var cookies = parse_cookie_string(document.cookie);
+var DEBUG = get_param_boolean(query, "debug", false);
 var debug_div;
 
 if (DEBUG) {
@@ -88,6 +97,30 @@ function puts(s) {
     }
 }
 
+/* Parse a cookie data string (usually document.cookie). The return type
+   is an object mapping cookies names to values. For a description of the cookie
+   string format see http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-8747038 */
+function parse_cookie_string(cookies) {
+    var strings = [];
+    var result = {};
+
+    if (cookies)
+        strings = cookies.split(";");
+
+    for (var i = 0; i < strings.length; i++) {
+        var j;
+        var string = strings[i];
+
+        while (string[0] === " ")
+            string = string.substr(1);
+
+        j = string.indexOf("=");
+        result[string.substr(0, j)] = string.substr(j + 1);
+    }
+
+    return result;
+}
+
 /* Parse a URL query string or application/x-www-form-urlencoded body. The
    return type is an object mapping string keys to string values. By design,
    this function doesn't support multiple values for the same named parameter,
@@ -180,14 +213,14 @@ function build_url(scheme, host, port, path, params) {
     return parts.join("");
 }
 
-/* Get a query string parameter and return it as a boolean, or return
-   default_val if param is not present in the query string. True values are "1",
+/* Get a query or cookie string parameter and return it as a boolean, or return
+   default_val if param is not present in the string. True values are "1",
    "true", and "". False values are "0" and "false". Any other value causes the
    function to return null (effectively false).
    
    The empty string is true so that URLs like http://example.com/?debug will
    enable debug mode. */
-function get_query_param_boolean(query, param, default_val) {
+function get_param_boolean(query, param, default_val) {
     var val;
 
     val = query[param];
@@ -901,6 +934,14 @@ function flashproxy_should_disable() {
         return true;
     }
 
+    var setting = get_param_boolean(cookies, OPT_IN_COOKIE, undefined);
+    var opt_in = get_param_boolean(query, "cookierequired", false);
+    if (setting === undefined && opt_in || setting === false) {
+        /* User has opted-out, or opt-in is required and cookie is missing. */
+        puts("Disable because of opt-out or required opt-in.");
+        return true;
+    }
+
     return false;
 }

More information about the tor-commits mailing list