[tor-commits] [torbutton/master] Bug 8725: Block `resource://` based fingerprinting with nsIContentPolicy.
mikeperry at torproject.org
mikeperry at torproject.org
Thu Jul 28 22:04:57 UTC 2016
commit 3bff5aaea6e1a732ff908527f67d1784ecf23c57
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Fri Jun 17 01:25:09 2016 +0000
Bug 8725: Block `resource://` based fingerprinting with nsIContentPolicy.
Based on ResourceFilter: A direct workaround for https://bugzil.la/863246
https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
---
src/chrome.manifest | 4 ++++
src/components/content-policy.js | 48 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/src/chrome.manifest b/src/chrome.manifest
index e85a205..340ed27 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -170,6 +170,10 @@ category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selec
component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
+component {4c03be7d-492f-990e-f0da-f3689e564898} components/content-policy.js
+contract @torproject.org/content-policy;1 {4c03be7d-492f-990e-f0da-f3689e564898}
+category content-policy ContentPolicy @torproject.org/content-policy;1
+
category profile-after-change RefSpoofer @torproject.org/torRefSpoofer;1
category profile-after-change StartupObserver @torproject.org/startup-observer;1
category profile-after-change DomainIsolator @torproject.org/domain-isolator;1
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
new file mode 100644
index 0000000..b4b33a7
--- /dev/null
+++ b/src/components/content-policy.js
@@ -0,0 +1,48 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Based on ResourceFilter: A direct workaround for https://bugzil.la/863246
+ * https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
+ */
+
+const Ci = Components.interfaces, Cu = Components.utils;
+
+// Import XPCOMUtils object.
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+function ContentPolicy() {}
+
+ContentPolicy.prototype = {
+ classDescription: "ContentPolicy",
+ classID: Components.ID("{4c03be7d-492f-990e-f0da-f3689e564898}"),
+ contractID: "@torproject.org/content-policy;1",
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),
+
+ _xpcom_categories: [{category: "content-policy"}],
+
+ shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
+ // Accept if no content URI or scheme is not a resource.
+ if (!aContentLocation || !aContentLocation.schemeIs('resource'))
+ return Ci.nsIContentPolicy.ACCEPT;
+
+ // Accept if no origin URI, or if the origin URI scheme is chrome/resource.
+ if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome'))
+ return Ci.nsIContentPolicy.ACCEPT;
+
+ // Accept if resource directly loaded into a tab.
+ if (Ci.nsIContentPolicy.TYPE_DOCUMENT === aContentType)
+ return Ci.nsIContentPolicy.ACCEPT;
+
+ return Ci.nsIContentPolicy.REJECT_REQUEST;
+ },
+
+ shouldProcess: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeType, aExtra) {
+ return Ci.nsIContentPolicy.ACCEPT;
+ },
+};
+
+// Firefox >= 4.0 (Old versions are extremely irrelevant).
+var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentPolicy]);
More information about the tor-commits
mailing list