[tor-commits] [torbutton/master] Bug 26189: Remove content-policy.js

gk at torproject.org gk at torproject.org
Wed Aug 15 18:29:06 UTC 2018 

commit b9b87bcb3105e7aafb42f162b4bb1e8fc7dc54ba
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Mon Aug 13 09:55:40 2018 -0700

    Bug 26189: Remove content-policy.js
    
    Our old patch for Bug 8725 was upstreamed in
    https://bugzilla.mozilla.org/show_bug.cgi?id=863246
---
 src/components/content-policy.js        | 174 --------------------------------
 src/components/startup-observer.js      |   7 +-
 src/defaults/preferences/preferences.js |   2 +-
 3 files changed, 3 insertions(+), 180 deletions(-)

diff --git a/src/components/content-policy.js b/src/components/content-policy.js
deleted file mode 100644
index db72efea..00000000
--- a/src/components/content-policy.js
+++ /dev/null
@@ -1,174 +0,0 @@
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Based on ResourceFilter: A direct workaround for https://bugzil.la/863246
- * https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
- */
-
-const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils;
-
-// Import XPCOMUtils object.
-Cu.import("resource://gre/modules/XPCOMUtils.jsm");
-let { bindPrefAndInit } =
-    Cu.import("resource://torbutton/modules/utils.js", {});
-
-function ContentPolicy() {
-  this.uriFingerprinting = null;
-  let that = this;
-  bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting",
-    function (enabled) {
-      that.uriFingerprinting = enabled;
-    });
-
-  // Register as an nsIContentPolicy filter.
-  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
-  registrar.registerFactory(this.classID, this.classDescription,
-                            this.contractID, this);
-
-  let catMan = Cc["@mozilla.org/categorymanager;1"]
-                 .getService(Ci.nsICategoryManager);
-  catMan.addCategoryEntry("content-policy", this.contractID, this.contractID,
-                          false, true);
-}
-
-ContentPolicy.prototype = {
-  classDescription: "ContentPolicy",
-  classID: Components.ID("{4c03be7d-492f-990e-f0da-f3689e564898}"),
-  contractID: "@torproject.org/content-policy;1",
-
-  uriWhitelist: {
-    // Video playback.
-    "chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT,
-    "resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL,
-
-    // Image display.
-    "resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-
-    // Scrollbars, text box resizer, and content keyboard shortcuts.
-    "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL,
-    "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL,
-
-    // Directory listing.
-    "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-  },
-
-  uriRegexWhitelist: [
-    // Video playback: whitelist png and svg images under chrome://global/skin/media
-    { regex: /^chrome:\/\/global\/skin\/media\/.+\.(png|svg)$/,
-      type: Ci.nsIContentPolicy.TYPE_IMAGE },
-
-    // Video playback and image display: whitelist css files under chrome://global/skin/media
-    { regex: /^chrome:\/\/global\/skin\/media\/.+\.css$/,
-      type: Ci.nsIContentPolicy.TYPE_STYLESHEET },
-  ],
-
-  // nsISupports
-  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory,
-                                         Ci.nsISupportsWeakReference]),
-
-  // nsIFactory
-  createInstance: function(outer, iid)
-  {
-    if (outer)
-      throw Cr.NS_ERROR_NO_AGGREGATION;
-    return this.QueryInterface(iid);
-  },
-
-  // nsIContentPolicy
-  shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
-
-    // Accept if the user does not care, no content URI is available or scheme
-    // is not resource/chrome.
-    if (this.uriFingerprinting || !aContentLocation ||
-        !(aContentLocation.schemeIs('resource') ||
-          aContentLocation.schemeIs('chrome'))) {
-      return Ci.nsIContentPolicy.ACCEPT;
-    }
-
-    // Accept if no origin URI or if origin scheme is
-    // chrome/resource/about/view-source.
-    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') ||
-                           aRequestOrigin.schemeIs('chrome') ||
-                           aRequestOrigin.schemeIs('about') ||
-                           aRequestOrigin.schemeIs('view-source'))
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    // Accept if resource directly loaded into a tab.
-    if (Ci.nsIContentPolicy.TYPE_DOCUMENT === aContentType)
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    // There's certain things that break horribly if they aren't allowed to
-    // access URIs with proscribed schemes, with `aContentOrigin` basically
-    // set to arbibrary URIs.
-    //
-    // XXX: Feature gate this behind the security slider or something, I don't
-    // give a fuck.
-    if (aContentLocation.spec in this.uriWhitelist)
-      if (this.uriWhitelist[aContentLocation.spec] == aContentType)
-        return Ci.nsIContentPolicy.ACCEPT;
-
-    for (let wlObj of this.uriRegexWhitelist) {
-      if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec))
-        return Ci.nsIContentPolicy.ACCEPT;
-    }
-
-    return Ci.nsIContentPolicy.REJECT_REQUEST;
-  },
-
-  shouldProcess: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeType, aExtra)  {
-    return Ci.nsIContentPolicy.ACCEPT;
-  },
-};
-
-// Install a HTTP response handler to check for redirects to URLs with schemes
-// that should be internal to the browser.  There's various safeguards and
-// checks that cause the body to be unavailable, but the `onLoad()` behavior
-// is inconsistent, which results in leaking information about the specific
-// user agent instance (eg: what addons are installed).
-var requestObserver = {
-  ioService: Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService),
-  observerService: Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService),
-
-  start: function() {
-    this.observerService.addObserver(this, "http-on-examine-response", false);
-  },
-
-  observe: function(aSubject, aTopic, aData) {
-    let aChannel = aSubject.QueryInterface(Ci.nsIHttpChannel);
-    let aStatus = aChannel.responseStatus;
-
-    // If this is a redirect...
-    //
-    // Note: `304 Not Modifed` isn't a redirect, so there is no Location header to check
-    // in that case.
-    if (aStatus >= 300 && aStatus < 400 && aStatus != 304) {
-      let location = aChannel.getResponseHeader("Location");
-      let aUri = this.ioService.newURI(location, null, null);
-
-      // And it's redirecting into the browser or addon's internal URLs...
-      if (aUri.schemeIs("resource") || aUri.schemeIs("chrome") || aUri.schemeIs("about")) {
-        // Cancel the request.
-        aSubject.cancel(Components.results.NS_BINDING_ABORTED);
-      }
-    }
-  },
-};
-
-// Create a content policy object; initialization is done in the contructor.
-var cp = new ContentPolicy();
-
-// In the chrome process, register the request observer to handle redirects.
-if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_DEFAULT) {
-  requestObserver.start();
-}
diff --git a/src/components/startup-observer.js b/src/components/startup-observer.js
index 144d600a..cd9e7d2c 100644
--- a/src/components/startup-observer.js
+++ b/src/components/startup-observer.js
@@ -62,13 +62,10 @@ function StartupObserver() {
       this.logger.log(4, "Early proxy change failed. Will try again at profile load. Error: "+e);
     }
 
-    // Arrange for our nsIContentPolicy filter and about:tor handler to be
-    // loaded in the default (chrome) process as well as in each content
-    // process.
+    // Arrange for our about:tor handler to be loaded in the default (chrome)
+    // process as well as in each content process.
     let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
                  .getService(Ci.nsIProcessScriptLoader);
-    ppmm.loadProcessScript("resource://torbutton/components/content-policy.js",
-                           true);
     ppmm.loadProcessScript("resource://torbutton/components/aboutTor.js",
                             true);
 }
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 43401ad0..428e70bc 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -34,7 +34,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last
 pref("extensions.torbutton.tor_memory_jar",false);
 pref("extensions.torbutton.nontor_memory_jar",false);
 pref("extensions.torbutton.launch_warning",true);
-pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false);
+
 // Opt out of Firefox addon pings:
 // https://developer.mozilla.org/en/Addons/Working_with_AMO
 pref("extensions.torbutton at torproject.org.getAddons.cache.enabled", false);

More information about the tor-commits mailing list