[tor-commits] [tor-browser/tor-browser-82.0b7-10.0-1] Bug 26353: Prevent speculative connect that violated FPI.
gk at torproject.org
gk at torproject.org
Tue Oct 6 10:52:14 UTC 2020
commit e2dfc05cd13007e35323c1bdc9eb3797f3b19744
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Sat Jul 14 08:50:55 2018 -0700
Bug 26353: Prevent speculative connect that violated FPI.
Connections were observed in the catch-all circuit when
the user entered an https or http URL in the URL bar, or
typed a search term.
---
toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
index 20a984207383..88a418c9525e 100644
--- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
+++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
@@ -102,6 +102,9 @@ class RemoteWebNavigation {
fixupFlags |= Services.uriFixup.FIXUP_FLAG_PRIVATE_CONTEXT;
}
uri = Services.uriFixup.createFixupURI(aURI, fixupFlags);
+/*******************************************************************************
+ TOR BROWSER: Disable the following speculative connect until
+ we can make it properly obey first-party isolation.
// We know the url is going to be loaded, let's start requesting network
// connection before the content process asks.
@@ -125,6 +128,7 @@ class RemoteWebNavigation {
}
Services.io.speculativeConnect(uri, principal, null);
}
+*******************************************************************************/
} catch (ex) {
// Can't setup speculative connection for this uri string for some
// reason (such as failing to parse the URI), just ignore it.
More information about the tor-commits
mailing list