- Jun 07, 2023
-
-
Dan Ballard authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41809: restore onion glyph in locations outside location bar
-
Dan Ballard authored
Bug 41809: restore onion glyph in locations outside location bar
-
Dan Ballard authored
Bug 41809: restore onion glyph in locations outside location bar
-
henry authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41810 - Add "Connect" button instead of the "Submit" and "OK" button in the bridge request dialog and the manual bridge dialog, respectively.
-
henry authored
Bug 41726 - Animate the connection icon.
-
henry authored
Bug 41618 - Remove connect bar, and swap internet and connection icons in tor connection preferences.
-
henry authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41618 - Remove connect bar, and swap internet and connection icons in tor connection preferences.
-
Pier Angelo Vendrame authored
Bug 41816: Workaround to fix the top navigation Using the top navigation does not always work as expected, because we pass a null connection state, instead of the actual state. We could start storing the state as a member, however further refactors are planned (see tor-browser#41710), so also directly asking the parent for the current state works as a quick&dirty workaround.
-
Pier Angelo Vendrame authored
Bug 41815: Wrong connect icons Swapped a couple of icons in about:torconnect, and split the offline CSS class from the connection assist/final error, since they now need a different icon. Also, removed the stroke property, since the new icons do not need it.
-
henry authored
Bug 41734 - Add a connected label to the built-in bridge dialog.
-
henry authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41734 - Add a connected label to the built-in bridge dialog.
-
- Jun 06, 2023
-
-
Dan Ballard authored
Bug 41623: Update connection assist's iconography
-
Dan Ballard authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41623: Update connection assist's iconography
-
Dan Ballard authored
Bug 41623: Update connection assist's iconography
-
Bug 40701: Add security warning when downloading a file Shown in the downloads panel, about:downloads and places.xhtml.
-
Richard Pospesel authored
fixup! Bug 1832832 - protect encoder accesses in Java callbacks. r=media-playback-reviewers,alwu a=pascalc - MOZ_GUARDED_BY is just GUARDED_BY in esr 102
-
John Lin authored
Differential Revision: https://phabricator.services.mozilla.com/D178564
-
- Jun 05, 2023
-
-
henry authored
-
Pier Angelo Vendrame authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41802: Improve the regex on parseBridgeLine The previous version of the regex took for granted the bridge fingerprint was always available, but it is actually optional. So, parsing some bridge lines (e.g., Conjure) failed, and vanilla bridge was displayed instead of the actual transport.
-
cypherpunks1 authored
Bug 41792: Allow dragging downloads from about:downloads and the download panel
-
Pier Angelo Vendrame authored
Bug 40552: New texts for the add a bridge manually modal
-
Pier Angelo Vendrame authored
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 40552: Improve the description of the modal to provide a bridge manually.
-
- Jun 01, 2023
-
-
Pier Angelo Vendrame authored
Bug 41801: Fix handleProcessReady in TorSettings.init
-
- May 29, 2023
-
-
-
-
Pier Angelo Vendrame authored
For now this function only deletes old language packs for which we are already packaging the strings with the application.
-
Pier Angelo Vendrame authored
This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation.
-
Pier Angelo Vendrame authored
We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates.
-
Bug 41608 - Use the same styling for ".onion available" urlbar button as the tor-connect-urlbar-button. This also stops the button from overflowing its container like before. Also move to after the bookmark button.
-
Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar.
-
When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key. If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page. If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt. Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt. Add support for onion services strings to the TorStrings module. Add support for Tor extended SOCKS errors (Tor proposal 304) to the socket transport and SOCKS layers. Improved display of all of these errors will be implemented as part of bug 30025. Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt. Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk. Also fixes bug 19251: use enhanced error pages for onion service errors.
-
Bug 41785: Show http onion resources as secure in network monitor
-
Bug 33298: Warn when submitting form data from http onion sites over an insecure connection
-
Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content. Strings for Onion Service Page Info page are pulled from Torbutton's localization strings.
-
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want.
-
eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed. Also: Bug 16322: Update DuckDuckGo search engine We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well. Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly. Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for. Also regression tests. squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40494: Update Startpage search provider squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40438: Add Blockchair as a search engine Bug 33342: Avoid disconnect search addon error after removal. We removed the addon in #32767, but it was still being loaded from addonStartup.json.lz4 and throwing an error on startup because its resource: location is not available anymore.
-
It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key
-
Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor.
-
This is a partial revert of commit f1241db6. Revert most changes from Mozilla Bug 862173 "don't verify mar file hash when using mar signing to verify the mar file (lessens main thread I/O)." We kept the addition to the AppConstants API in case other JS code references it in the future.