Verified Commit d2110d0d authored by Pier Angelo Vendrame's avatar Pier Angelo Vendrame 🎃 Committed by ma1
Browse files

TB 40458: Implement .tor.onion aliases 

We have enabled HTTPS-Only mode, therefore we do not need
HTTPS-Everywhere anymore.
However, we want to keep supporting .tor.onion aliases (especially for
securedrop).
Therefore, in this patch we implemented the parsing of HTTPS-Everywhere
rulesets, and the redirect of .tor.onion domains.
Actually, Tor Browser believes they are actual domains. We change them
on the fly on the SOCKS proxy requests to resolve the domain, and on
the code that verifies HTTPS certificates.
parent 86300e98

browser/app/profile/000-tor-browser.js

+2 −0
Original line number Diff line number Diff line
@@ -142,3 +142,5 @@ pref("browser.torcircuitpanel.loglevel", "Log"); 
pref("browser.tor_android.log_level", "Info");

pref("browser.dragdropfilter.log_level", "Warn");

pref("browser.onionAuthPrompt.loglevel", "Warn");

pref("browser.onionalias.log_level", "Warn");

pref("browser.torRequestWatch.log_level", "Warn");

browser/components/BrowserGlue.sys.mjs

+41 −0
Original line number Diff line number Diff line
@@ -59,6 +59,7 @@ ChromeUtils.defineESModuleGetters(lazy, { 
  NewTabUtils: "resource://gre/modules/NewTabUtils.sys.mjs",

  NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs",

  Normandy: "resource://normandy/Normandy.sys.mjs",

  OnionAliasStore: "resource:///modules/OnionAliasStore.sys.mjs",

  OnboardingMessageProvider:

    "resource:///modules/asrouter/OnboardingMessageProvider.sys.mjs",

  OsEnvironment: "resource://gre/modules/OsEnvironment.sys.mjs",
@@ -98,6 +99,8 @@ ChromeUtils.defineESModuleGetters(lazy, { 
  TRRRacer: "resource:///modules/TRRPerformance.sys.mjs",

  TabCrashHandler: "resource:///modules/ContentCrashHandlers.sys.mjs",

  TabUnloader: "resource:///modules/TabUnloader.sys.mjs",

  TorConnect: "resource://gre/modules/TorConnect.sys.mjs",

  TorConnectTopics: "resource://gre/modules/TorConnect.sys.mjs",

  TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs",

  TorSettingsNotification:

    "resource:///modules/TorSettingsNotification.sys.mjs",
@@ -941,6 +944,19 @@ let JSWINDOWACTORS = { 
    enablePreference: "accessibility.blockautorefresh",

  },



  Rulesets: {

    parent: {

      esModuleURI: "resource:///modules/RulesetsParent.sys.mjs",

    },

    child: {

      esModuleURI: "resource:///modules/RulesetsChild.sys.mjs",

      events: {

        DOMWindowCreated: {},

      },

    },

    matches: ["about:rulesets*"],

  },



  ScreenshotsComponent: {

    parent: {

      esModuleURI: "resource:///modules/ScreenshotsUtils.sys.mjs",
@@ -2364,6 +2380,7 @@ BrowserGlue.prototype = { 
        Services.fog;

      },

      () => lazy.UrlbarSearchTermsPersistence.uninit(),

      () => lazy.OnionAliasStore.uninit(),

    ];



    for (let task of tasks) {
@@ -3033,6 +3050,30 @@ BrowserGlue.prototype = { 
        },

      },



      {

        task: () => {

          if (!lazy.TorConnect.shouldShowTorConnect) {

            // we will take this path when the user is using the legacy tor launcher or

            // when Tor Browser didn't launch its own tor.

            lazy.OnionAliasStore.init();

          } else {

            // this path is taken when using about:torconnect, we wait to init

            // after we are bootstrapped and connected to tor

            const topic = lazy.TorConnectTopics.BootstrapComplete;

            let bootstrapObserver = {

              observe(aSubject, aTopic) {

                if (aTopic === topic) {

                  lazy.OnionAliasStore.init();

                  // we only need to init once, so remove ourselves as an obvserver

                  Services.obs.removeObserver(this, topic);

                }

              },

            };

            Services.obs.addObserver(bootstrapObserver, topic);

          }

        },

      },



      {

        name: "TabUnloader.init",

        task: () => {

browser/components/about/AboutRedirector.cpp

+5 −0
Original line number Diff line number Diff line
@@ -91,6 +91,11 @@ static const RedirEntry kRedirMap[] = { 
     nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |

         nsIAboutModule::ALLOW_SCRIPT},

#endif

    {"rulesets", "chrome://browser/content/rulesets/aboutRulesets.html",

     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD |

         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |

         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |

         nsIAboutModule::IS_SECURE_CHROME_UI},

    {"sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml",

     nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT |

         nsIAboutModule::IS_SECURE_CHROME_UI},

browser/components/about/components.conf

+1 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ pages = [ 
    'restartrequired',

    'rights',

    # Removed 'robots'. tor-browser#42831.

    'rulesets',

    'sessionrestore',

    'settings',

    # Removed 'shoppingsidebar'. tor-browser#42831.

browser/components/moz.build

+1 −0
Original line number Diff line number Diff line
@@ -56,6 +56,7 @@ DIRS += [ 
    "protocolhandler",

    "reportbrokensite",

    "resistfingerprinting",

    "rulesets",

    "screenshots",

    "search",

    "securitylevel",