[tbb-bugs] #26540 [Applications/Tor Browser]: Enabling pdfjs disableRange option prevents pdfs from loading
    Tor Bug Tracker & Wiki 
    blackhole at torproject.org
       
    Tue Oct 30 23:09:18 UTC 2018
    
    
  
#26540: Enabling pdfjs disableRange option prevents pdfs from loading
--------------------------------------------+------------------------------
 Reporter:  pospeselr                       |          Owner:  pospeselr
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201810  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Comment (by pospeselr):
 Ok, so in PdfStreamConverter.jsm there are two places where channels are
 created: PdfStreamConverter::onStartRequest (which seems to load the
 pdf.js viewer itself: "resource://pdf.js/web/viewer.html") and
 ChromeActions::download which ''appears'' to be dead code; breakpoints
 placed there never get hit and no call to 'download' function seems to
 exist in the source, but it's JavaScript so who knows what fancy bs it's
 pulling.
 The range-based requests occur via an XMLHttpRequest whose channel is
 created internally in one of the constructors/factory methods in the C++
 source, so we don't seem to have access to it at construction and it can't
 be replaced with our own channel with the correct principal set.
 HOWEVER!
 It seems that while we cannot simply overwrite the channel's
 originAttribute's firstpartyDomain and have it stick, we can simply
 overwrite the channel's entire originAttributes.  I've prototyped doing so
 in the debugger and it would seem that everything works as expected.  I'll
 get a patch written and tested tomorrow and let y'all know how it goes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26540#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
    
    
More information about the tbb-bugs
mailing list