[tbb-commits] [tor-browser-bundle/master] Set a blackhole proxy in the meek-http-helper profile.
gk at torproject.org
gk at torproject.org
Mon Aug 4 09:14:40 UTC 2014
commit 92e501a980295a06c2eb94bf03370b66ef8e5563
Author: David Fifield <david at bamsoftware.com>
Date: Sun Jul 27 09:53:07 2014 -0700
Set a blackhole proxy in the meek-http-helper profile.
https://trac.torproject.org/projects/tor/ticket/12674
The extension manually overrides the proxy setting for every request, so
this doesn't affect the functioning of the extension. It's intended as a
failsafe to prevent network interaction in case something goes wrong and
the user manages to disable the extension and open the profile with a
normal browser window. In order to cause that to happen, I had to do:
./Browser/firefox -safe-mode -profile Data/Browser/profile.meek-http-helper/
Prior to this commit, running the above command would have given you an
ordinary unproxied Firefox. Now you will get "The proxy server is
refusing connections."
---
Bundle-Data/PTConfigs/meek-http-helper-user.js | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js
index a95a6ec..cddc237 100644
--- a/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js
@@ -4,13 +4,6 @@
// to stdout.
user_pref("browser.dom.window.dump.enabled", true);
-// 0 is "No proxy".
-user_pref("network.proxy.type", 0);
-
-// Allow unproxied DNS.
-// https://trac.torproject.org/projects/tor/ticket/11183#comment:6
-user_pref("network.proxy.socks_remote_dns", false);
-
// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
// there is a missing TLS extension.
// https://trac.torproject.org/projects/tor/ticket/11183#comment:9
@@ -21,4 +14,17 @@ user_pref("security.enable_tls_session_tickets", true);
// https://support.mozilla.org/en-US/questions/951221#answer-410562
user_pref("toolkit.startup.max_resumed_crashes", -1);
+// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
+// in case the user manages to open this profile with a normal browser UI (i.e.,
+// not headless with the meek-http-helper extension running). Port 9 is
+// "discard", so it should work as a blackhole whether the port is open or
+// closed. network.proxy.type=1 means "Manual proxy configuration".
+// http://kb.mozillazine.org/Network.proxy.type
+user_pref("network.proxy.type", 1);
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9);
+// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
+// overridden by meek-http-helper at startup.
+user_pref("network.proxy.socks_remote_dns", true);
+
user_pref("extensions.enabledAddons", "meek-http-helper at bamsoftware.com:1.0");
More information about the tbb-commits
mailing list