[tbb-commits] [torbutton/master] Bug 8725: Block `resource://` based fingerprinting with nsIContentPolicy.

mikeperry at torproject.org mikeperry at torproject.org
Thu Jul 28 22:04:57 UTC 2016


commit 3bff5aaea6e1a732ff908527f67d1784ecf23c57
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Fri Jun 17 01:25:09 2016 +0000

    Bug 8725: Block `resource://` based fingerprinting with nsIContentPolicy.
    
    Based on ResourceFilter: A direct workaround for https://bugzil.la/863246
    https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
---
 src/chrome.manifest              |  4 ++++
 src/components/content-policy.js | 48 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/src/chrome.manifest b/src/chrome.manifest
index e85a205..340ed27 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -170,6 +170,10 @@ category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selec
 component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js
 contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf}
 
+component {4c03be7d-492f-990e-f0da-f3689e564898} components/content-policy.js
+contract @torproject.org/content-policy;1 {4c03be7d-492f-990e-f0da-f3689e564898}
+category content-policy ContentPolicy @torproject.org/content-policy;1
+
 category profile-after-change RefSpoofer @torproject.org/torRefSpoofer;1
 category profile-after-change StartupObserver @torproject.org/startup-observer;1
 category profile-after-change DomainIsolator @torproject.org/domain-isolator;1
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
new file mode 100644
index 0000000..b4b33a7
--- /dev/null
+++ b/src/components/content-policy.js
@@ -0,0 +1,48 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Based on ResourceFilter: A direct workaround for https://bugzil.la/863246
+ * https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
+ */
+
+const Ci = Components.interfaces, Cu = Components.utils;
+
+// Import XPCOMUtils object.
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+function ContentPolicy() {}
+
+ContentPolicy.prototype = {
+  classDescription: "ContentPolicy",
+  classID: Components.ID("{4c03be7d-492f-990e-f0da-f3689e564898}"),
+  contractID: "@torproject.org/content-policy;1",
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),
+
+  _xpcom_categories: [{category: "content-policy"}],
+
+  shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
+    // Accept if no content URI or scheme is not a resource.
+    if (!aContentLocation || !aContentLocation.schemeIs('resource'))
+      return Ci.nsIContentPolicy.ACCEPT;
+
+    // Accept if no origin URI, or if the origin URI scheme is chrome/resource.
+    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome'))
+      return Ci.nsIContentPolicy.ACCEPT;
+
+    // Accept if resource directly loaded into a tab.
+    if (Ci.nsIContentPolicy.TYPE_DOCUMENT === aContentType)
+      return Ci.nsIContentPolicy.ACCEPT;
+
+    return Ci.nsIContentPolicy.REJECT_REQUEST;
+  },
+
+  shouldProcess: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeType, aExtra)  {
+    return Ci.nsIContentPolicy.ACCEPT;
+  },
+};
+
+// Firefox >= 4.0 (Old versions are extremely irrelevant).
+var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentPolicy]);





More information about the tbb-commits mailing list