[tbb-commits] [tor-browser/tor-browser-52.2.0esr-7.5-1] Bug 21321: .onion domains are shown as non-secure
gk at torproject.org
gk at torproject.org
Thu Aug 3 09:12:06 UTC 2017
commit df2223e1b1f8a4b782e7e49bbbeb79296ea74dff
Author: Georg Koppen <gk at torproject.org>
Date: Thu Aug 3 09:07:37 2017 +0000
Bug 21321: .onion domains are shown as non-secure
Websites which collect passwords but don't use HTTPS start showing scary
warnings from Firefox 51 onwards (see:
blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
for details).
.onion sites without HTTPS support are affected as well, although their
traffic is encrypted and authenticated. This patch addresses this
shortcoming by making sure .onion sites are treated as potentially
trustworthy origins.
The secure context specification
(https://w3c.github.io/webappsec-secure-contexts/) is pretty much focused
on tying security and trustworthiness to the protocol over which domains
are accessed. However, it is not obvious why .onion sites should not be
treated as potentially trustworthy given:
"A potentially trustworthy origin is one which a user agent can
generally trust as delivering data securely.
This algorithms [sic] considers certain hosts, scheme, and origins as
potentially trustworthy, even though they might not be authenticated and
encrypted in the traditional sense."
(https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy)
We use step 8 in the algorithm to establish trustworthiness of .onion
sites by whitelisting them given the encrypted and authenticated nature
of their traffic.
---
browser/app/profile/000-tor-browser.js | 3 +++
dom/security/nsContentSecurityManager.cpp | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 3edaad88f59e..5d209ccfdbe1 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -357,6 +357,9 @@ pref("security.ssl.errorReporting.enabled", false);
// in case the download panel got removed from the toolbar.
pref("browser.download.panel.shown", true);
+// Treat .onions as secure
+pref("dom.securecontext.whitelist_onions", true);
+
#ifdef TOR_BROWSER_VERSION
#expand pref("torbrowser.version", __TOR_BROWSER_VERSION__);
#endif
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index c4e1ed8e18a9..c95226b56e91 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -689,6 +689,14 @@ nsContentSecurityManager::IsOriginPotentiallyTrustworthy(nsIPrincipal* aPrincipa
}
}
}
+ // Maybe we have a .onion URL. Treat it as whitelisted as well when
+ // `dom.securecontext.whitelist_onions` is `true`.
+ bool whitelistOnions =
+ Preferences::GetBool("dom.securecontext.whitelist_onions", false);
+ if (whitelistOnions && StringEndsWith(host, NS_LITERAL_CSTRING(".onion"))) {
+ *aIsTrustWorthy = true;
+ return NS_OK;
+ }
}
return NS_OK;
More information about the tbb-commits
mailing list