[tbb-commits] [torbutton/master] Bug 19850: Disable Plaintext HTTP Clearnet Connections

richard at torproject.org richard at torproject.org
Wed Feb 23 16:13:14 UTC 2022


commit c8f7cd3fec5d5845179fcf71ad46888f2d14c8b0
Author: Pier Angelo Vendrame <pierov at torproject.org>
Date:   Thu Feb 17 09:53:48 2022 +0100

    Bug 19850: Disable Plaintext HTTP Clearnet Connections
    
    The HTTPS-Only mode of Firefox starts a background connection to verify
    whether HTTP is available, if the HTTPS connection does not start
    within a timeout.
    This commit disables this feature in Safer and Safest modes.
---
 modules/security-prefs.js | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/modules/security-prefs.js b/modules/security-prefs.js
index d02e0d94..c41458fa 100644
--- a/modules/security-prefs.js
+++ b/modules/security-prefs.js
@@ -19,16 +19,17 @@ let log = (level, msg) => logger.log(level, msg);
 // bind NoScript settings to the extensions.torbutton.security_slider
 // (see noscript-control.js).
 const kSecuritySettings = {
-  // Preference name :                        [0, 1-high 2-m    3-m    4-low]
-  "javascript.options.ion" :                  [,  false, false, false, true ],
-  "javascript.options.baselinejit" :          [,  false, false, false, true ],
-  "javascript.options.native_regexp" :        [,  false, false, false, true ],
-  "mathml.disabled" :                         [,  true,  true,  true,  false],
-  "gfx.font_rendering.graphite.enabled" :     [,  false, false, false, true ],
-  "gfx.font_rendering.opentype_svg.enabled" : [,  false, false, false, true ],
-  "svg.disabled" :                            [,  true,  false, false, false],
-  "javascript.options.asmjs" :                [,  false, false, false, true ],
-  "javascript.options.wasm" :                 [,  false, false, false, true ],
+  // Preference name :                                          [0, 1-high 2-m    3-m    4-low]
+  "javascript.options.ion" :                                    [,  false, false, false, true ],
+  "javascript.options.baselinejit" :                            [,  false, false, false, true ],
+  "javascript.options.native_regexp" :                          [,  false, false, false, true ],
+  "mathml.disabled" :                                           [,  true,  true,  true,  false],
+  "gfx.font_rendering.graphite.enabled" :                       [,  false, false, false, true ],
+  "gfx.font_rendering.opentype_svg.enabled" :                   [,  false, false, false, true ],
+  "svg.disabled" :                                              [,  true,  false, false, false],
+  "javascript.options.asmjs" :                                  [,  false, false, false, true ],
+  "javascript.options.wasm" :                                   [,  false, false, false, true ],
+  "dom.security.https_only_mode_send_http_background_request" : [,  false, false, false, true ],
 };
 
 // The Security Settings prefs in question.



More information about the tbb-commits mailing list