[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-102.11.0esr-12.5-1] fixup! Bug 23247: Communicating security expectations for .onion

[ma1 (@ma1)]

ma1 pushed to branch tor-browser-102.11.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
dbec6cf6 by cypherpunks1 at 2023-05-24T09:21:07-08:00
fixup! Bug 23247: Communicating security expectations for .onion

Bug 41785: Show http onion resources as secure in network monitor

- - - - -


1 changed file:

- devtools/shared/webconsole/network-helper.js


Changes:

=====================================
devtools/shared/webconsole/network-helper.js
=====================================
@@ -600,6 +600,9 @@ var NetworkHelper = {
 
     // The request did not contain any security info.
     if (!securityInfo) {
+      if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+        info.state = "secure";
+      }
       return info;
     }
 
@@ -651,7 +654,11 @@ var NetworkHelper = {
         // schemes other than https and wss are subject to
         // downgrade/etc at the scheme level and should always be
         // considered insecure
-        info.state = "insecure";
+        if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+          info.state = "secure";
+        } else {
+          info.state = "insecure";
+        }
       } else if (state & wpl.STATE_IS_SECURE) {
         // The connection is secure if the scheme is sufficient
         info.state = "secure";



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbec6cf620a2f5d4a5b9ed162e795978eacea0cc

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbec6cf620a2f5d4a5b9ed162e795978eacea0cc
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230525/50091639/attachment-0001.htm>