[tor-commits] [tor-browser/tor-browser-78.5.0esr-10.5-1] Bug 26353: Prevent speculative connect that violated FPI.
    sysrqb at torproject.org 
    sysrqb at torproject.org
       
    Sat Nov 14 17:52:08 UTC 2020
    
    
  
commit 5e8874a14151a24ed7c6e8706ac8d6966986b916
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Sat Jul 14 08:50:55 2018 -0700
    Bug 26353: Prevent speculative connect that violated FPI.
    
    Connections were observed in the catch-all circuit when
    the user entered an https or http URL in the URL bar, or
    typed a search term.
---
 toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 ++++
 1 file changed, 4 insertions(+)
diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
index ffa42297073e..82c7a3b950c2 100644
--- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
+++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
@@ -74,6 +74,9 @@ class RemoteWebNavigation {
         fixupFlags |= Services.uriFixup.FIXUP_FLAG_PRIVATE_CONTEXT;
       }
       uri = Services.uriFixup.createFixupURI(aURI, fixupFlags);
+/*******************************************************************************
+   TOR BROWSER: Disable the following speculative connect until
+   we can make it properly obey first-party isolation.
 
       // We know the url is going to be loaded, let's start requesting network
       // connection before the content process asks.
@@ -97,6 +100,7 @@ class RemoteWebNavigation {
         }
         Services.io.speculativeConnect(uri, principal, null);
       }
+*******************************************************************************/
     } catch (ex) {
       // Can't setup speculative connection for this uri string for some
       // reason (such as failing to parse the URI), just ignore it.
    
    
More information about the tor-commits
mailing list