Ticket #15599: 0001-Bug-15599-Range-requests-used-by-pdfjs-are-not-isola.patch

File 0001-Bug-15599-Range-requests-used-by-pdfjs-are-not-isola.patch, 3.7 KB (added by pospeselr, 2 years ago)

updated description to be grammatical

  • projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js

    From 86c8088df22f8ffbfbb4aaab81661fb8bf39fe16 Mon Sep 17 00:00:00 2001
    From: Richard Pospesel <richard@torproject.org>
    Date: Thu, 18 Jan 2018 19:15:55 -0800
    Subject: [PATCH] Bug 15599: Range requests used by pdfjs are not isolated to
     URL bar domain
    
    After much debugging and investigation, it seems that the required 
    information needed to drive the first-party domain cannot be accessed in
    the XmlHttpRequest creation path.  The JS context the part of pdf.js making
    the range requests runs with does not have a reference to parent window and 
    associated LoadInfo information (which includes the requesting first-party 
    domain).
    
    To fix the issue, we can easily disable support for range-based requests
    via the pdfjs.disableRange property.  However, the side-effect here is
    that pages can not be read as they load; the entire pdf must be
    downloaded before it can be read and interacted with.
    
    This patch updates each platforms extension-overrides.js to change this
    pref.
    ---
     .../Data/Browser/profile.default/preferences/extension-overrides.js   | 4 ++++
     .../Data/Browser/profile.default/preferences/extension-overrides.js   | 4 ++++
     .../Data/Browser/profile.default/preferences/extension-overrides.js   | 4 ++++
     3 files changed, 12 insertions(+)
    
    diff --git a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js
    index c610aff..42eb0d6 100644
    a b pref("noscript.restrictSubdocScripting", true); 
    5656pref("noscript.showVolatilePrivatePermissionsToggle", false);
    5757pref("noscript.volatilePrivatePermissions", true);
    5858pref("noscript.clearClick", 0);
     59
     60# PDF.js
     61// needs to be a user_pref because pdf.js blows away non-user prefs with it's own defaults each time
     62user_pref("pdfjs.disableRange", true);
  • projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js

    diff --git a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
    index c610aff..42eb0d6 100644
    a b pref("noscript.restrictSubdocScripting", true); 
    5656pref("noscript.showVolatilePrivatePermissionsToggle", false);
    5757pref("noscript.volatilePrivatePermissions", true);
    5858pref("noscript.clearClick", 0);
     59
     60# PDF.js
     61// needs to be a user_pref because pdf.js blows away non-user prefs with it's own defaults each time
     62user_pref("pdfjs.disableRange", true);
  • projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js

    diff --git a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js
    index c610aff..42eb0d6 100644
    a b pref("noscript.restrictSubdocScripting", true); 
    5656pref("noscript.showVolatilePrivatePermissionsToggle", false);
    5757pref("noscript.volatilePrivatePermissions", true);
    5858pref("noscript.clearClick", 0);
     59
     60# PDF.js
     61// needs to be a user_pref because pdf.js blows away non-user prefs with it's own defaults each time
     62user_pref("pdfjs.disableRange", true);