Ticket #26540: 0001-Bug-26540-Enabling-pdfjs-disableRange-option-prevent(torbutton).patch

File 0001-Bug-26540-Enabling-pdfjs-disableRange-option-prevent(torbutton).patch, 2.9 KB (added by pospeselr, 9 months ago)
  • src/components/domain-isolator.js

    From fdda20b2e052004dafdf8bc89f3ea764f6f4857f Mon Sep 17 00:00:00 2001
    From: Richard Pospesel <richard@torproject.org>
    Date: Fri, 13 Jul 2018 18:26:55 -0700
    Subject: [PATCH] Bug 26540: Enabling pdfjs disableRange option prevents pdfs
     from loading
    
    The temporary solution for #15599 was to disable range-based requests in
    pdfjs.  The range-based requests involved XMLHttpRequests individual PDF
    pages in chunks as needed for viewing, rather than downloading the
    entire pdf file to before viewing.  This created worse user experience,
    but first party isolation guarantees were respected.
    
    In ESR60, disabling range-based requests seems to prevent PDFs from ever
    loading, so an actual solution is required.
    
    This patch smuggles in the first-party domain on the
    nsIPrivateBrowsingChannel interface.  If the first-party domain normally
    read from the Channel->LoadInfo->OriginAttributes is blank, than
    torbutton will try to read it off of the Channel itself.  In pdfjs, the
    XMLHttpRequest's Channel gets a copy of the first-party domain string
    provided by the 'node principal'.
    
    We cannot update the Channel's LoadInfo->OriginAttributes directly,
    because internal logic performs checks ensuring that the LoadInfo
    matches that of the XMLHttpRequest's security principal.  In the case of
    XMLHttpRequest created in pdfjs,the security principal is the
    'System Principal' since it is technically created inside of firefox
    chrome code.
    ---
     src/components/domain-isolator.js | 9 +++++++++
     1 file changed, 9 insertions(+)
    
    diff --git a/src/components/domain-isolator.js b/src/components/domain-isolator.js
    index fc28703f..f2ff8b95 100644
    a b tor.isolateCircuitsByDomain = function () { 
    135135  mozilla.registerProxyChannelFilter(function (aChannel, aProxy) {
    136136    if (!tor.isolationEnabled) {
    137137      return aProxy;
    138138    }
    139139    try {
    140140      let channel = aChannel.QueryInterface(Ci.nsIChannel),
    141141          proxy = aProxy.QueryInterface(Ci.nsIProxyInfo),
    142142          firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;
     143
     144      // check to see if we've stowed the first party domain on the channel itself
     145      // if it is not in the origin attributes.  We do this in cases where the FirstPartyDomain is known
     146      // at channel creation which is owned by a System Context (which overwrites the channel's LoadInfo).
     147      if (firstPartyDomain === "" && channel instanceof Ci.nsIPrivateBrowsingChannel) {
     148        channel.QueryInterface(Ci.nsIPrivateBrowsingChannel);
     149        firstPartyDomain = channel.firstPartyDomain;
     150      }
     151
    143152      if (firstPartyDomain === "") {
    144153        firstPartyDomain = "--unknown--";
    145154        if (Date.now() - tor.unknownDirtySince > 1000*10*60) {
    146155          logger.eclog(3, "tor catchall circuit has been dirty for over 10 minutes. Rotating.");
    147156          tor.newCircuitForDomain("--unknown--");
    148157          tor.unknownDirtySince = Date.now();
    149158        }
    150159      }