Changes between Initial Version and Version 1 of Ticket #11183, comment 6


Ignore:
Timestamp:
Aug 26, 2019, 3:05:35 AM (7 weeks ago)
Author:
dcf
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #11183, comment 6

    initial v1  
    11In [https://lists.torproject.org/pipermail/tor-dev/2014-March/006441.html this post] I reported that I had a prototype browser extension that worked in Iceweasel but not in Tor Browser. Mark [https://lists.torproject.org/pipermail/tor-dev/2014-March/006447.html discovered] that the connection was throwing [https://developer.mozilla.org/en-US/docs/Table_Of_Errors NS_ERROR_UNKNOWN_PROXY_HOST (0x804B002A)]. Mike traced the cause to this patch that is specific to Tor Browser:
    2  * https://gitweb.torproject.org/tor-browser.git/commitdiff/5069a3ee8fa51546a8ad582e6004be66bc9748aa
    3 Specifically, [https://gitweb.torproject.org/tor-browser.git/blob/5069a3ee8fa51546a8ad582e6004be66bc9748aa:/netwerk/dns/nsDNSService2.cpp#l615 here in nsDNSService::AsyncResolve] is where the error is returned. If I comment out the error return, the extension works in Tor Browser just like in Iceweasel. That is, it does DNS and and HTTPS requests for www.google.com outside of the proxy, just as intended.
     2 * https://gitweb.torproject.org/tor-browser.git/commit/?id=5069a3ee8fa51546a8ad582e6004be66bc9748aa
     3Specifically, [https://gitweb.torproject.org/tor-browser.git/tree/netwerk/dns/nsDNSService2.cpp?id=5069a3ee8fa51546a8ad582e6004be66bc9748aa#n615 here in nsDNSService::AsyncResolve] is where the error is returned. If I comment out the error return, the extension works in Tor Browser just like in Iceweasel. That is, it does DNS and and HTTPS requests for www.google.com outside of the proxy, just as intended.
    44
    55The 5069a3ee Tor Browser patch has a reason for existing, though, so we shouldn't simply undo it. It's meant to guard against unexpected DNS leaks in Firefox and extensions. I've thought of two potential ways to deal with the situation: