Selective handling of Tor Browser options and work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530

4 files changed, 72 insertions, 14 deletions

diff --git a/src/bg/Defaults.js b/src/bg/Defaults.js
index ef2311f..892ee40 100644
--- a/src/bg/Defaults.js
+++ b/src/bg/Defaults.js
@@ -12,7 +12,10 @@ var Defaults = {
       sync: {

         "global": false,

         "xss": true,

-        "clearclick": true

+        "xssScanRequestBody": true,

+        "xssBlockUnscannedPOST": false,

+        "overrideTorBrowserPolicy": false, // note: Settings.update() on reset will flip this to true

+        "clearclick": true,

       }

     };

     let defaultsClone = JSON.parse(JSON.stringify(defaults));

diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index a174eba..2f590dc 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -379,7 +379,7 @@ var RequestGuard = (() => {
       if (pending) {
         pending.scriptBlocked = scriptBlocked;
         if (!(pending.headersProcessed &&
-            (scriptBlocked || !ns.isEnforced(tabId) || ns.policy.can(url, "script", request.documentURL))
+            (scriptBlocked || !ns.requestCan(request, "script"))
           )) {
           debug("[WARNING] onHeadersReceived %s %o", frameId, tabId,
             pending.headersProcessed ? "has been overridden on": "could not process",
diff --git a/src/bg/Settings.js b/src/bg/Settings.js
index 0a911ee..3efc4ad 100644
--- a/src/bg/Settings.js
+++ b/src/bg/Settings.js
@@ -81,8 +81,56 @@ var Settings = {
       tabId,
       unrestrictedTab,
       reloadAffected,
+      isTorBrowser,
     } = settings;
-    if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices);
+
+    let oldDebug = ns.local.debug;
+
+    let reloadOptionsUI = false;
+
+    if (isTorBrowser) {
+      // Tor Browser-specific settings
+      ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting
+      if (!this.gotTorBrowserInit) {
+        // First initialization message from the Tor Browser
+        this.gotTorBrowserInit = true;
+        if (ns.sync.overrideTorBrowserPolicy) {
+          // If the user chose to override Tor Browser's policy we skip
+          // copying the Security Level preset on startup (only).
+          // Manually changing the security level works as usual.
+          ns.local.isTorBrowser = true;
+          await ns.save(ns.local);
+          return;
+        }
+      } else {
+        reloadOptionsUI = true;
+      }
+      if (!settings.local) settings.local = {};
+      settings.local.isTorBrowser = true;
+      if (!settings.sync) settings.sync = {};
+      settings.sync.xssScanRequestBody = false;
+      settings.sync.xssBlockUnscannedPOST = true;
+    }
+
+    if (settings.sync === null) {
+      // overriden defaults when user manually resets options
+
+      // we want the reset options to stick (otherwise it gets very confusing)
+      ns.defaults.sync.overrideTorBrowserPolicy = true;
+      reloadOptionsUI = true;
+    }
+
+    await Promise.all(["local", "sync"].map(
+      async storage => (settings[storage] || // changed or...
+          settings[storage] === null // ... needs reset to default
+        ) && await ns.save(settings[storage]
+            ? Object.assign(ns[storage], settings[storage]) : ns[storage] = ns.defaults[storage])
+    ));
+    if (ns.local.debug !== oldDebug) {
+      await include("/lib/log.js");
+      if (oldDebug) debug = () => {};
+    }
+
     if (policy) {
       ns.policy = new Policy(policy);
       await ns.savePolicy();
@@ -95,22 +143,15 @@ var Settings = {
       browser.tabs.reload(tabId);
     }
 
-    let oldDebug = ns.local.debug;
-    await Promise.all(["local", "sync"].map(
-      storage => (settings[storage] || // changed or...
-          settings[storage] === null // ... needs reset to default
-        ) && ns.save(
-            ns[storage] = settings[storage] || ns.defaults[storage])
-    ));
-    if (ns.local.debug !== oldDebug) {
-      await include("/lib/log.js");
-      if (oldDebug) debug = () => {};
-    }
+    if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices);
+
     if (ns.sync.xss) {
       XSS.start();
     } else {
       XSS.stop();
     }
+
+    if (reloadOptionsUI) await this.reloadOptionsUI();
   },
 
   export() {
@@ -125,5 +166,15 @@ var Settings = {
   async enforceTabRestrictions(tabId, unrestricted = ns.unrestrictedTabs.has(tabId)) {
     await ChildPolicies.storeTabInfo(tabId, unrestricted && {unrestricted: true});
     return unrestricted;
+  },
+
+  async reloadOptionsUI() {
+    try {
+      for (let t of await browser.tabs.query({url: browser.runtime.getManifest().options_ui.page })) {
+        browser.tabs.reload(t.id);
+      };
+    } catch (e) {
+      error(e);
+    }
   }
 }
diff --git a/src/bg/main.js b/src/bg/main.js
index 18abe70..7bd72a6 100644
--- a/src/bg/main.js
+++ b/src/bg/main.js
@@ -180,6 +180,10 @@
       return this.policy.enforced && (tabId === -1 || !this.unrestrictedTabs.has(tabId));
     },
 
+    requestCan(request, capability) {
+      return !this.isEnforced(request.tabId) || this.policy.can(request.url, "script", request.documentURL);
+    },
+
     start() {
       if (this.running) return;
       this.running = true;