diff options
Diffstat (limited to 'src/bg')
| -rw-r--r-- | src/bg/Defaults.js | 10 | ||||
| -rw-r--r-- | src/bg/RequestGuard.js | 4 | ||||
| -rw-r--r-- | src/bg/Settings.js | 85 | ||||
| -rw-r--r-- | src/bg/main.js | 6 |
4 files changed, 87 insertions, 18 deletions
diff --git a/src/bg/Defaults.js b/src/bg/Defaults.js index ef2311f..f1b9a18 100644 --- a/src/bg/Defaults.js +++ b/src/bg/Defaults.js @@ -10,9 +10,13 @@ var Defaults = { showFullAddresses: false,
},
sync: {
- "global": false,
- "xss": true,
- "clearclick": true
+ global: false,
+ xss: true,
+ cascadeRestrictions : false,
+ xssScanRequestBody: true,
+ xssBlockUnscannedPOST: false,
+ overrideTorBrowserPolicy: false, // note: Settings.update() on reset will flip this to true
+ clearclick: true,
}
};
let defaultsClone = JSON.parse(JSON.stringify(defaults));
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index d27bacb..0731b7b 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -329,7 +329,7 @@ var RequestGuard = (() => { capabilities = perms.capabilities; } else { capabilities = perms.capabilities; - if (frameAncestors && frameAncestors.length > 0) { + if (frameAncestors && frameAncestors.length > 0 && ns.sync.cascadeRestrictions) { // cascade top document's restrictions to subframes let topUrl = frameAncestors.pop().url; let topPerms = policy.get(topUrl, topUrl).perms; @@ -382,7 +382,7 @@ var RequestGuard = (() => { if (pending) { pending.scriptBlocked = scriptBlocked; if (!(pending.headersProcessed && - (scriptBlocked || !ns.isEnforced(tabId) || ns.policy.can(url, "script", request.documentURL)) + (scriptBlocked || !ns.requestCan(request, "script")) )) { debug("[WARNING] onHeadersReceived %s %o", frameId, tabId, pending.headersProcessed ? "has been overridden on": "could not process", diff --git a/src/bg/Settings.js b/src/bg/Settings.js index 0a911ee..c0af149 100644 --- a/src/bg/Settings.js +++ b/src/bg/Settings.js @@ -81,8 +81,66 @@ var Settings = { tabId, unrestrictedTab, reloadAffected, + isTorBrowser, } = settings; - if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices); + + let oldDebug = ns.local.debug; + + let reloadOptionsUI = false; + + if (isTorBrowser) { + // Tor Browser-specific settings + ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting + ns.defaults.sync.cascadeRestrictions = true; // we want this to be the default even on reset + if (!this.gotTorBrowserInit) { + // First initialization message from the Tor Browser + this.gotTorBrowserInit = true; + if (ns.sync.overrideTorBrowserPolicy) { + // If the user chose to override Tor Browser's policy we skip + // copying the Security Level preset on startup (only). + // Manually changing the security level works as usual. + ns.local.isTorBrowser = true; + await ns.save(ns.local); + return; + } + } else { + reloadOptionsUI = true; + } + + let torBrowserSettings = { + local: { + isTorBrowser: true, + }, + sync: { + cascadeRestrictions: true, + xssScanRequestBody: false, + xssBlockUnscannedPOST: true, + } + } + for (let [storage, prefs] of Object.entries(torBrowserSettings)) { + settings[storage] = Object.assign(settings[storage] || {}, prefs); + } + } + + if (settings.sync === null) { + // overriden defaults when user manually resets options + + // we want the reset options to stick (otherwise it gets very confusing) + ns.defaults.sync.overrideTorBrowserPolicy = true; + reloadOptionsUI = true; + } + + await Promise.all(["local", "sync"].map( + async storage => (settings[storage] || // changed or... + settings[storage] === null // ... needs reset to default + ) && await ns.save(settings[storage] + ? Object.assign(ns[storage], settings[storage]) : ns[storage] = ns.defaults[storage]) + )); + if (ns.local.debug !== oldDebug) { + await include("/lib/log.js"); + if (oldDebug) debug = () => {}; + } + if (policy) { ns.policy = new Policy(policy); await ns.savePolicy(); @@ -95,22 +153,15 @@ var Settings = { browser.tabs.reload(tabId); } - let oldDebug = ns.local.debug; - await Promise.all(["local", "sync"].map( - storage => (settings[storage] || // changed or... - settings[storage] === null // ... needs reset to default - ) && ns.save( - ns[storage] = settings[storage] || ns.defaults[storage]) - )); - if (ns.local.debug !== oldDebug) { - await include("/lib/log.js"); - if (oldDebug) debug = () => {}; - } + if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices); + if (ns.sync.xss) { XSS.start(); } else { XSS.stop(); } + + if (reloadOptionsUI) await this.reloadOptionsUI(); }, export() { @@ -125,5 +176,15 @@ var Settings = { async enforceTabRestrictions(tabId, unrestricted = ns.unrestrictedTabs.has(tabId)) { await ChildPolicies.storeTabInfo(tabId, unrestricted && {unrestricted: true}); return unrestricted; + }, + + async reloadOptionsUI() { + try { + for (let t of await browser.tabs.query({url: browser.runtime.getManifest().options_ui.page })) { + browser.tabs.reload(t.id); + }; + } catch (e) { + error(e); + } } } diff --git a/src/bg/main.js b/src/bg/main.js index e9a4055..8ff2d55 100644 --- a/src/bg/main.js +++ b/src/bg/main.js @@ -180,6 +180,10 @@ return this.policy.enforced && (tabId === -1 || !this.unrestrictedTabs.has(tabId)); }, + requestCan(request, capability) { + return !this.isEnforced(request.tabId) || this.policy.can(request.url, capability, request.documentURL); + }, + start() { if (this.running) return; this.running = true; @@ -225,7 +229,7 @@ let toBeSaved = { [obj.storage]: obj }; - Storage.set(obj.storage, toBeSaved); + await Storage.set(obj.storage, toBeSaved); } return obj; }, |