From ad5f6b1786ad1dc09b88ed9eef9cd558d726a665 Mon Sep 17 00:00:00 2001 From: hackademix Date: Sun, 27 Oct 2019 21:33:21 +0000 Subject: [Tor] Treat .onion sites whose protocol is HTTP as if it was HTTPS. --- src/bg/Settings.js | 2 ++ src/common/Policy.js | 3 +++ src/ui/ui.js | 10 +++++++--- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/bg/Settings.js b/src/bg/Settings.js index 57e6067..d18419b 100644 --- a/src/bg/Settings.js +++ b/src/bg/Settings.js @@ -92,6 +92,8 @@ var Settings = { // Tor Browser-specific settings ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting ns.defaults.sync.cascadeRestrictions = true; // we want this to be the default even on reset + Sites.onionSecure = true; + if (!this.gotTorBrowserInit) { // First initialization message from the Tor Browser this.gotTorBrowserInit = true; diff --git a/src/common/Policy.js b/src/common/Policy.js index 401b19f..e7818d9 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -65,6 +65,9 @@ var {Permissions, Policy, Sites} = (() => { } } if (url) { + if (Sites.onionSecure && url.protocol === "http:" && url.hostname.endsWith(".onion")) { + url.protocol = "https:"; + } let path = url.pathname; siteKey = url.origin; if (siteKey === "null") { diff --git a/src/ui/ui.js b/src/ui/ui.js index 5c358be..7025ce6 100644 --- a/src/ui/ui.js +++ b/src/ui/ui.js @@ -38,11 +38,15 @@ var UI = (() => { UI.xssUserChoices = m.xssUserChoices; UI.local = m.local; UI.sync = m.sync; - if (UI.local && !UI.local.debug) { - debug = () => {}; // be quiet! - } + if (UI.local) { + if (!UI.local.debug) { + debug = () => {}; // be quiet! + } document.documentElement.classList.toggle("tor", !!UI.local.isTorBrowser); + if (UI.local.isTorBrowser) { + Sites.onionSecure = true; + } } resolve(); if (UI.onSettings) UI.onSettings(); -- cgit v1.2.3