Remove "facilitator" query string parameter.

This could be used to cause browsers to issue requests to a third-party
URL.

1 files changed, 3 insertions, 7 deletions

diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js
index 24c7a0d..64a2b90 100644
--- a/proxy/flashproxy.js
+++ b/proxy/flashproxy.js
@@ -1,6 +1,6 @@
 /* Query string parameters. These change how the program runs from the outside.
  * For example:
- *   http://www.example.com/embed.html?facilitator=http://127.0.0.1:9002&debug=1
+ *   http://www.example.com/embed.html?debug=1
  *
  * cookierequired=0|1
  * If true, the proxy will disable itself if the user has not explicitly opted
@@ -27,10 +27,6 @@
  * disables the limit. The default is DEFAULT_RATE_LIMIT. There is a
  * sanity-check minimum of "10K".
  *
- * facilitator=https://host:port/
- * The URL of the facilitator CGI script. By default it is
- * DEFAULT_FACILITATOR_URL.
- *
  * debug=0|1
  * If true, show verbose terminal-like output instead of the badge. The values
  * "1", "true", and the empty string "" all enable debug mode. Any other value
@@ -62,7 +58,7 @@
  * http://autobahn.ws/testsuite/reports/clients/index.html
  */
 
-var DEFAULT_FACILITATOR_URL = "https://fp-facilitator.org/";
+var FACILITATOR_URL = "https://fp-facilitator.org/";
 
 /* Start two connections because some versions of Tor make two PT connections:
 https://lists.torproject.org/pipermail/tor-dev/2012-December/004221.html
@@ -495,7 +491,7 @@ function FlashProxy() {
         var relay_addr;
         var rate_limit_bytes;
 
-        this.fac_url = get_param_string(query, "facilitator", DEFAULT_FACILITATOR_URL);
+        this.fac_url = FACILITATOR_URL;
 
         this.max_num_clients = get_param_integer(query, "max_clients", DEFAULT_MAX_NUM_CLIENTS);
         if (this.max_num_clients === null || this.max_num_clients < 0) {