- May 08, 2024
- May 07, 2024
-
-
Pier Angelo Vendrame authored
-
Bug 42405: Fix betterboxing + findbar horizontal bounce if the scrollbar is not an overlay.
-
These files are built reproducibly using tor-browser-build: tor-browser-build!715 We're manually adding them here while working on the interface, but eventually these should be placed in the right location using tor-browser-build.
-
-
-
-
-
Bug 42537: Move tor-browser.ftl to toolkit.
-
Bug 42221: Migrate downloads warning strings to Fluent.
-
Shown in the downloads panel, about:downloads and places.xhtml.
-
-
Pier Angelo Vendrame authored
For now this function only deletes old language packs for which we are already packaging the strings with the application.
-
Pier Angelo Vendrame authored
This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation.
-
Bug 42537: Move tor-browser.ftl to toolkit.
-
Bug 42206: Migrate ruleset strings to Fluent.
-
Pier Angelo Vendrame authored
We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates.
-
Bug 42538: Move onion icons to toolkit.
-
Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar.
-
Bug 42542: Add a logger to OnionAuthPrompt.
-
Bug 42542: Add documentation to OnionAuthPrompt.
-
Bug 42542: Use "keydown" instead of deprecated "keypress". Also, stop handling "Escape" key since it is already handled by PopupNotification.
-
Bug 42542: Follow recent coding conventions. Do not prefix variable names with "a" and use triple equality.
-
Bug 42542: Reset the authentication prompt when switching between two authentication tabs. We keep a record of which tab details are being shown in the notification popup. We reset the prompt whenever we want to show different details. We also fetch elements and set event listeners (once) when we initialize OnionAuthPrompt. In particular, the listeners should only react to the shown details. We also assume that elements with an ID exist in the DOM.
-
Bug 42542: Re-handle showing errors. Call "_showWarning" rather than "show" when we have an error. Do not attempt to show the prompt if we cannot determine the onion service id. For the service id regex, use "^(.*\.)?" instead of "^(.*\.)*": since the ".*" is greedy, this can only ever match up to once.
-
Bug 42542: Lint after removing OnionServicesAuthPrompt class.
-
Bug 42542: Remove the OnionServicesAuthPrompt class. The class is merged into OnionAuthPrompt. This currently only works when only one tab triggers the prompt at a time. Not linted to improve commit readability.
-
Bug 42537: Move tor-browser.ftl to toolkit.
-
Bug 42538: Move onion icons to toolkit.
-
Bug 41622: Follow net error style from mozilla. We drop our additions to the page and work with the existing files from mozilla.
-
When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key. If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page. If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt. Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt. Add support for onion services strings to the TorStrings module. Add support for Tor extended...
-
Bug 42538: Move onion icons to toolkit.
-
Bug 41622: Add context-stroke to onion-warning.svg.
-
Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of ...
-
-
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want.
-
eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed. Also: Bug 16322: Update DuckDuckGo search engine We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well. Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly. Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for. Also regression tests. squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40494: Update Startpage search provider squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40438: Add Blockchair as a search engine Bug 33342: Avoid disconnect search addon error after removal. We removed the addon in #32767, but it was still being loaded from addonStartup.json.lz4 and throwing an error on startup because its resource: location is not available anymore.
-
It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key
-
Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor.
-