From 97a4a7a4d95a59dc61612bd486626fe32d1ca4b4 Mon Sep 17 00:00:00 2001 From: Arthur Edelstein Date: Sat, 14 Jul 2018 08:50:55 -0700 Subject: [PATCH] Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. --- .../components/remotebrowserutils/RemoteWebNavigation.jsm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm index 8713aeb563577..6d971c10180a6 100644 --- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm +++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm @@ -96,6 +96,9 @@ RemoteWebNavigation.prototype = { }, loadURI(aURI, aLoadURIOptions) { let uri; +/******************************************************************************* + TOR BROWSER: Disable the following speculative connect until + we can make it properly obey first-party isolation. // We know the url is going to be loaded, let's start requesting network // connection before the content process asks. @@ -128,7 +131,7 @@ RemoteWebNavigation.prototype = { // reason (such as failing to parse the URI), just ignore it. } } - +*******************************************************************************/ let cancelContentJSEpoch = this._cancelContentJSEpoch++; this._browser.frameLoader.remoteTab.maybeCancelContentJSExecution( Ci.nsIRemoteTab.NAVIGATE_URL, -- GitLab