Browse Source

Bug 8725: Block `chrome://` based fingerprinting with nsIContentPolicy.

Most addons do not set `contentaccessible=yes`, however behavior should
be consistent even if such addons are installed.

This does not affect any of the standard addons shipped with Tor Browser, but
will break user installed addons that depend on actually being able to
access `chrome://` URLs in this manner.
Yawning Angel 3 years ago
parent
commit
ace11cd802
1 changed files with 4 additions and 4 deletions
  1. 4 4
      src/components/content-policy.js

+ 4 - 4
src/components/content-policy.js

@@ -24,12 +24,12 @@ ContentPolicy.prototype = {
   _xpcom_categories: [{category: "content-policy"}],
 
   shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
-    // Accept if no content URI or scheme is not a resource.
-    if (!aContentLocation || !aContentLocation.schemeIs('resource'))
+    // Accept if no content URI or scheme is not a resource/chrome.
+    if (!aContentLocation || !(aContentLocation.schemeIs('resource') || aContentLocation.schemeIs('chrome')))
       return Ci.nsIContentPolicy.ACCEPT;
 
-    // Accept if no origin URI, or if the origin URI scheme is chrome/resource.
-    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome'))
+    // Accept if no origin URI or if origin scheme is chrome/resource/about.
+    if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
       return Ci.nsIContentPolicy.ACCEPT;
 
     // Accept if resource directly loaded into a tab.