Closed Bug 1433357 Opened 2 years ago Closed 2 years ago

Prevent proxy bypass via file dialog (Linux)


(Core :: Widget: Gtk, enhancement)

Not set



Tracking Status
firefox60 --- fixed


(Reporter: arthur, Assigned: arthur)


(Blocks 1 open bug)


(Whiteboard: [tor 18101])


(2 files, 4 obsolete files)

On Linux, if the user enters a remote URL in the Open File Dialog, the proxy can be bypassed. In Tor Browser, we added the following patch:
and here's the original ticket:

We would like to propose uplifting this patch, perhaps behind a flag.
Blocks: ProxyBypass
Hi Mike and Karl, would you be able to review these? The first patch adds the general "--enable-proxy-bypass-protection" build flag, and the second patch is specifically for the linux file dialog.
Attachment #8946328 - Flags: review?(karlt)
Comment on attachment 8946325 [details] [diff] [review]

Review of attachment 8946325 [details] [diff] [review]:

@@ +4213,5 @@
>  dnl ========================================================
> +dnl enable proxy bypass protection
> +dnl ========================================================
> +MOZ_ARG_ENABLE_BOOL(proxy-bypass-protection,
> +[  --enable-proxy-bypass-protection      Enable proxy bypass protection],

It would be better to put all this in python configure. This should go in toolkit/moz.configure, and could look like:

option('--enable-proxy-bypass-protection', help='...')

def proxy_bypass_protection(_):
    return True

set_config('MOZ_PROXY_BYPASS_PROTECTION', proxy_bypass_protection)
set_define('MOZ_PROXY_BYPASS_PROTECTION', proxy_bypass_protection)
Attachment #8946325 - Flags: review?(mh+mozilla)
Comment on attachment 8946328 [details] [diff] [review]

Please place the preprocessor directives and comment around the whole mAllowURLs test and block to indicate that the whole block becomes irrelevant.

Please include more context in future patches:
That can be done by including this in ~/.hgrc or .hg/hgrc:
git = true
showfunc = 1
unified = 8
Attachment #8946328 - Flags: review?(karlt) → review+
(In reply to Mike Hommey [:glandium] from comment #3)

Thanks for the review here's a new version with the code you proposed.
Attachment #8946325 - Attachment is obsolete: true
Attachment #8948012 - Flags: review?(mh+mozilla)
(In reply to Karl Tomlinson (:karlt) from comment #4)

Thanks, Karl. Here's a new version with the changes you suggested.
Attachment #8946328 - Attachment is obsolete: true
(Oops, trying again.)
Attachment #8948013 - Attachment is obsolete: true
(Replacing incorrect file.)
Attachment #8948012 - Attachment is obsolete: true
Attachment #8948012 - Flags: review?(mh+mozilla)
Attachment #8948015 - Flags: review?(mh+mozilla)
Attachment #8948014 - Flags: review?(karlt)
Attachment #8948014 - Flags: review?(karlt) → review+
Attachment #8948015 - Flags: review?(mh+mozilla) → review+
Keywords: checkin-needed
Pushed by
Part 1: Add proxy bypass protection flag r=glandium
Part 2: Suppress upload-file-dialog proxy bypass in Linux r=karlt
Keywords: checkin-needed
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Assignee: nobody → arthuredelstein
You need to log in before you can comment on or make changes to this bug.