Fixed UNTRUSTED domains accidentally set in "match HTTPS only" mode (issue #126).
This commit is contained in:
parent
3bf2aab052
commit
eaf3c8376e
|
@ -329,8 +329,12 @@ var {Permissions, Policy, Sites} = (() => {
|
||||||
if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) {
|
if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) {
|
||||||
let {trusted, untrusted, temp, custom} = dry.sites;
|
let {trusted, untrusted, temp, custom} = dry.sites;
|
||||||
let sites = Sites.hydrate(custom);
|
let sites = Sites.hydrate(custom);
|
||||||
for (let key of trusted) sites.set(key, options.TRUSTED);
|
for (let key of trusted) {
|
||||||
for (let key of untrusted) sites.set(key, options.UNTRUSTED);
|
sites.set(key, options.TRUSTED);
|
||||||
|
}
|
||||||
|
for (let key of untrusted) {
|
||||||
|
sites.set(Sites.toggleSecureDomainKey(key, false), options.UNTRUSTED);
|
||||||
|
}
|
||||||
if (temp) {
|
if (temp) {
|
||||||
let tempPreset = options.TRUSTED.tempTwin;
|
let tempPreset = options.TRUSTED.tempTwin;
|
||||||
for (let key of temp) sites.set(key, tempPreset);
|
for (let key of temp) sites.set(key, tempPreset);
|
||||||
|
@ -427,7 +431,7 @@ var {Permissions, Policy, Sites} = (() => {
|
||||||
|
|
||||||
if (perms === this.UNTRUSTED) {
|
if (perms === this.UNTRUSTED) {
|
||||||
cascade = true;
|
cascade = true;
|
||||||
Sites.toggleSecureDomainKey(siteKey, false);
|
siteKey = Sites.toggleSecureDomainKey(siteKey, false);
|
||||||
}
|
}
|
||||||
if (cascade && !url) {
|
if (cascade && !url) {
|
||||||
for (let subMatch; (subMatch = sites.match(siteKey));) {
|
for (let subMatch; (subMatch = sites.match(siteKey));) {
|
||||||
|
|
|
@ -9,7 +9,9 @@
|
||||||
p1.set("perchè.com", p1.TRUSTED);
|
p1.set("perchè.com", p1.TRUSTED);
|
||||||
p1.set("10", p1.TRUSTED);
|
p1.set("10", p1.TRUSTED);
|
||||||
p1.set("192.168", p1.TRUSTED);
|
p1.set("192.168", p1.TRUSTED);
|
||||||
p1.set("192.168.69", p1.UNTRUSTED)
|
p1.set("192.168.69", p1.UNTRUSTED);
|
||||||
|
// secureDomainKey should be "downgraded" by UTRUSTED, issue #126
|
||||||
|
p1.set(Sites.secureDomainKey("evil.com"), p1.UNTRUSTED);
|
||||||
let p2 = new Policy(p1.dry());
|
let p2 = new Policy(p1.dry());
|
||||||
debug("p1", JSON.stringify(p1.dry()));
|
debug("p1", JSON.stringify(p1.dry()));
|
||||||
debug("p2", JSON.stringify(p2.dry()));
|
debug("p2", JSON.stringify(p2.dry()));
|
||||||
|
@ -31,7 +33,8 @@
|
||||||
() => !p1.can("https://192.168.69.1"),
|
() => !p1.can("https://192.168.69.1"),
|
||||||
() => !p1.can("https://10.0.0.1"),
|
() => !p1.can("https://10.0.0.1"),
|
||||||
() => p1.can("http://192.168.1.2"),
|
() => p1.can("http://192.168.1.2"),
|
||||||
() => p1.can("http://some.onion")
|
() => p1.can("http://some.onion"),
|
||||||
|
() => !p1.can("http://evil.com"),
|
||||||
]) Test.run(t);
|
]) Test.run(t);
|
||||||
Sites.onionSecure = onionSecureCurrent;
|
Sites.onionSecure = onionSecureCurrent;
|
||||||
Test.report();
|
Test.report();
|
||||||
|
|
Loading…
Reference in New Issue