mirror of https://github.com/gorhill/uBlock.git
Do not cname-uncloak when a proxy is in use
Related issue: - https://github.com/uBlockOrigin/uBlock-issues/issues/911 Since cname-uncloaking is available only on Firefox at the moment, the fix is relevant only to Firefox. By default uBO will no longer cname-uncloak when it detects that network requests are being being proxied. This default behavior can be overriden by setting the new advanced setting `cnameUncloakProxied` to `true`. The new setting default to `false`, i.e. cname-uncloaking is disabled when uBO detects that a proxy is in use. This new advanced setting may disappear once the following Firefox issue is fixed: - https://bugzilla.mozilla.org/show_bug.cgi?id=1618271
This commit is contained in:
parent
f5204235b7
commit
3f7ece9469
|
@ -72,14 +72,32 @@
|
|||
}
|
||||
setOptions(options) {
|
||||
super.setOptions(options);
|
||||
if ( 'cnameUncloak' in options ) {
|
||||
this.cnameUncloak = browser.dns instanceof Object &&
|
||||
options.cnameUncloak !== false;
|
||||
this.cnameIgnoreList = this.regexFromStrList(options.cnameIgnoreList);
|
||||
this.cnameIgnore1stParty = options.cnameIgnore1stParty !== false;
|
||||
this.cnameIgnoreExceptions = options.cnameIgnoreExceptions !== false;
|
||||
this.cnameIgnoreRootDocument = options.cnameIgnoreRootDocument !== false;
|
||||
}
|
||||
if ( 'cnameIgnoreList' in options ) {
|
||||
this.cnameIgnoreList =
|
||||
this.regexFromStrList(options.cnameIgnoreList);
|
||||
}
|
||||
if ( 'cnameIgnore1stParty' in options ) {
|
||||
this.cnameIgnore1stParty =
|
||||
options.cnameIgnore1stParty !== false;
|
||||
}
|
||||
if ( 'cnameIgnoreExceptions' in options ) {
|
||||
this.cnameIgnoreExceptions =
|
||||
options.cnameIgnoreExceptions !== false;
|
||||
}
|
||||
if ( 'cnameIgnoreRootDocument' in options ) {
|
||||
this.cnameIgnoreRootDocument =
|
||||
options.cnameIgnoreRootDocument !== false;
|
||||
}
|
||||
if ( 'cnameMaxTTL' in options ) {
|
||||
this.cnameMaxTTL = options.cnameMaxTTL || 120;
|
||||
}
|
||||
if ( 'cnameReplayFullURL' in options ) {
|
||||
this.cnameReplayFullURL = options.cnameReplayFullURL === true;
|
||||
}
|
||||
this.cnames.clear(); this.cnames.set('', '');
|
||||
this.cnameFlushTime = Date.now() + this.cnameMaxTTL * 60000;
|
||||
}
|
||||
|
|
|
@ -54,6 +54,7 @@ const µBlock = (( ) => { // jshint ignore:line
|
|||
cnameMaxTTL: 120,
|
||||
cnameReplayFullURL: false,
|
||||
cnameUncloak: true,
|
||||
cnameUncloakProxied: false,
|
||||
consoleLogLevel: 'unset',
|
||||
debugScriptlets: false,
|
||||
debugScriptletInjector: false,
|
||||
|
@ -105,6 +106,7 @@ const µBlock = (( ) => { // jshint ignore:line
|
|||
cloudStorageSupported: vAPI.cloud instanceof Object,
|
||||
canFilterResponseData: typeof browser.webRequest.filterResponseData === 'function',
|
||||
canInjectScriptletsNow: vAPI.webextFlavor.soup.has('chromium'),
|
||||
proxyDNS: undefined,
|
||||
|
||||
// https://github.com/chrisaljoudi/uBlock/issues/180
|
||||
// Whitelist directives need to be loaded once the PSL is available
|
||||
|
|
|
@ -143,6 +143,16 @@ self.addEventListener('hiddenSettingsChanged', ( ) => {
|
|||
cnameReplayFullURL: µBlock.hiddenSettings.cnameReplayFullURL,
|
||||
cnameUncloak: µBlock.hiddenSettings.cnameUncloak,
|
||||
});
|
||||
// https://github.com/uBlockOrigin/uBlock-issues/issues/911
|
||||
// See uBO's onHeadersReceived() listener.
|
||||
if (
|
||||
µBlock.hiddenSettings.cnameUncloak === false ||
|
||||
µBlock.hiddenSettings.cnameUncloakProxied === true
|
||||
) {
|
||||
µBlock.proxyDNS = false;
|
||||
} else {
|
||||
µBlock.proxyDNS = undefined;
|
||||
}
|
||||
});
|
||||
|
||||
/******************************************************************************/
|
||||
|
|
|
@ -441,6 +441,17 @@ const onHeadersReceived = function(details) {
|
|||
const isRootDoc = requestType === 'main_frame';
|
||||
const isDoc = isRootDoc || requestType === 'sub_frame';
|
||||
|
||||
// https://github.com/uBlockOrigin/uBlock-issues/issues/911
|
||||
// We detect here whether network requests are proxied, and if so,
|
||||
// de-aliasing of hostnames will be disabled to avoid possible
|
||||
// DNS leaks.
|
||||
if ( isRootDoc && µb.proxyDNS === undefined ) {
|
||||
µb.proxyDNS = details.proxyInfo instanceof Object;
|
||||
if ( µb.proxyDNS ) {
|
||||
vAPI.Net.setOptions({ cnameUncloak: false });
|
||||
}
|
||||
}
|
||||
|
||||
let pageStore = µb.pageStoreFromTabId(fctxt.tabId);
|
||||
if ( pageStore === null ) {
|
||||
if ( isRootDoc === false ) { return; }
|
||||
|
@ -454,11 +465,7 @@ const onHeadersReceived = function(details) {
|
|||
const responseHeaders = details.responseHeaders;
|
||||
|
||||
if ( requestType === 'image' || requestType === 'media' ) {
|
||||
return foilLargeMediaElement(
|
||||
fctxt,
|
||||
pageStore,
|
||||
responseHeaders
|
||||
);
|
||||
return foilLargeMediaElement(fctxt, pageStore, responseHeaders);
|
||||
}
|
||||
|
||||
if ( isDoc === false ) { return; }
|
||||
|
|
Loading…
Reference in New Issue