Skip to content

Commit

Permalink
Do not cname-uncloak when a proxy is in use
Browse files Browse the repository at this point in the history
Related issue:
- uBlockOrigin/uBlock-issues#911

Since cname-uncloaking is available only on Firefox
at the moment, the fix is relevant only to Firefox.

By default uBO will no longer cname-uncloak when it
detects that network requests are being being proxied.

This default behavior can be overriden by setting the
new advanced setting `cnameUncloakProxied` to `true`.
The new setting default to `false`, i.e. cname-uncloaking
is disabled when uBO detects that a proxy is in use.

This new advanced setting may disappear once the
following Firefox issue is fixed:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1618271
  • Loading branch information
gorhill committed Mar 22, 2020
1 parent f520423 commit 3f7ece9
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 13 deletions.
34 changes: 26 additions & 8 deletions platform/firefox/vapi-webrequest.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,14 +72,32 @@
}
setOptions(options) {
super.setOptions(options);
this.cnameUncloak = browser.dns instanceof Object &&
options.cnameUncloak !== false;
this.cnameIgnoreList = this.regexFromStrList(options.cnameIgnoreList);
this.cnameIgnore1stParty = options.cnameIgnore1stParty !== false;
this.cnameIgnoreExceptions = options.cnameIgnoreExceptions !== false;
this.cnameIgnoreRootDocument = options.cnameIgnoreRootDocument !== false;
this.cnameMaxTTL = options.cnameMaxTTL || 120;
this.cnameReplayFullURL = options.cnameReplayFullURL === true;
if ( 'cnameUncloak' in options ) {
this.cnameUncloak = browser.dns instanceof Object &&
options.cnameUncloak !== false;
}
if ( 'cnameIgnoreList' in options ) {
this.cnameIgnoreList =
this.regexFromStrList(options.cnameIgnoreList);
}
if ( 'cnameIgnore1stParty' in options ) {
this.cnameIgnore1stParty =
options.cnameIgnore1stParty !== false;
}
if ( 'cnameIgnoreExceptions' in options ) {
this.cnameIgnoreExceptions =
options.cnameIgnoreExceptions !== false;
}
if ( 'cnameIgnoreRootDocument' in options ) {
this.cnameIgnoreRootDocument =
options.cnameIgnoreRootDocument !== false;
}
if ( 'cnameMaxTTL' in options ) {
this.cnameMaxTTL = options.cnameMaxTTL || 120;
}
if ( 'cnameReplayFullURL' in options ) {
this.cnameReplayFullURL = options.cnameReplayFullURL === true;
}
this.cnames.clear(); this.cnames.set('', '');
this.cnameFlushTime = Date.now() + this.cnameMaxTTL * 60000;
}
Expand Down
2 changes: 2 additions & 0 deletions src/js/background.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ const µBlock = (( ) => { // jshint ignore:line
cnameMaxTTL: 120,
cnameReplayFullURL: false,
cnameUncloak: true,
cnameUncloakProxied: false,
consoleLogLevel: 'unset',
debugScriptlets: false,
debugScriptletInjector: false,
Expand Down Expand Up @@ -105,6 +106,7 @@ const µBlock = (( ) => { // jshint ignore:line
cloudStorageSupported: vAPI.cloud instanceof Object,
canFilterResponseData: typeof browser.webRequest.filterResponseData === 'function',
canInjectScriptletsNow: vAPI.webextFlavor.soup.has('chromium'),
proxyDNS: undefined,

// https://github.com/chrisaljoudi/uBlock/issues/180
// Whitelist directives need to be loaded once the PSL is available
Expand Down
10 changes: 10 additions & 0 deletions src/js/storage.js
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,16 @@ self.addEventListener('hiddenSettingsChanged', ( ) => {
cnameReplayFullURL: µBlock.hiddenSettings.cnameReplayFullURL,
cnameUncloak: µBlock.hiddenSettings.cnameUncloak,
});
// https://github.com/uBlockOrigin/uBlock-issues/issues/911
// See uBO's onHeadersReceived() listener.
if (
µBlock.hiddenSettings.cnameUncloak === false ||
µBlock.hiddenSettings.cnameUncloakProxied === true
) {
µBlock.proxyDNS = false;
} else {
µBlock.proxyDNS = undefined;
}
});

/******************************************************************************/
Expand Down
17 changes: 12 additions & 5 deletions src/js/traffic.js
Original file line number Diff line number Diff line change
Expand Up @@ -441,6 +441,17 @@ const onHeadersReceived = function(details) {
const isRootDoc = requestType === 'main_frame';
const isDoc = isRootDoc || requestType === 'sub_frame';

// https://github.com/uBlockOrigin/uBlock-issues/issues/911
// We detect here whether network requests are proxied, and if so,
// de-aliasing of hostnames will be disabled to avoid possible
// DNS leaks.
if ( isRootDoc && µb.proxyDNS === undefined ) {
µb.proxyDNS = details.proxyInfo instanceof Object;
if ( µb.proxyDNS ) {
vAPI.Net.setOptions({ cnameUncloak: false });
}
}

let pageStore = µb.pageStoreFromTabId(fctxt.tabId);
if ( pageStore === null ) {
if ( isRootDoc === false ) { return; }
Expand All @@ -454,11 +465,7 @@ const onHeadersReceived = function(details) {
const responseHeaders = details.responseHeaders;

if ( requestType === 'image' || requestType === 'media' ) {
return foilLargeMediaElement(
fctxt,
pageStore,
responseHeaders
);
return foilLargeMediaElement(fctxt, pageStore, responseHeaders);
}

if ( isDoc === false ) { return; }
Expand Down

0 comments on commit 3f7ece9

Please sign in to comment.