Fix of privacy leaks caused by non-page requests

2019-08-01 13:30:35 -04:00 · 2019-08-01 13:30:35 -04:00 · 1ae63bc489
commit 1ae63bc489
parent 15d8f31b26
2 changed files with 19 additions and 1 deletions
--- a/src/js/background/assignManager.js
+++ b/src/js/background/assignManager.js
@ -118,8 +118,10 @@ const assignManager = {
  },

  async handleProxifiedRequest(requestInfo) {
+
+    // The following blocks potentially dangerous requests for privacy that come without a tabId
    if(requestInfo.tabId === -1)
-      return Utils.DEFAULT_PROXY;
+      return Utils.getBogusProxy();

    const tab = await browser.tabs.get(requestInfo.tabId);
    const proxy = await proxifiedContainers.retrieveFromBackground(tab.cookieStoreId);
--- a/src/js/utils.js
+++ b/src/js/utils.js
@ -18,6 +18,22 @@ window.Utils = {
    imageElement.addEventListener("error", errorListener);
    imageElement.addEventListener("load", loadListener);
    return imageElement;
+  },
+
+  // See comment in PR #313 - so far the (hacky) method being used to block proxies is to produce a sufficiently long random address
+  getBogusProxy() {
+    const bogusFailover = 1;
+    if(typeof window.Utils.pregeneratedString !== 'undefined')
+    {
+      return {type:"socks4", host:"w.${window.Utils.pregeneratedString}.coo", port:9999, username:"foo", failoverTimeout:bogusFailover};
+    }
+    else
+    {
+      const bogusLength = 8;
+      let array = new Uint8Array(bogusLength);
+      window.crypto.getRandomValues(array);
+      window.Utils.pregeneratedString = array.toString('hex');
+    }
  }

 };