Skip to content

Commit ccecdaf

Browse files
jshajsha
committed
Merge branch 'master' into android-gbrowser-fix2
Conflicts: makexpi.sh src/components/ssl-observatory.js
2 parents d476161 + 9c9b55b commit ccecdaf

File tree

147 files changed

+2355
-455
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

147 files changed

+2355
-455
lines changed

addon-sdk

Submodule addon-sdk updated 170 files

src/chrome/content/preferences.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,8 +149,17 @@ function compareRules(a, b, col) {
149149

150150
function https_prefs_init(doc) {
151151
var st = document.getElementById('sites_tree');
152+
// Note: It takes several seconds to load all the rulesets, during which time
153+
// Firefox is unresponsive. There are too many rulesets to reasonably browse
154+
// in this view anyhow. Should start with an empty window and only show
155+
// rulesets that match a search term the user types in.
152156
https_everywhere.https_rules.loadAllRulesets();
153157
rulesets = Array.slice(https_everywhere.https_rules.rulesets);
158+
// Sort the rulesets by name to avoid revealing which subset of rulesets has
159+
// been visited, per https://trac.torproject.org/projects/tor/ticket/11655.
160+
rulesets.sort(function(a, b) {
161+
return a.name < b.name ? -1 : 1;
162+
});
154163

155164
// GLOBAL VARIABLE!
156165
treeView = {

src/chrome/content/rules/38degrees.xml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,16 @@
1+
<!--
2+
Insecure cookies are set for these domains:
3+
4+
- you
5+
6+
-->
17
<ruleset name="38degrees">
28
<target host="you.38degrees.org.uk" />
39

10+
<!-- Not secured by server:
11+
-->
12+
<!--securecookie host="^you\.38degrees\.org\.uk$" name="^_agra_session$" /-->
13+
414
<securecookie host="^(.*\.)?38degrees\.org\.uk$" name=".+" />
515

616
<rule from="^http://([^/:@]+)?\.38degrees\.org\.uk/"

src/chrome/content/rules/500px.com.xml

Lines changed: 26 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,29 +4,43 @@
44
- 500px.org.xml
55
66
7-
Some pages redirect to http.
7+
Fully covered subdomains:
8+
9+
- (www.)
10+
- developers
11+
- iso
12+
- prime
13+
- support
14+
15+
16+
These altnames don't exist:
17+
18+
- www.support.500px.com
19+
20+
21+
Insecure cookies are set for these domains:
22+
23+
- 500px.com
24+
- .500px.com
25+
- developers.500px.com
826
927
-->
10-
<ruleset name="500px.com (partial)">
28+
<ruleset name="500px.com">
1129

1230
<target host="500px.com" />
1331
<target host="*.500px.com" />
14-
<!--
15-
Redirect to http:
16-
-->
17-
<!--exclusion pattern="^http://(www\.)?500px\.com/+($|\?|popular$)" /-->
18-
<!--
19-
Exceptions:
20-
-->
21-
<exclusion pattern="^http://(?:www\.)?500px\.com/+(?!assets/|favicon\.ico|(?:login|signup)(?:$|[?/])|v3/)" />
2232

2333

2434
<!-- Not secured by server:
2535
-->
26-
<securecookie host="^prime\.500px\.com$" name=".+" />
36+
<!--securecookie host="^(www\.)?500px\.com$" name="^(landing_page|onboarding|referrer_type|upload_cta)$" /-->
37+
<!--securecookie host="^\.500px\.com$" name="^_hpx1$" /-->
38+
<!--securecookie host="^developers\.500px\.com$" name="^(landing_page|onboarding|referrer_type|upload_cta)$" /-->
39+
40+
<securecookie host="^((?:developers|prime|www)\.)?500px\.com$" name=".+" />
2741

2842

29-
<rule from="^http://(prime\.|www\.)?500px\.com/"
43+
<rule from="^http://((?:developers|iso|prime|support|www)\.)?500px\.com/"
3044
to="https://$1500px.com/" />
3145

3246
</ruleset>

src/chrome/content/rules/500px.org.xml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,20 @@
1010
- ppcdn
1111
1212
13-
CN: gp1.wac.edgecastcdn.net
13+
Fully covered subdomains:
14+
15+
- assetcdn
16+
- pacdn
17+
- ppcdn
18+
- primecdn
1419
1520
-->
16-
<ruleset name="500px.org" default_off="mismatched">
21+
<ruleset name="500px.org">
1722

1823
<target host="*.500px.org" />
1924

2025

21-
<rule from="^http://p(a|p)cdn\.500px\.org/"
22-
to="https://p$1cdn.500px.org/" />
26+
<rule from="^http://(asset|pa|pp|prime)cdn\.500px\.org/"
27+
to="https://$1cdn.500px.org/" />
2328

2429
</ruleset>

src/chrome/content/rules/Appcache-mismatches.xml renamed to src/chrome/content/rules/5apps.com-mismatches.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<ruleset name="Appache (mismatches)" default_off="tender certificate">
1+
<ruleset name="5apps (mismatches)" default_off="tender certificate">
22

33
<target host="help.5apps.com"/>
44

src/chrome/content/rules/Appcache.xml renamed to src/chrome/content/rules/5apps.com.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
- libs
77
88
-->
9-
<ruleset name="Appache (partial)">
9+
<ruleset name="5apps (partial)">
1010

1111
<target host="5apps.com" />
1212
<target host="*.5apps.com" />

src/chrome/content/rules/AdBlock.xml

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
<!--
2+
Problematic domains:
3+
4+
- support.getadblock.com *
5+
6+
* Tender
7+
8+
29
For getadblock.com
310
Works:
411
@@ -12,15 +19,31 @@
1219
Doesn't work:
1320
1421
- www
22+
23+
24+
Insecure cookies are set for these domains:
25+
26+
- support.getadblock.com
27+
1528
-->
1629
<ruleset name="AdBlock">
1730
<target host="getadblock.com" />
1831
<target host="*.getadblock.com" />
1932
<target host="chromeadblock.com" />
2033
<target host="*.chromeadblock.com" />
2134

35+
36+
<!-- Not secured by server:
37+
-->
38+
<!--securecookie host="^support\.getadblock\.com$" name="^(_tender_session|anon_token)$" /-->
39+
40+
2241
<rule from="^http://(www\.)?getadblock\.com/"
2342
to="https://$1getadblock.com/" />
43+
44+
<rule from="^http://support\.getadblock\.com/(?=favicon\.ico|help/theme\.css|pkg/|stylesheets/)"
45+
to="https://help.tenderapp.com/" />
46+
2447
<rule from="^http://(?:www\.)?chromeadblock\.com/"
2548
to="https://chromeadblock.com/" />
26-
</ruleset>
49+
</ruleset>

src/chrome/content/rules/AdultWork.com.xml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<!--
2+
Nonfunctional subdomains:
3+
4+
- refer *
5+
6+
* Reset
7+
8+
-->
9+
<ruleset name="AdultWork.com (partial)">
10+
11+
<target host="adultwork.com" />
12+
<target host="www.adultwork.com" />
13+
14+
15+
<!-- Not secured by server:
16+
-->
17+
<!--securecookie host="^(www\.)?adultwork\.com$" name="^ReferralID$" /-->
18+
19+
<securecookie host="^(?:www\.)?adultwork\.com$" name=".+" />
20+
21+
22+
<rule from="^http://(www\.)?adultwork\.com/"
23+
to="https://$1adultwork.com/" />
24+
25+
</ruleset>

src/chrome/content/rules/Aftenposten.xml

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
1111
Problematic subdomains:
1212
13+
- (www.) ¹
1314
- atorget *
1415
- bedriftfiles (self-signed, mismatched, CN: hotelladmin.aftenposten.no)
1516
- bil *
@@ -19,20 +20,48 @@
1920
- reise *
2021
- rubrikkcache *
2122
23+
¹ Mixed css
2224
* Works; mismatched, CN: www.aftenposten.no
2325
2426
2527
Partially covered subdomains:
2628
29+
- (www.) (^ → www)
2730
- kundeservice (→ a)
2831
32+
33+
Insecure cookies are set for these domains:
34+
35+
- www.aftenposten.no
36+
37+
38+
Mixed content:
39+
40+
- Images, on:
41+
42+
- www from www.bt.no *
43+
44+
* Secured by us
45+
2946
-->
30-
<ruleset name="Aftenposten" platform="mixedcontent">
47+
<ruleset name="Aftenposten (partial)">
3148
<target host="*.aftenposten.no" />
3249
<target host="aftenposten.no" />
50+
<!--
51+
Redirects to http:
52+
-->
53+
<!--exclusion pattern="^http://www\.aftenposten\.no/$" /-->
54+
<!--
55+
Avoid broken MCB:
56+
-->
57+
<exclusion pattern="^http://www\.aftenposten\.no/+(?!.+\.(?:css|gif|jpg|png)(?:$|\?)|\?service=css|favicon\.ico|skins/)" />
3358
<target host="ap.mnocdn.no" />
3459

3560

61+
<!-- Not secured by server:
62+
-->
63+
<!--securecookie host="^www\.aftenposten\.no$" name="^(VPW_Quota_\d+|VPW_QuotaInfo_\d+)$" /-->
64+
3665
<!--securecookie host="^\.aftenposten\.no$" name="^environment$" /-->
3766
<securecookie host="^(?:a|kundeweb|onlinesos)\.aftenposten\.no$" name=".+" />
3867

0 commit comments

Comments
 (0)