Closed
Bug 1377509
Opened 7 years ago
Closed 4 years ago
Enable Fennec to populate first party domain as socks username
Categories
(Firefox for Android Graveyard :: General, enhancement, P5)
Firefox for Android Graveyard
General
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: tjr, Unassigned)
References
Details
(Whiteboard: [tor-mobile])
Tor on Desktop populates the SOCKS username, which is used by Tor to provide a different circuit per tab. We should enable this same behavior in Fennec.
Reporter | ||
Comment 1•7 years ago
|
||
Amogh and/or Arthur, could you expand on what it is we need to do specifically for this?
Flags: needinfo?(arthuredelstein)
Flags: needinfo?(amoghbl1)
Comment 2•7 years ago
|
||
Tor Browser (desktop) creates a new Tor circuit for each first-party domain (URL bar domain). So two tabs (and all associated requests) with the same first-party domain use the same circuit, but two tabs with different first-party domains use different circuits.
This functionality is implemented in torbutton, here:
https://gitweb.torproject.org/torbutton.git/tree/src/components/domain-isolator.js
but of course it could be refactored as a patch in the gecko codebase.
Briefly, by default, the Tor process has the IsolateSOCKSAuth option enabled, which means "Don’t share circuits with streams for which different SOCKS authentication was provided." So domain-isolator.js assigns a new username/password combination for each new first-party domain. In our current implementation, the username is set to the first-party domain, and the password is set to a nonce, which allows us to force a new circuit for the same first-party domain as needed. A new nonce is created whenever the user chooses the option "New Tor Circuit for this Site".
The implementation works as follows: to assign SOCKS username/passwords, domain-isolator.js uses a "proxy filter" to intercept nascent http channels. The first party domain is obtained by:
`firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;`
and then a new proxyInfo object is created, same as the channel's original one but with SOCKS username and password added.
SOCKS username and passwords are displayed in "circuit status" responses in Tor's control port protocol. So that's a good way to confirm that circuits are being correctly assigned a first-party domain. (Tor's circuit display makes use of the control port this way: https://gitweb.torproject.org/torbutton.git/tree/src/chrome/content/tor-circuit-display.js)
Flags: needinfo?(arthuredelstein)
Reporter | ||
Updated•7 years ago
|
Priority: P2 → P3
Comment 3•6 years ago
|
||
Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195
Needinfo :susheel if you think this bug should be re-triaged.
Priority: P3 → P5
Reporter | ||
Updated•5 years ago
|
Flags: needinfo?(amoghbl1)
Comment 4•4 years ago
|
||
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•