Skip to content

Commit 3f7ece9

Browse files
committed
Do not cname-uncloak when a proxy is in use
Related issue: - uBlockOrigin/uBlock-issues#911 Since cname-uncloaking is available only on Firefox at the moment, the fix is relevant only to Firefox. By default uBO will no longer cname-uncloak when it detects that network requests are being being proxied. This default behavior can be overriden by setting the new advanced setting `cnameUncloakProxied` to `true`. The new setting default to `false`, i.e. cname-uncloaking is disabled when uBO detects that a proxy is in use. This new advanced setting may disappear once the following Firefox issue is fixed: - https://bugzilla.mozilla.org/show_bug.cgi?id=1618271
1 parent f520423 commit 3f7ece9

File tree

4 files changed

+50
-13
lines changed

4 files changed

+50
-13
lines changed

platform/firefox/vapi-webrequest.js

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -72,14 +72,32 @@
7272
}
7373
setOptions(options) {
7474
super.setOptions(options);
75-
this.cnameUncloak = browser.dns instanceof Object &&
76-
options.cnameUncloak !== false;
77-
this.cnameIgnoreList = this.regexFromStrList(options.cnameIgnoreList);
78-
this.cnameIgnore1stParty = options.cnameIgnore1stParty !== false;
79-
this.cnameIgnoreExceptions = options.cnameIgnoreExceptions !== false;
80-
this.cnameIgnoreRootDocument = options.cnameIgnoreRootDocument !== false;
81-
this.cnameMaxTTL = options.cnameMaxTTL || 120;
82-
this.cnameReplayFullURL = options.cnameReplayFullURL === true;
75+
if ( 'cnameUncloak' in options ) {
76+
this.cnameUncloak = browser.dns instanceof Object &&
77+
options.cnameUncloak !== false;
78+
}
79+
if ( 'cnameIgnoreList' in options ) {
80+
this.cnameIgnoreList =
81+
this.regexFromStrList(options.cnameIgnoreList);
82+
}
83+
if ( 'cnameIgnore1stParty' in options ) {
84+
this.cnameIgnore1stParty =
85+
options.cnameIgnore1stParty !== false;
86+
}
87+
if ( 'cnameIgnoreExceptions' in options ) {
88+
this.cnameIgnoreExceptions =
89+
options.cnameIgnoreExceptions !== false;
90+
}
91+
if ( 'cnameIgnoreRootDocument' in options ) {
92+
this.cnameIgnoreRootDocument =
93+
options.cnameIgnoreRootDocument !== false;
94+
}
95+
if ( 'cnameMaxTTL' in options ) {
96+
this.cnameMaxTTL = options.cnameMaxTTL || 120;
97+
}
98+
if ( 'cnameReplayFullURL' in options ) {
99+
this.cnameReplayFullURL = options.cnameReplayFullURL === true;
100+
}
83101
this.cnames.clear(); this.cnames.set('', '');
84102
this.cnameFlushTime = Date.now() + this.cnameMaxTTL * 60000;
85103
}

src/js/background.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ const µBlock = (( ) => { // jshint ignore:line
5454
cnameMaxTTL: 120,
5555
cnameReplayFullURL: false,
5656
cnameUncloak: true,
57+
cnameUncloakProxied: false,
5758
consoleLogLevel: 'unset',
5859
debugScriptlets: false,
5960
debugScriptletInjector: false,
@@ -105,6 +106,7 @@ const µBlock = (( ) => { // jshint ignore:line
105106
cloudStorageSupported: vAPI.cloud instanceof Object,
106107
canFilterResponseData: typeof browser.webRequest.filterResponseData === 'function',
107108
canInjectScriptletsNow: vAPI.webextFlavor.soup.has('chromium'),
109+
proxyDNS: undefined,
108110

109111
// https://github.com/chrisaljoudi/uBlock/issues/180
110112
// Whitelist directives need to be loaded once the PSL is available

src/js/storage.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,16 @@ self.addEventListener('hiddenSettingsChanged', ( ) => {
143143
cnameReplayFullURL: µBlock.hiddenSettings.cnameReplayFullURL,
144144
cnameUncloak: µBlock.hiddenSettings.cnameUncloak,
145145
});
146+
// https://github.com/uBlockOrigin/uBlock-issues/issues/911
147+
// See uBO's onHeadersReceived() listener.
148+
if (
149+
µBlock.hiddenSettings.cnameUncloak === false ||
150+
µBlock.hiddenSettings.cnameUncloakProxied === true
151+
) {
152+
µBlock.proxyDNS = false;
153+
} else {
154+
µBlock.proxyDNS = undefined;
155+
}
146156
});
147157

148158
/******************************************************************************/

src/js/traffic.js

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -441,6 +441,17 @@ const onHeadersReceived = function(details) {
441441
const isRootDoc = requestType === 'main_frame';
442442
const isDoc = isRootDoc || requestType === 'sub_frame';
443443

444+
// https://github.com/uBlockOrigin/uBlock-issues/issues/911
445+
// We detect here whether network requests are proxied, and if so,
446+
// de-aliasing of hostnames will be disabled to avoid possible
447+
// DNS leaks.
448+
if ( isRootDoc && µb.proxyDNS === undefined ) {
449+
µb.proxyDNS = details.proxyInfo instanceof Object;
450+
if ( µb.proxyDNS ) {
451+
vAPI.Net.setOptions({ cnameUncloak: false });
452+
}
453+
}
454+
444455
let pageStore = µb.pageStoreFromTabId(fctxt.tabId);
445456
if ( pageStore === null ) {
446457
if ( isRootDoc === false ) { return; }
@@ -454,11 +465,7 @@ const onHeadersReceived = function(details) {
454465
const responseHeaders = details.responseHeaders;
455466

456467
if ( requestType === 'image' || requestType === 'media' ) {
457-
return foilLargeMediaElement(
458-
fctxt,
459-
pageStore,
460-
responseHeaders
461-
);
468+
return foilLargeMediaElement(fctxt, pageStore, responseHeaders);
462469
}
463470

464471
if ( isDoc === false ) { return; }

0 commit comments

Comments
 (0)