Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

Block FTP requests if "Block all unencrypted requests" is on #11738

Closed
wants to merge 12 commits into from
Closed

Block FTP requests if "Block all unencrypted requests" is on #11738

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7e21166
Block FTP requests if "Block all unencrypted requests" is on
Aug 7, 2017
08312d9
Update background.js
Aug 15, 2017
384c5db
Update manifest.json
Aug 15, 2017
45135e5
Update background.js
Aug 15, 2017
b50b9d1
Update background.js
Aug 15, 2017
ddc1e25
Update manifest.json
Aug 16, 2017
34a28d3
Update manifest.json
Aug 16, 2017
5bb12fe
Merge branch 'master' into block-ftp
Aug 16, 2017
9d6a49e
Merge branch 'master' into block-ftp
Aug 18, 2017
ac9f629
Update background.js
Aug 19, 2017
097cbb9
Merge branch 'master' of https://github.com/EFForg/https-everywhere i…
Aug 19, 2017
0db0d1a
Merge branch 'master' into block-ftp
Aug 23, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 6 additions & 9 deletions chromium/background.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,14 +227,11 @@ function onBeforeRequest(details) {
const uri = new URL(details.url);

// Should the request be canceled?
var shouldCancel = (
httpNowhereOn &&
uri.protocol === 'http:' &&
!/\.onion$/.test(uri.hostname) &&
!/^localhost$/.test(uri.hostname) &&
!/^127(\.[0-9]{1,3}){3}$/.test(uri.hostname) &&
!/^0\.0\.0\.0$/.test(uri.hostname)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove this?

Copy link
Author

@ghost ghost Aug 15, 2017
edited by ghost
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hainish 0.0.0.0 is not a valid IPv4 address. Not sure why we have it here.

Copy link
Author

@ghost ghost Aug 15, 2017
edited by ghost
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also changed the regexp for loopback IP addresses just now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a valid IP address. See https://en.wikipedia.org/wiki/0.0.0.0

In the Internet Protocol Version 4, the address 0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown or non-applicable target. To give a special meaning to an otherwise invalid piece of data is an application of in-band signaling.

In the context of servers, 0.0.0.0 means "all IPv4 addresses on the local machine". If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs.

For instance, setting up a simple local webserver with python is by default accessible over 0.0.0.0:

user@https-everywhere ~/blah $ python -m SimpleHTTPServer &
[1] 16779
user@https-everywhere ~/blah $ Serving HTTP on 0.0.0.0 port 8000 ...

user@https-everywhere ~/blah $ curl 0.0.0.0:8000
127.0.0.1 - - [15/Aug/2017 11:27:48] "GET / HTTP/1.1" 200 -
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href="default.rulesets.gz.base64">default.rulesets.gz.base64</a>
<li><a href="rulesets-signature.sha256.base64">rulesets-signature.sha256.base64</a>
<li><a href="rulesets-timestamp">rulesets-timestamp</a>
</ul>
<hr>
</body>
</html>
user@https-everywhere ~/blah $

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hainish Thanks for useful information!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hainish Done.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hainish Chrome returns ERR_ADDRESS_INVALID if you attempt to visit http://0.0.0.0/ though.

);
const shouldCancel = httpNowhereOn &&
uri.protocol !== 'https:' &&
uri.hostname.slice(-6) !== '.onion' &&
uri.hostname !== 'localhost' &&
!/^127(\.\d{1,3}){3}$/.test(uri.hostname);

// Normalise hosts such as "www.example.com."
var canonical_host = uri.hostname;
Expand Down Expand Up @@ -568,7 +565,7 @@ function onBeforeRedirect(details) {

// Registers the handler for requests
// See: https://github.com/EFForg/https-everywhere/issues/10039
wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*"]}, ["blocking"]);
wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*", "ftp://*/*"]}, ["blocking"]);


// Try to catch redirect loops on URLs we've redirected to HTTPS.
Expand Down
3 changes: 2 additions & 1 deletion chromium/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@
"tabs",
"cookies",
"storage",
"*://*/*"
"*://*/*",
"ftp://*/*"
],
"version": "2017.7.18"
}