Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Load non-webview URLs in non-persistent session
Browse files Browse the repository at this point in the history 
Otherwise, favicon and search autocomplete URLs are always written to the
userData cache, causing leakage of private browsing activity.

Fix #138

Auditors: @bbondy
  • Loading branch information
@diracdeltas
diracdeltas committed Jan 26, 2016
1 parent 55d5118 commit f021a9f
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 1 deletion.
1 change: 1 addition & 0 deletions app/filtering.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ module.exports.isThirdPartyHost = (baseContextHost, testHost) => {
module.exports.init = () => {
registerForSession(session.fromPartition(''))
registerForSession(session.fromPartition('private-1'))
registerForSession(session.fromPartition('main-1'))
}

module.exports.isResourceEnabled = (resourceName) => {
Expand Down
1 change: 1 addition & 0 deletions app/httpsEverywhere.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,5 +267,6 @@ module.exports.init = () => {
DataFile.init(module.exports.resourceName, startHttpsEverywhere, loadRulesets)
registerForSession(session.fromPartition(''))
registerForSession(session.fromPartition('private-1'))
registerForSession(session.fromPartition('main-1'))
}

3 changes: 2 additions & 1 deletion js/stores/appStore.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,8 @@ function windowDefaults () {
minModalWidth: 100,
windowOffset: 20,
webPreferences: {
sharedWorker: true
sharedWorker: true,
partition: 'main-1'

This comment has been minimized.

Sign in to view

Copy link
@bbondy

bbondy Jan 26, 2016

Member

This will make people have to re-setup their data who already use the browser right? Not a big deal right now today, but maybe it is when we add another 1k tonight/tomorrow?

This comment has been minimized.

Sign in to view

Copy link
@bbondy

bbondy Jan 26, 2016

Member

Never mind, I understand it's for the non webview urls 👍

This comment has been minimized.

Sign in to view

Copy link
@diracdeltas

diracdeltas Jan 26, 2016

Author Member

Not sure what you mean by re-setup data. I'm still logged in to all the sites that I was before I changed the partition.

This comment has been minimized.

Sign in to view

Copy link
@bbondy

bbondy Jan 26, 2016

Member

It was my misunderstanding at first, was confusing browser's partition (which changes) with webview partition (which has user session data, but doesn't change).

This comment has been minimized.

Sign in to view

Copy link
@diracdeltas

diracdeltas Jan 26, 2016

Author Member

ah cool
}
}
}
Expand Down
4 changes: 4 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@
{
"name": "Brian Johnson",
"email": "bjohnson@brave.com"
},
{
"name": "Yan Zhu",
"email": "yan@brave.com"
}
],
"license": "MPL-2.0",
Expand Down

0 comments on commit f021a9f

Please sign in to comment.