Update the JShelter extension to 0.15.2.

author: Mark H Weaver <mhw@netris.org> 2023-09-27 00:53:30 -0400
committer: Mark H Weaver <mhw@netris.org> 2023-09-27 14:34:35 -0400
commit: fa5c0b073214191e6996ba0b5bc8e61560ff822c (patch)
tree: 38e7133195616f4a4da6c8fe46ab2c77c5a6e9e2 /data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js
parent: d167f676a167b1392a4e29f14ddf25613468680b (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js b/data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js
index 56e5459..44ddfc8 100644
--- a/data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js
+++ b/data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js
@@ -31,7 +31,9 @@
  * and handle messages (on message event).
  *
  * NBS for Firefox uses the DNS web extension API to resolve domain names. As the domain names are
- * cached and needs to be resolved without NBS, the performance impact should be negligible.
+ * cached and needs to be resolved without NBS, the performance impact should be negligible. The DNS
+ * API is not used for proxied requests to prevent DNS leaks of resolutions that would be initiated
+ * by the DNS proxy. See https://pagure.io/JShelter/webextension/issue/41 for more details.
  */
 
 /**
@@ -65,6 +67,9 @@ async function beforeSendHeadersListener(requestDetail)
 	var sourceResolution = "";
 	var blockNotifications = false;
 
+	const {proxyInfo} = requestDetail; // see https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/proxy/ProxyInfo
+	const dnsAllowed = !(proxyInfo && (proxyInfo.type && proxyInfo.type.startsWith("http") || proxyInfo.proxyDNS));
+
 	//Host found among user's trusted hosts, allow it right away
 	if (isNbsWhitelisted(sourceDomain))
 	{
@@ -90,9 +95,9 @@ async function beforeSendHeadersListener(requestDetail)
 			isSourcePrivate = true;
 		}
 	}
-	else //SOURCE is hostname
-	{
-		//Resoluting DNS query for source domain
+	else if (dnsAllowed) //SOURCE is hostname
+ 	{
+		//Resolving DNS query for source domain
 		sourceResolution = browser.dns.resolve(fullSourceDomain).then((val) =>
 		{
 			//Assigning source IPs
@@ -143,9 +148,9 @@ async function beforeSendHeadersListener(requestDetail)
 			}
 		}
 	}
-	else //Target is hostname
+	else if (dnsAllowed) //Target is hostname
 	{
-		//Resoluting DNS query for destination domain
+		//Resolving DNS query for destination domain
 		destinationResolution = browser.dns.resolve(fullTargetDomain).then((val) =>
 		{
 			//Assigning source IPs
author	Mark H Weaver <mhw@netris.org>	2023-09-27 00:53:30 -0400
committer	Mark H Weaver <mhw@netris.org>	2023-09-27 14:34:35 -0400
commit	fa5c0b073214191e6996ba0b5bc8e61560ff822c (patch)
tree	38e7133195616f4a4da6c8fe46ab2c77c5a6e9e2 /data/extensions/jsr@javascriptrestrictor/http_shield_firefox.js
parent	d167f676a167b1392a4e29f14ddf25613468680b (diff)