[epiphany/gnome-3-28] Remove the HTTPS Everywhere support
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/gnome-3-28] Remove the HTTPS Everywhere support
- Date: Thu, 29 Mar 2018 20:46:59 +0000 (UTC)
commit 3ef21f143e2d799c6cfbbd660a7a8ae306632670
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Thu Mar 29 15:38:02 2018 -0500
Remove the HTTPS Everywhere support
It's experimental and not supposed to be enabled, but got turned on in
Arch, so best move it to a sidebranch for now. I'm not sure if we'll
ever bring it back, though. HTTPS Everywhere was a great idea a few
years ago, when it was common for websites to offer experimental support
for HTTPS but not redirect users to it automatically. Nowadays, such
websites almost always problems, such as blocked mixed content or invalid
HTTPS certificates, or have disabled HTTPS since the ruleset was
written. That means, to do this right, we have to ignore TLS errors --
including in subresources -- and disable mixed content blocking. This
scheme to preserve web compatibility needs to be implemented before we
consider bringing it back.
Meanwhile, more and more websites are redirecting to HTTPS and are
nowadays configured to handle this correctly, so the necessity of HTTPS
Everywhere is lower now than ever before, and decreasing fast. Moreover,
if a website implements its own proper support for HTTPS and starts
automatically redirecting users to it, but the ruleset is not updated,
then under the scheme I propose above, the ruleset would become a way of
*reducing* security for websites once they've begun to support HTTPS. So
I'm skeptical that we should bring this back at all. Times, they are
a-changing.
https://bugzilla.gnome.org/show_bug.cgi?id=794803
embed/ephy-embed-shell.c | 46 ----------------
embed/meson.build | 4 --
embed/web-extension/ephy-uri-tester.c | 87 +----------------------------
embed/web-extension/ephy-uri-tester.h | 11 +----
embed/web-extension/ephy-web-extension.c | 52 +-----------------
embed/web-extension/meson.build | 4 --
meson.build | 7 ---
meson_options.txt | 6 --
8 files changed, 6 insertions(+), 211 deletions(-)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index b4837f8..ea929e3 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -47,10 +47,6 @@
#include <gtk/gtk.h>
#include <stdlib.h>
-#if ENABLE_HTTPS_EVERYWHERE
-#include <httpseverywhere.h>
-#endif
-
#define PAGE_SETUP_FILENAME "page-setup-gtk.ini"
#define PRINT_SETTINGS_FILENAME "print-settings.ini"
#define OVERVIEW_RELOAD_DELAY 500
@@ -913,26 +909,6 @@ ephy_embed_shell_create_web_context (EphyEmbedShell *shell)
g_object_unref (manager);
}
-#if ENABLE_HTTPS_EVERYWHERE
-static void
-https_everywhere_update_cb (HTTPSEverywhereUpdater *updater,
- GAsyncResult *result)
-{
- GError *error = NULL;
-
- https_everywhere_updater_update_finish (updater, result, &error);
-
- if (!error)
- return;
-
- if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED) &&
- !g_error_matches (error, HTTPS_EVERYWHERE_UPDATE_ERROR, HTTPS_EVERYWHERE_UPDATE_ERROR_IN_PROGRESS) &&
- !g_error_matches (error, HTTPS_EVERYWHERE_UPDATE_ERROR,
HTTPS_EVERYWHERE_UPDATE_ERROR_NO_UPDATE_AVAILABLE))
- g_warning ("Failed to update HTTPS Everywhere rulesets: %s", error->message);
- g_error_free (error);
-}
-#endif
-
static char *
adblock_filters_dir (EphyEmbedShell *shell)
{
@@ -960,10 +936,6 @@ ephy_embed_shell_startup (GApplication *application)
char *filename;
char *cookie_policy;
char *filters_dir;
-#if ENABLE_HTTPS_EVERYWHERE
- HTTPSEverywhereContext *context;
- HTTPSEverywhereUpdater *updater;
-#endif
G_APPLICATION_CLASS (ephy_embed_shell_parent_class)->startup (application);
@@ -1071,24 +1043,6 @@ ephy_embed_shell_startup (GApplication *application)
filters_dir = adblock_filters_dir (shell);
priv->filters_manager = ephy_filters_manager_new (filters_dir);
g_free (filters_dir);
-
-#if ENABLE_HTTPS_EVERYWHERE
- /* We might want to be smarter about this in the future. For now,
- * trigger an update of the rulesets once each time Epiphany is started.
- * Note that the updated rules will not be used until the next time Epiphany
- * is started. */
- if (priv->mode != EPHY_EMBED_SHELL_MODE_TEST &&
- priv->mode != EPHY_EMBED_SHELL_MODE_SEARCH_PROVIDER) {
- context = https_everywhere_context_new ();
- updater = https_everywhere_updater_new (context);
- https_everywhere_updater_update (updater,
- priv->cancellable,
- (GAsyncReadyCallback)https_everywhere_update_cb,
- NULL);
- g_object_unref (context);
- g_object_unref (updater);
- }
-#endif
}
static void
diff --git a/embed/meson.build b/embed/meson.build
index 1f924f2..f53319a 100644
--- a/embed/meson.build
+++ b/embed/meson.build
@@ -43,10 +43,6 @@ libephyembed_deps = [
webkit2gtk_dep
]
-if get_option('https_everywhere')
- libephyembed_deps += httpseverywhere_dep
-endif
-
libephyembed_includes = include_directories(
'.',
'..',
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index a22e9ac..70f7cfd 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -37,10 +37,6 @@
#include <libsoup/soup.h>
#include <string.h>
-#if ENABLE_HTTPS_EVERYWHERE
-#include <httpseverywhere.h>
-#endif
-
#define SIGNATURE_SIZE 8
struct _EphyUriTester {
@@ -69,11 +65,6 @@ struct _EphyUriTester {
GMainLoop *load_loop;
int adblock_filters_to_load;
gboolean adblock_loaded;
-#if ENABLE_HTTPS_EVERYWHERE
- gboolean https_everywhere_loaded;
-
- HTTPSEverywhereContext *https_everywhere_context;
-#endif
};
enum {
@@ -538,25 +529,10 @@ ephy_uri_tester_adblock_loaded (EphyUriTester *tester)
{
if (g_atomic_int_dec_and_test (&tester->adblock_filters_to_load)) {
tester->adblock_loaded = TRUE;
-#if ENABLE_HTTPS_EVERYWHERE
- if (tester->https_everywhere_loaded)
- g_main_loop_quit (tester->load_loop);
-#else
g_main_loop_quit (tester->load_loop);
-#endif
}
}
-#if ENABLE_HTTPS_EVERYWHERE
-static void
-ephy_uri_tester_https_everywhere_loaded (EphyUriTester *tester)
-{
- tester->https_everywhere_loaded = TRUE;
- if (tester->adblock_loaded)
- g_main_loop_quit (tester->load_loop);
-}
-#endif
-
static void
file_parse_cb (GDataInputStream *stream, GAsyncResult *result, EphyUriTester *tester)
{
@@ -623,44 +599,18 @@ ephy_uri_tester_block_uri (EphyUriTester *tester,
char *
ephy_uri_tester_rewrite_uri (EphyUriTester *tester,
const char *request_uri,
- const char *page_uri,
- EphyUriTestFlags flags)
+ const char *page_uri)
{
/* Should we block the URL outright? */
- if ((flags & EPHY_URI_TEST_ADBLOCK) &&
- ephy_uri_tester_block_uri (tester, request_uri, page_uri)) {
+ if (ephy_uri_tester_block_uri (tester, request_uri, page_uri)) {
g_debug ("Request '%s' blocked (page: '%s')", request_uri, page_uri);
return NULL;
}
-#if ENABLE_HTTPS_EVERYWHERE
- if ((flags & EPHY_URI_TEST_HTTPS_EVERYWHERE) && tester->https_everywhere_context != NULL)
- return https_everywhere_context_rewrite (tester->https_everywhere_context, request_uri);
-#endif
-
return g_strdup (request_uri);
}
-#if ENABLE_HTTPS_EVERYWHERE
-static void
-https_everywhere_context_init_cb (HTTPSEverywhereContext *context,
- GAsyncResult *res,
- EphyUriTester *tester)
-{
- GError *error = NULL;
-
- https_everywhere_context_init_finish (context, res, &error);
-
- if (error) {
- g_warning ("Failed to initialize HTTPS Everywhere context: %s", error->message);
- g_error_free (error);
- }
-
- ephy_uri_tester_https_everywhere_loaded (tester);
-}
-#endif
-
static void
adblock_file_monitor_changed (GFileMonitor *monitor,
GFile *file,
@@ -723,16 +673,6 @@ ephy_uri_tester_load_sync (GTask *task,
g_main_context_push_thread_default (context);
tester->load_loop = g_main_loop_new (context, FALSE);
-#if ENABLE_HTTPS_EVERYWHERE
- if (!tester->https_everywhere_loaded) {
- g_assert (tester->https_everywhere_context == NULL);
- tester->https_everywhere_context = https_everywhere_context_new ();
- https_everywhere_context_init (tester->https_everywhere_context, NULL,
- (GAsyncReadyCallback)https_everywhere_context_init_cb,
- tester);
- }
-#endif
-
if (!tester->adblock_loaded)
ephy_uri_tester_begin_loading_adblock_filters (tester, &monitors);
@@ -817,22 +757,6 @@ ephy_uri_tester_set_property (GObject *object,
}
static void
-ephy_uri_tester_dispose (GObject *object)
-{
-#if ENABLE_HTTPS_EVERYWHERE
- EphyUriTester *tester = EPHY_URI_TESTER (object);
-#endif
-
- LOG ("EphyUriTester disposing %p", object);
-
-#if ENABLE_HTTPS_EVERYWHERE
- g_clear_object (&tester->https_everywhere_context);
-#endif
-
- G_OBJECT_CLASS (ephy_uri_tester_parent_class)->dispose (object);
-}
-
-static void
ephy_uri_tester_finalize (GObject *object)
{
EphyUriTester *tester = EPHY_URI_TESTER (object);
@@ -868,7 +792,6 @@ ephy_uri_tester_class_init (EphyUriTesterClass *klass)
GObjectClass *object_class = G_OBJECT_CLASS (klass);
object_class->set_property = ephy_uri_tester_set_property;
- object_class->dispose = ephy_uri_tester_dispose;
object_class->finalize = ephy_uri_tester_finalize;
obj_properties[PROP_ADBLOCK_DATA_DIR] =
@@ -931,11 +854,7 @@ ephy_uri_tester_load (EphyUriTester *tester)
if (!g_settings_get_boolean (EPHY_SETTINGS_WEB, EPHY_PREFS_WEB_ENABLE_ADBLOCK))
tester->adblock_loaded = TRUE;
- if (tester->adblock_loaded
-#if ENABLE_HTTPS_EVERYWHERE
- && tester->https_everywhere_loaded
-#endif
- )
+ if (tester->adblock_loaded)
return;
g_signal_handlers_disconnect_by_func (EPHY_SETTINGS_WEB, ephy_uri_tester_adblock_filters_changed_cb,
tester);
diff --git a/embed/web-extension/ephy-uri-tester.h b/embed/web-extension/ephy-uri-tester.h
index cd6cc6b..5b22faa 100644
--- a/embed/web-extension/ephy-uri-tester.h
+++ b/embed/web-extension/ephy-uri-tester.h
@@ -28,20 +28,11 @@ G_BEGIN_DECLS
G_DECLARE_FINAL_TYPE (EphyUriTester, ephy_uri_tester, EPHY, URI_TESTER, GObject)
-typedef enum
-{
- EPHY_URI_TEST_ADBLOCK = 1 << 1,
- EPHY_URI_TEST_HTTPS_EVERYWHERE = 1 << 2,
- EPHY_URI_TEST_ALL = EPHY_URI_TEST_ADBLOCK | EPHY_URI_TEST_HTTPS_EVERYWHERE
-} EphyUriTestFlags;
-
-
EphyUriTester *ephy_uri_tester_new (const char *adblock_data_dir);
void ephy_uri_tester_load (EphyUriTester *tester);
char *ephy_uri_tester_rewrite_uri (EphyUriTester *tester,
const char *request_uri,
- const char *page_uri,
- EphyUriTestFlags flags);
+ const char *page_uri);
G_END_DECLS
diff --git a/embed/web-extension/ephy-web-extension.c b/embed/web-extension/ephy-web-extension.c
index 95f1715..018c989 100644
--- a/embed/web-extension/ephy-web-extension.c
+++ b/embed/web-extension/ephy-web-extension.c
@@ -109,47 +109,6 @@ static const char introspection_xml[] =
G_DEFINE_TYPE (EphyWebExtension, ephy_web_extension, G_TYPE_OBJECT)
static gboolean
-should_use_https_everywhere (const char *request_uri,
- const char *redirected_uri)
-{
-#if ENABLE_HTTPS_EVERYWHERE
- SoupURI *request_soup_uri;
- SoupURI *redirected_soup_uri;
- gboolean result = TRUE;
-
- request_soup_uri = soup_uri_new (request_uri);
- if (request_soup_uri->scheme != SOUP_URI_SCHEME_HTTP) {
- soup_uri_free (request_soup_uri);
- return FALSE;
- }
-
- if (!redirected_uri) {
- soup_uri_free (request_soup_uri);
- return TRUE;
- }
-
- redirected_soup_uri = soup_uri_new (redirected_uri);
-
- if (request_soup_uri->scheme == SOUP_URI_SCHEME_HTTP &&
- redirected_soup_uri->scheme == SOUP_URI_SCHEME_HTTPS) {
- /* If the server redirected us from an https:// URI to an http:// URI, we'd
- * better not try to use HTTPS Everywhere as it'll just be a redirect loop.
- * So now we compare ignoring scheme and port.... */
- redirected_soup_uri->scheme = SOUP_URI_SCHEME_HTTP;
- redirected_soup_uri->port = request_soup_uri->port;
- result = !soup_uri_equal (request_soup_uri, redirected_soup_uri);
- }
-
- soup_uri_free (request_soup_uri);
- soup_uri_free (redirected_soup_uri);
-
- return result;
-#else
- return FALSE;
-#endif
-}
-
-static gboolean
should_use_adblocker (const char *request_uri,
const char *page_uri,
const char *redirected_request_uri)
@@ -196,15 +155,11 @@ web_page_send_request (WebKitWebPage *web_page,
const char *redirected_response_uri;
const char *page_uri;
char *modified_uri = NULL;
- EphyUriTestFlags flags = EPHY_URI_TEST_ALL;
request_uri = webkit_uri_request_get_uri (request);
page_uri = webkit_web_page_get_uri (web_page);
redirected_response_uri = redirected_response ? webkit_uri_response_get_uri (redirected_response) : NULL;
- if (!should_use_adblocker (request_uri, page_uri, redirected_response_uri))
- flags &= ~EPHY_URI_TEST_ADBLOCK;
-
if (g_settings_get_boolean (EPHY_SETTINGS_WEB, EPHY_PREFS_WEB_DO_NOT_TRACK)) {
SoupMessageHeaders *headers = webkit_uri_request_get_http_headers (request);
if (headers) {
@@ -215,16 +170,13 @@ web_page_send_request (WebKitWebPage *web_page,
modified_uri = ephy_remove_tracking_from_uri (request_uri);
}
- if (!should_use_https_everywhere (request_uri, redirected_response_uri))
- flags &= ~EPHY_URI_TEST_HTTPS_EVERYWHERE;
-
- if ((flags & EPHY_URI_TEST_ADBLOCK) || (flags & EPHY_URI_TEST_HTTPS_EVERYWHERE)) {
+ if (should_use_adblocker (request_uri, page_uri, redirected_response_uri)) {
char *result;
ephy_uri_tester_load (extension->uri_tester);
result = ephy_uri_tester_rewrite_uri (extension->uri_tester,
modified_uri ? modified_uri : request_uri,
- page_uri, flags);
+ page_uri);
g_free (modified_uri);
if (!result) {
diff --git a/embed/web-extension/meson.build b/embed/web-extension/meson.build
index 4928421..242c3bb 100644
--- a/embed/web-extension/meson.build
+++ b/embed/web-extension/meson.build
@@ -14,10 +14,6 @@ web_extension_deps = [
webkit2gtk_web_extension_dep
]
-if get_option('https_everywhere')
- web_extension_deps += httpseverywhere_dep
-endif
-
shared_module('ephywebextension',
web_extension_sources,
dependencies: web_extension_deps,
diff --git a/meson.build b/meson.build
index 01d561e..3daebdb 100644
--- a/meson.build
+++ b/meson.build
@@ -32,9 +32,6 @@ conf.set_quoted('PKGDATADIR', pkgdatadir)
conf.set_quoted('PKGLIBEXECDIR', pkglibexecdir)
conf.set_quoted('SOURCE_ROOT', meson.source_root())
-# FIXME: Get rid of this option. This feature should be polished up and enabled unconditionally.
-conf.set10('ENABLE_HTTPS_EVERYWHERE', get_option('https_everywhere'))
-
conf.set10('DEVELOPER_MODE', get_option('developer_mode'))
tech_preview = get_option('tech_preview')
@@ -96,10 +93,6 @@ cc = meson.get_compiler('c')
gmp_dep = cc.find_library('gmp')
m_dep = cc.find_library('m', required: false)
-if get_option('https_everywhere')
- httpseverywhere_dep = dependency('httpseverywhere-0.8')
-endif
-
subdir('data')
subdir('help')
subdir('po')
diff --git a/meson_options.txt b/meson_options.txt
index 4afbd84..f81ea88 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -10,12 +10,6 @@ option('distributor_name',
description: 'Distributor name displayed on process crash page'
)
-option('https_everywhere',
- type: 'boolean',
- value: false,
- description: 'Enable experimental HTTPS Everywhere support'
-)
-
option('tech_preview',
type: 'boolean',
value: false,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
