diff options
| author | Mark Walker <mark.damon.walker@tutanota.com> | 2024-04-28 10:33:49 +0800 |
|---|---|---|
| committer | rodarima <rodarima@gmail.com> | 2024-04-29 19:39:21 +0200 |
| commit | 20a10f03d4b14d68a77db88feea95cfcdbef8d34 (patch) | |
| tree | 8cc0d32153dfedc7805b743245e01ebf0078c4dd | |
| parent | b18496029c93a601646245adeb19372d705e0aab (diff) | |
Add force https mode
Implement an option to force all http urls to be upgraded to HTTPS,
similar to HTTPS-Only Mode in Firefox.
A http_force_https preference variable is provided as well as a menu
bar item to toggle this mode.
See: https://support.mozilla.org/en-US/kb/https-only-prefs
| -rw-r--r-- | .github/workflows/build.yml | 2 | ||||
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | dillorc | 5 | ||||
| -rw-r--r-- | src/menu.cc | 21 | ||||
| -rw-r--r-- | src/prefs.c | 1 | ||||
| -rw-r--r-- | src/prefs.h | 1 | ||||
| -rw-r--r-- | src/prefsparser.cc | 1 | ||||
| -rw-r--r-- | src/url.c | 26 |
8 files changed, 48 insertions, 11 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 24e1f6b4..08ef9095 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,6 @@ name: CI -on: [push] +on: [push, pull_request] jobs: ubuntu-latest-html-tests: @@ -68,6 +68,8 @@ dillo-3.1 [not released yet] - Install desktop file with Dillo icon - Add version in user manual and about:splash. Patches: Rodrigo Arias Mallo <rodarima@gmail.com> ++- Add http_force_https mode. + Patches: Mark Walker ----------------------------------------------------------------------------- @@ -195,6 +195,11 @@ search_url="Google http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=%s" # HSTS directives are not saved between browser sessions. #http_strict_transport_security=YES +# If enabled, Dillo will force all HTTP connections to be upgraded to +# a more secure HTTPS connection. This will prevent sites from loading +# if they only support HTTP. +#http_force_https=NO + # Set the proxy information for http/https. # Note that the http_proxy environment variable overrides this setting. # WARNING: FTP and downloads plugins use wget. To use a proxy with them, diff --git a/src/menu.cc b/src/menu.cc index a1252989..865b843b 100644 --- a/src/menu.cc +++ b/src/menu.cc @@ -671,6 +671,19 @@ static void Menu_embedded_css_cb(Fl_Widget *wid, void*) a_UIcmd_repush(popup_bw); } + +/** + * Toggle use of force https mode + */ +static void Menu_force_https_cb(Fl_Widget *wid, void*) +{ + Fl_Menu_Item *item = (Fl_Menu_Item*) wid; + + item->flags ^= FL_MENU_VALUE; + prefs.http_force_https = item->flags & FL_MENU_VALUE ? 1 : 0; + a_UIcmd_repush(popup_bw); +} + static void Menu_panel_change_cb(Fl_Widget*, void *user_data) { UI *ui = (UI*)popup_bw->ui; @@ -728,6 +741,8 @@ void a_Menu_tools_popup(BrowserWindow *bw, int x, int y) FL_MENU_TOGGLE,0,0,0,0}, {"Load background images", 0, Menu_bgimg_load_toggle_cb, 0, FL_MENU_TOGGLE|FL_MENU_DIVIDER,0,0,0,0}, + {"Force HTTPS", 0, Menu_force_https_cb, 0, + FL_MENU_TOGGLE|FL_MENU_DIVIDER,0,0,0,0}, {"Panel size", 0, Menu_nop_cb, (void*)"Submenu1", FL_SUBMENU,0,0,0,0}, {"tiny", 0,Menu_panel_change_cb,(void*)0,FL_MENU_RADIO,0,0,0,0}, {"small", 0,Menu_panel_change_cb,(void*)1,FL_MENU_RADIO,0,0,0,0}, @@ -751,8 +766,10 @@ void a_Menu_tools_popup(BrowserWindow *bw, int x, int y) pm[2].set(); if (prefs.load_background_images) pm[3].set(); - pm[5+cur_panelsize].setonly(); - cur_smallicons ? pm[8].set() : pm[8].clear(); + if (prefs.http_force_https) + pm[4].set(); + pm[6+cur_panelsize].setonly(); + cur_smallicons ? pm[9].set() : pm[9].clear(); item = pm->popup(x, y); if (item) { diff --git a/src/prefs.c b/src/prefs.c index 72a7568e..8d25ef18 100644 --- a/src/prefs.c +++ b/src/prefs.c @@ -68,6 +68,7 @@ void a_Prefs_init(void) prefs.http_proxyuser = NULL; prefs.http_referer = dStrdup(PREFS_HTTP_REFERER); prefs.http_strict_transport_security = TRUE; + prefs.http_force_https = FALSE; prefs.http_user_agent = dStrdup(PREFS_HTTP_USER_AGENT); prefs.limit_text_width = FALSE; prefs.adjust_min_width = TRUE; diff --git a/src/prefs.h b/src/prefs.h index 0073d52a..b234176f 100644 --- a/src/prefs.h +++ b/src/prefs.h @@ -97,6 +97,7 @@ typedef struct { bool_t parse_embedded_css; bool_t http_persistent_conns; bool_t http_strict_transport_security; + bool_t http_force_https; int32_t buffered_drawing; char *font_serif; char *font_sans_serif; diff --git a/src/prefsparser.cc b/src/prefsparser.cc index dbb82cb8..40460e52 100644 --- a/src/prefsparser.cc +++ b/src/prefsparser.cc @@ -179,6 +179,7 @@ void PrefsParser::parse(FILE *fp) { "http_referer", &prefs.http_referer, PREFS_STRING, 0 }, { "http_strict_transport_security",&prefs.http_strict_transport_security, PREFS_BOOL, 0 }, + { "http_force_https", &prefs.http_force_https, PREFS_BOOL, 0 }, { "http_user_agent", &prefs.http_user_agent, PREFS_STRING, 0 }, { "limit_text_width", &prefs.limit_text_width, PREFS_BOOL, 0 }, { "adjust_min_width", &prefs.adjust_min_width, PREFS_BOOL, 0 }, @@ -423,16 +423,26 @@ DilloUrl* a_Url_new(const char *url_str, const char *base_url) dFree(str1); dFree(str2); - /* - * A site's HTTP Strict Transport Security policy may direct us to transform - * URLs like "http://en.wikipedia.org:80" to "https://en.wikipedia.org:443". - */ - if (prefs.http_strict_transport_security && - url->scheme && !dStrAsciiCasecmp(url->scheme, "http") && - a_Hsts_require_https(a_Url_hostname(url))) { + bool_t switch_to_https = FALSE; + + if (url->scheme && !dStrAsciiCasecmp(url->scheme, "http")) { + /* + * A site's HTTP Strict Transport Security policy may direct us to transform + * URLs like "http://en.wikipedia.org:80" to "https://en.wikipedia.org:443". + */ + if (prefs.http_strict_transport_security && + a_Hsts_require_https(a_Url_hostname(url))) { + _MSG("url: HSTS transformation for %s.\n", url->url_string->str); + switch_to_https = TRUE; + } else if (prefs.http_force_https) { + _MSG("url: Force HTTPS transformation for %s.\n", url->url_string->str); + switch_to_https = TRUE; + } + } + + if (switch_to_https) { const char *const scheme = "https"; - _MSG("url: HSTS transformation for %s.\n", url->url_string->str); url->scheme = scheme; if (url->port == URL_HTTP_PORT) url->port = URL_HTTPS_PORT; |