Add a force_https setting (using the same domain syntax as the

whitelist settings) to make all requests to that domain use the HTTPS scheme, similar to HSTS. Install a new file, hsts-preload, into the resource dir. This is a regular config file with a bunch of force_https = ... lines, which is used to implement a preloaded HSTS list. Right now all the domains in this file, except for conformal.com and cyphertite.com, are taken directly from chromium's preloaded HSTS list (and should be synced with this file every so often). Also implement a new setting, preload_strict_transport (enabled by default), to enable or disable the loading of this preloaded HSTS list. Document force_https and preload_strict_transport in the manpage.
author: Josh Rickmar <jrick@devio.us> 2012-07-31 09:55:26 -0400
committer: Josh Rickmar <jrick@devio.us> 2012-07-31 09:55:26 -0400
commit: 0c240f728d489408cda135786cf29244c1cd4d83 (patch)
tree: e063f765a1c73d301ec3ad5e8a5904165337a63e /settings.c
parent: 02e03fcb67ee3ee37ff7bd5f287a7c53ca55f97e (diff)
download: xombrero-0c240f728d489408cda135786cf29244c1cd4d83.tar.gz
1 files changed, 35 insertions, 0 deletions
diff --git a/settings.c b/settings.c
index 053d145..0850b4e 100644
--- a/settings.c
+++ b/settings.c
@@ -112,6 +112,7 @@ int		warn_cert_changes = 0;
 int		allow_insecure_content = XT_DS_ALLOW_INSECURE_CONTENT;
 int		allow_insecure_scripts = XT_DS_ALLOW_INSECURE_SCRIPTS;
 int		do_not_track = XT_DS_DO_NOT_TRACK;
+int		preload_strict_transport = XT_DS_PRELOAD_STRICT_TRANSPORT;
 
 char		*cmd_font_name = NULL;	/* these are all set at startup */
 char		*oops_font_name = NULL;
@@ -140,6 +141,7 @@ int		add_ua(struct settings *, char *);
 int		add_http_accept(struct settings *, char *);
 int		add_cmd_alias(struct settings *, char *);
 int		add_custom_uri(struct settings *, char *);
+int		add_force_https(struct settings *, char *);
 
 int		set_append_next(char *);
 int		set_autofocus_onload(char *);
@@ -226,6 +228,8 @@ void		walk_cmd_alias(struct settings *, void (*)(struct settings *,
 		    char *, void *), void *);
 void		walk_custom_uri(struct settings *, void (*)(struct settings *,
 		    char *, void *), void *);
+void		walk_force_https(struct settings *, void (*)(struct settings *,
+		    char *, void *), void *);
 
 int
 set_http_proxy(char *proxy)
@@ -395,6 +399,12 @@ struct special		s_userstyle = {
 	NULL
 };
 
+struct special		s_force_https = {
+	add_force_https,
+	NULL,
+	walk_force_https
+};
+
 struct settings		rs[] = {
 	{ "allow_insecure_content",	XT_S_INT, 0,		&allow_insecure_content, NULL, NULL, NULL, set_allow_insecure_content },
 	{ "allow_insecure_scripts",	XT_S_INT, 0,		&allow_insecure_scripts, NULL, NULL, NULL, set_allow_insecure_scripts },
@@ -442,6 +452,7 @@ struct settings		rs[] = {
 	{ "max_connections",		XT_S_INT, XT_SF_RESTART,&max_connections, NULL, NULL, NULL, NULL },
 	{ "max_host_connections",	XT_S_INT, XT_SF_RESTART,&max_host_connections, NULL, NULL, NULL, NULL },
 	{ "oops_font",			XT_S_STR, 0, NULL, &oops_font_name, NULL, NULL, set_oops_font },
+	{ "preload_strict_transport",	XT_S_INT, 0,		&preload_strict_transport, NULL, NULL, NULL, NULL },
 	{ "read_only_cookies",		XT_S_INT, 0,		&read_only_cookies, NULL, NULL, NULL, set_read_only_cookies },
 	{ "referer",			XT_S_STR, 0, NULL, NULL,&s_referer, NULL, set_referer_rt },
 	{ "refresh_interval",		XT_S_INT, 0,		&refresh_interval, NULL, NULL, NULL, set_refresh_interval },
@@ -478,6 +489,7 @@ struct settings		rs[] = {
 	{ "cmd_alias",			XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_cmd_alias, NULL, NULL },
 	{ "cookie_wl",			XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_cookie_wl, NULL, NULL },
 	{ "custom_uri",			XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_uri, NULL, NULL },
+	{ "force_https",		XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_force_https, NULL, NULL },
 	{ "http_accept",		XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_http_accept, NULL, NULL },
 	{ "js_wl",			XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_js, NULL, NULL },
 	{ "keybinding",			XT_S_STR, XT_SF_RUNTIME, NULL, NULL, &s_kb, NULL, NULL },
@@ -1476,6 +1488,14 @@ walk_ua(struct settings *s,
 }
 
 int
+add_force_https(struct settings *s, char *value)
+{
+	wl_add(value, &force_https,
+	    XT_WL_FLAG_HANDY | XT_WL_FLAG_EXCLUDE_SUBDOMAINS);
+	return (0);
+}
+
+int
 add_http_accept(struct settings *s, char *value)
 {
 	struct http_accept		*ha;
@@ -2582,6 +2602,21 @@ walk_pl_wl(struct settings *s,
 		cb(s, d->d, cb_args);
 }
 
+void
+walk_force_https(struct settings *s,
+    void (*cb)(struct settings *, char *, void *), void *cb_args)
+{
+	struct domain		*d;
+
+	if (s == NULL || cb == NULL) {
+		show_oops(NULL, "walk_force_https invalid parameters");
+		return;
+	}
+
+	RB_FOREACH_REVERSE(d, domain_list, &force_https)
+		cb(s, d->d, cb_args);
+}
+
 int
 settings_add(char *var, char *val)
 {
author	Josh Rickmar <jrick@devio.us>	2012-07-31 09:55:26 -0400
committer	Josh Rickmar <jrick@devio.us>	2012-07-31 09:55:26 -0400
commit	0c240f728d489408cda135786cf29244c1cd4d83 (patch)
tree	e063f765a1c73d301ec3ad5e8a5904165337a63e /settings.c
parent	02e03fcb67ee3ee37ff7bd5f287a7c53ca55f97e (diff)
download	xombrero-0c240f728d489408cda135786cf29244c1cd4d83.tar.gz