| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If enabled (the default), javascripts will be allowed to automatically
open windows (popups) based on the current browser_mode setting. This
is the current behavior.
If disabled (set to 0), the automatic opening of windows will never be
allowed, even if the site is whitelisted.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows the user to avoid a race where, after verifying a cert via
:cert show, they must go back to the site and save the cert. During
this time, the cert may have been modified, so saving it from the
:cert show page will use the PEM-encoded cert currently shown and
saved in memory instead.
|
| |
|
|
| |
When set to 1, web caching will be enabled. Default is 0.
|
| |
|
|
| |
gtk 3.0.
|
| | |
|
| |
|
|
|
|
|
| |
Now that the cert sideband thread is gone, threading can be removed.
Making GTK calls across multiple threads is also deprecated in newer
GTK versions and is severly broken on Windows, so there's no point in
keeping this around.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the side channel for getting and verifying remote HTTPS
certificates. As the http_proxy settings only affected messages
downloaded as part of the webkit soup session, this side channel would
create its own TCP connections which sidesteped the proxy, leaving a
privacy leak.
For simplicity, the remote certificate chain is now saved in pem
format as part of the tab structure, and converted to a gnutls
certificate chain when needed for viewing and displaying certs.
Most of the initial code done by dhill@ and marco@
|
| |
|
|
|
|
| |
Based on initial patch from Tim Meunier <trondd@gmail.com>).
Add temporary files to .gitignore.
|
| | |
|
| |
|
|
| |
requested by many
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new RB tree to keep track of identities
(defined as being different combinations of modified HTTP headers, so
far only User-Agent and Accept). Whenever a site is visited, this
tree is checked to see if it has been accessed before, and if it has,
the previously used Accept and User-Agent headers will be used. If
the site has not been visited before during the browser's lifetime, a
new entry will be created in this tree to keep track of which headers
to use the next time. A site is defined as a FQDN, so requests made
to cross site resources or resources on a different subdomain will
generate a new saved identity.
The second change adds two new config files to the resource dir to
read in additional user_agent and http_accept values scraped from the
logs of www.bitrig.org. The idea of this is to keep rotating through
each of these on every new site visit to provide more anonymity and
thwart web tracking by looking at the headers being sent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the whitelist and https forcing code to internally use
unix extended regular expressions to match domains. The old config
syntax converted to an appropiate regular expression. Inputing of raw
regular expressions is possible by prepending the string "re:" in
front of a regular expression, for example:
js_wl = re:^(.*\.)*cyphertite\.com$
would be the same as
js_wl = .cyphertite.com
|
| | |
|
| |
|
|
| |
Patch from user Zplay on the forum
|
| |
|
|
|
|
|
|
|
| |
This change makes the can_go_* and go_* back/forward functions use the
same logic when determining whether we are on an about page, and makes
it so about:secviolation warning pages do not save the page that
generated the warning to t->item. This prevents hitting back and
going back to the exact same page that generated the warning
(triggering the warning a second time).
|
| |
|
|
|
|
| |
This stops the webview's deprecated load-finished and
load-progress-changed signals from being attached to. May help with
stability.
|
| | |
|
| |
|
|
|
|
| |
Now that wl_add works correctly (doesn't automatically insert leading
periods), remove the old struct sv_ignore and use struct domain and
wl_add/wl_find instead.
|
| |
|
|
|
|
| |
This may be used to modify the GnuTLS priority string used for the
soup session to enable or disable specific ciphers or TLS/SSL
versions. Default is empty (uses libsoup's defaults).
|
| |
|
|
| |
While here, kill a bunch of trailing whitespace.
|
| |
|
|
|
|
| |
This adds the full url to the about:secviolation warning page, as well
as implementing a new link to show the local cached cert instead of
only the new remote one.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o breakout deeply nested function and comment soup session
(soup session will be exploded in about:allthethings once the
associated warnings are fixed)
o munge and massage the show_g_object_settings function
o move from
'var = g_value_get_foo(&value); valstr = g_strdup_printf("%XX", foo);'
to
'valstr = g_strdup_printf("%XX", g_value_get_foo(&value));'
.. shrinks code, no change in behavior
o add G_TYPE_{{U,}CHAR,LONG}
o introduce xt_append_settings() to simplify allthethings() and about_webkit()
o rework output to look much more c like
o spend way too much effort aligning the /* number flags=0x.... */ comments
o compact output and be as c like as possible
o from Josh Rickmar
Don't recurse for toplevel windows and use proper glib foreach functions.
|
| |
|
|
|
|
| |
We thought these were the cause of the focus bugs, but it was
something else instead. Now that we have that fixed, these can go
back in.
|
| | |
|
| |
|
|
|
|
|
| |
Accidentally pushed a bunch of stuff to master that wasn't ready yet
when making the FreeBSD Makefile changes. Sorry marco for the merges
in the logs. This should revert everything back to how it was at
d397399c349d36f611a5aac6fa53528d2fe2eaea.
|
| | |
|
| |
|
|
|
| |
soup session will be exploded in about:allthethings once the warnings
associated with exploding it are fixed
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This fixes the behavior of the whitelist code so that whitelist
toggling toggles the FQDN (not the domain and all subdomains), unless
domain is explicitly used. This was the intended behavior but the old
code would automatically assume all subdomains anyways. This also
makes the new force_https stuff work correctly with FQDNs (no
subdomains) for the preloaded HSTS list.
|
| |
|
|
|
|
|
| |
It was likely something from one of these changes that introduced all
of our focus bugs. We can reintroduce these commits again, much
slower than as I first developed them, and see if the focus issues
still appear.
|
| |
|
|
|
|
| |
change runtime settings. Settings that have been modified show in a
highlighted color in the table. Tooltips describe the setting's
function, as well as the default values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist settings) to make all requests to that domain use the HTTPS
scheme, similar to HSTS.
Install a new file, hsts-preload, into the resource dir. This is a
regular config file with a bunch of force_https = ... lines, which is
used to implement a preloaded HSTS list. Right now all the domains in
this file, except for conformal.com and cyphertite.com, are taken
directly from chromium's preloaded HSTS list (and should be synced
with this file every so often). Also implement a new setting,
preload_strict_transport (enabled by default), to enable or disable
the loading of this preloaded HSTS list. Document force_https and
preload_strict_transport in the manpage.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
widgets (with the exception of the uri, we need this for the
progressbar). Because labels only take up as much room as they need,
the statusbar elements now dynamically fit together in a GtkBox
instead of giving GtkEntry a fixed size. Because the background color
of labels can not be colored directly, place a GtkEventBox underneath
the packing GtkBox (which is also transparent) and color that when
changing the colors for HTTPS sites.
|
| |
|
|
|
| |
With this change, external_editor should now be able to edit HTML
input elements on Windows.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
correctly in GTK3, maybe it was turned into a windowless widget) and
instead use a GtkEventBox behind the compact tab bar. Give this
GtkEventBox the same background color as the old separator, and put a
2 pixel spacing gap between each compact tab. This simplifies the
code required to paint these separators, and works for both GTK2 and
GTK3.
* * *
Call gtk_label_set_ellipsize() on the compact tab labels. This
prevents the main window from forcefully expanding when there's not
enough room for all of the compact tab labels.
|
| |
|
|
|
| |
(keep current behavior) for gui_mode = normal, and disable for
gui_mode = minimal. Requires GTK3.
|
| | |
|
| |
|
|
|
|
| |
and p work with CLIPBOARD in addition to PRIMARY. Yanking copies to
both, and pasting tries PRIMARY first, and if empty, reads from
CLIPBOARD. This should make y/p/P work on windows.
|
| |
|
|
|
|
| |
improve coloring when using other invasive GTK3 themes. The URI bar
should now be colored correctly, unless explicitly overridden in a
user theme.
|
| |
|
|
|
|
| |
GTK2 is still supported. To build against GTK2, use:
$ GTK_VERSION=gtk2 make
|