Keep ability to prevent local IP address leaks for mobile version

Related issue: - uBlockOrigin/uBlock-issues#1723 Related feedback: - uBlockOrigin/uBlock-issues#1723 (comment)
gorhill · Sep 15, 2021 · 4100761 · 4100761
1 parent 831cf47
commit 4100761
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 83 deletions.
diff --git a/platform/common/vapi-background.js b/platform/common/vapi-background.js
@@ -122,82 +122,8 @@ vAPI.browserSettings = (( ) => {
     if ( bp instanceof Object === false ) { return; }
 
     return {
-        // Whether the WebRTC-related privacy API is crashy is an open question
-        // only for Chromium proper (because it can be compiled without the
-        // WebRTC feature): hence avoid overhead of the evaluation (which uses
-        // an iframe) for platforms where it's a non-issue.
-        // /~https://github.com/uBlockOrigin/uBlock-issues/issues/9
-        //   Some Chromium builds are made to look like a Chrome build.
-        webRTCSupported: vAPI.webextFlavor.soup.has('chromium') === false || undefined,
-
-        // Calling with `true` means IP address leak is not prevented.
-        // /~https://github.com/gorhill/uBlock/issues/533
-        //   We must first check wether this Chromium-based browser was compiled
-        //   with WebRTC support. To do this, we use an iframe, this way the
-        //   empty RTCPeerConnection object we create to test for support will
-        //   be properly garbage collected. This prevents issues such as
-        //   a computer unable to enter into sleep mode, as reported in the
-        //   Chrome store:
-        // /~https://github.com/gorhill/uBlock/issues/533#issuecomment-167931681
-        setWebrtcIPAddress: function(setting) {
-            // We don't know yet whether this browser supports WebRTC: find out.
-            if ( this.webRTCSupported === undefined ) {
-                // If asked to leave WebRTC setting alone at this point in the
-                // code, this means we never grabbed the setting in the first
-                // place.
-                if ( setting ) { return; }
-                this.webRTCSupported = { setting: setting };
-                let iframe = document.createElement('iframe');
-                const messageHandler = ev => {
-                    if ( ev.origin !== self.location.origin ) { return; }
-                    window.removeEventListener('message', messageHandler);
-                    const setting = this.webRTCSupported.setting;
-                    this.webRTCSupported = ev.data === 'webRTCSupported';
-                    this.setWebrtcIPAddress(setting);
-                    iframe.parentNode.removeChild(iframe);
-                    iframe = null;
-                };
-                window.addEventListener('message', messageHandler);
-                iframe.src = 'is-webrtc-supported.html';
-                document.body.appendChild(iframe);
-                return;
-            }
-
-            // We are waiting for a response from our iframe. This makes the code
-            // safe to re-entrancy.
-            if ( typeof this.webRTCSupported === 'object' ) {
-                this.webRTCSupported.setting = setting;
-                return;
-            }
-
-            // /~https://github.com/gorhill/uBlock/issues/533
-            // WebRTC not supported: `webRTCMultipleRoutesEnabled` can NOT be
-            // safely accessed. Accessing the property will cause full browser
-            // crash.
-            if ( this.webRTCSupported !== true ) { return; }
-
-            const bpn = bp.network;
-
-            if ( setting ) {
-                bpn.webRTCIPHandlingPolicy.clear({
-                    scope: 'regular',
-                });
-            } else {
-                // /~https://github.com/uBlockOrigin/uAssets/issues/333#issuecomment-289426678
-                //   Leverage virtuous side-effect of strictest setting.
-                // /~https://github.com/gorhill/uBlock/issues/3009
-                //   Firefox currently works differently, use
-                //   `default_public_interface_only` for now.
-                // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy/network#Browser_compatibility
-                //   Firefox 70+ supports `disable_non_proxied_udp`
-                const value =
-                    vAPI.webextFlavor.soup.has('firefox') === false ||
-                    vAPI.webextFlavor.major < 70
-                        ? 'default_public_interface_only'
-                        : 'disable_non_proxied_udp';
-                bpn.webRTCIPHandlingPolicy.set({ value, scope: 'regular' });
-            }
-        },
+        // /~https://github.com/uBlockOrigin/uBlock-issues/issues/1723#issuecomment-919913361
+        canLeakLocalIPAddresses: vAPI.webextFlavor.soup.has('mobile'),
 
         set: function(details) {
             for ( const setting in details ) {
@@ -234,7 +160,17 @@ vAPI.browserSettings = (( ) => {
                     break;
 
                 case 'webrtcIPAddress':
-                    this.setWebrtcIPAddress(!!details[setting]);
+                    if ( this.canLeakLocalIPAddresses === false ) { return; }
+                    if ( !!details[setting] ) {
+                        bp.network.webRTCIPHandlingPolicy.clear({
+                            scope: 'regular',
+                        });
+                    } else {
+                        bp.network.webRTCIPHandlingPolicy.set({
+                            value: 'default_public_interface_only',
+                            scope: 'regular'
+                        });
+                    }
                     break;
 
                 default:

diff --git a/src/js/messaging.js b/src/js/messaging.js
@@ -225,11 +225,12 @@ const onMessage = function(request, sender, callback) {
 
     case 'userSettings':
         response = µb.changeUserSettings(request.name, request.value);
-        if (
-            vAPI.net.canUncloakCnames !== true &&
-            response instanceof Object
-        ) {
-            response.cnameUncloakEnabled = undefined;
+        if ( response instanceof Object ) {
+            if ( vAPI.net.canUncloakCnames !== true ) {
+                response.cnameUncloakEnabled = undefined;
+            }
+            response.canLeakLocalIPAddresses =
+                vAPI.browserSettings.canLeakLocalIPAddresses === true;
         }
         break;
 

diff --git a/src/js/settings.js b/src/js/settings.js
@@ -255,6 +255,12 @@ const onUserSettingsReceived = function(details) {
         });
     }
 
+    if ( details.canLeakLocalIPAddresses === true ) {
+        uDom('[data-setting-name="webrtcIPAddressHidden"]')
+            .ancestors('div.li')
+            .css('display', '');
+    }
+
     uDom('[data-i18n="settingsNoLargeMediaPrompt"] > input[type="number"]')
         .attr('data-setting-name', 'largeMediaSize')
         .attr('data-setting-type', 'input');

diff --git a/src/settings.html b/src/settings.html
@@ -26,7 +26,7 @@
     <div class="fieldset-header" data-i18n="3pGroupPrivacy"></div>
     <div class="li"><label><span class="input checkbox"><input type="checkbox" data-setting-name="prefetchingDisabled" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsPrefetchingDisabledPrompt"></span>&nbsp;<a class="fa-icon info" href="/~https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#disable-pre-fetching" target="_blank">info-circle</a></span></label></div>
     <div class="li"><label><span class="input checkbox"><input type="checkbox" data-setting-name="hyperlinkAuditingDisabled" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsHyperlinkAuditingDisabledPrompt"></span>&nbsp;<a class="fa-icon info important" href="/~https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#disable-hyperlink-auditing" target="_blank">info-circle</a></span></label></div>
-    <div class="li"><label><span class="input checkbox"><input type="checkbox" data-setting-name="webrtcIPAddressHidden" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsWebRTCIPAddressHiddenPrompt"></span>&nbsp;<a class="fa-icon info important" href="/~https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address" target="_blank">info-circle</a></span></label></div>
+    <div class="li" style="display:none"><label><span class="input checkbox"><input type="checkbox" data-setting-name="webrtcIPAddressHidden" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsWebRTCIPAddressHiddenPrompt"></span>&nbsp;<a class="fa-icon info important" href="/~https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address" target="_blank">info-circle</a></span></label></div>
     <div class="li"><label><span class="input checkbox"><input type="checkbox" data-setting-name="noCSPReports" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsNoCSPReportsPrompt"></span>&nbsp;<a class="fa-icon info" href="/~https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports" target="_blank">info-circle</a></span></label></div>
     <div class="li"><label><span class="input checkbox"><input type="checkbox" data-setting-name="cnameUncloakEnabled" data-setting-type="bool"><svg viewBox="0 0 24 24"><path d="M1.73,12.91 8.1,19.28 22.79,4.59"/></svg></span><span><span data-i18n="settingsUncloakCnamePrompt"></span>&nbsp;<a class="fa-icon info" href="/~https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#uncloak-canonical-names" target="_blank">info-circle</a></span></label></div>
 </div>