commit 6dc853740b0e2be39f17b1a1857f2610de42548c Author: Georg Koppen gk@torproject.org Date: Fri Aug 26 11:30:19 2016 +0000

Bug 18589: Clear site security settings during New Identity

We need to clear site security settings (like HSTS) explicitely now as they don't belong to the permissions manager anymore. --- src/chrome/content/torbutton.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index d7c42bd..e0fc931 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -1114,7 +1114,8 @@ function torbutton_new_identity() { * h. last open location url * i. clear content prefs * j. permissions - * k. IndexedDB and asmjscache storage + * k. site security settings (e.g. HSTS) + * l. IndexedDB and asmjscache storage * 3. Sends tor the NEWNYM signal to get a new circuit * 4. Opens a new window with the default homepage * 5. Closes this window @@ -1215,16 +1216,21 @@ function torbutton_do_new_identity() { m_tb_prefs.setIntPref("security.OCSP.enabled", 0); m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp);

- // This clears the STS cache and site permissions on Tor Browser + // This clears the site permissions on Tor Browser // XXX: Tie to some kind of disk-ok pref? try { Services.perms.removeAll(); } catch(e) { // Actually, this catch does not appear to be needed. Leaving it in for // safety though. - torbutton_log(3, "Can't clear STS/Permissions: Not Tor Browser: "+e); + torbutton_log(3, "Can't clear permissions: Not Tor Browser: "+e); }

+ // Clear site security settings + let sss = Cc["@mozilla.org/ssservice;1"]. + getService(Ci.nsISiteSecurityService); + sss.clearAll(); + // This clears the undo tab history. var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo"); m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);