Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HTTP/S juggling. #17

Open
indolering opened this issue Dec 3, 2013 · 0 comments
Open

Fix HTTP/S juggling. #17

indolering opened this issue Dec 3, 2013 · 0 comments
Labels
bug enhancement
Milestone
ASAP

Comments

@indolering
Copy link
Member

Querying DNS must ALWAYS occur over SSL. However, Firefox will block some HTTP content from loading in a page with HTTPS enabled.

Thus, in order to isolates DNS from possible malicious MTM attacks

  1. https://speech.is -> webWorker : {lookup:urn}
  2. https://speech.is <- webWorker : {name:urn, value:{http:FQDN}}
  3. https://speech.is: load(record.value.http)
    ...
function load(FQDN){
    if (isHttps(FQDN)){
        iframeLoad(FQDN);
    } else {
        forward self to "http://speech.is#!destination=" + FQDN;
    }
}
  1. http://speech.is#!destination=example.com:
if(location.hash.beginsWith('!destination='){
   //load http://example.com
} else {
  //load  https://speech.is + window.location.hash
}
@indolering indolering changed the title Push DNS to iFrame/web worker with differening origin Push DNS to web worker with differing origin May 30, 2014
@indolering indolering changed the title Push DNS to web worker with differing origin Fix HTTP/S juggling. May 30, 2014
@indolering indolering modified the milestones: ASAP, Developer Preview May 30, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug enhancement
Projects
None yet
Milestone
ASAP
Development

No branches or pull requests
1 participant
@indolering