From 96068ada37bfa1d7e6485551138ba36600664caf Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 20 Nov 2021 18:29:59 +0100
Subject: replace cookies with synchronous XmlHttpRequest as policy smuggling
 method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
---
 build.sh | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

(limited to 'build.sh')

diff --git a/build.sh b/build.sh
index 936ab06..ed6a141 100755
--- a/build.sh
+++ b/build.sh
@@ -180,7 +180,6 @@ build_main() {
 	mkdir -p "$BUILDDIR"/$DIR
     done
 
-    CHROMIUM_KEY=''
     CHROMIUM_UPDATE_URL=''
     GECKO_APPLICATIONS=''
 
@@ -189,20 +188,7 @@ build_main() {
     fi
 
     if [ "$BROWSER" = "chromium" ]; then
-	CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
-	CHROMIUM_KEY=$(echo chromium-key-dummy-file-$CHROMIUM_KEY | tr / -)
-	touch "$BUILDDIR"/$CHROMIUM_KEY
-
 	CHROMIUM_UPDATE_URL="$UPDATE_URL"
-
-	CHROMIUM_KEY="\n\
-	// WARNING!!!\n\
-	// EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\
-	// OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
-	// Only relevant to users of chrome-based browsers.\n\
-	// Users of Firefox forks are safe.\n\
-	\"$CHROMIUM_KEY\"\
-"
     else
 	GECKO_APPLICATIONS="\n\
     \"applications\": {\n\
@@ -215,7 +201,6 @@ build_main() {
 
     sed "\
 s^_GECKO_APPLICATIONS_^$GECKO_APPLICATIONS^
-s^_CHROMIUM_KEY_^$CHROMIUM_KEY^
 s^_CHROMIUM_UPDATE_URL_^$CHROMIUM_UPDATE_URL^
 s^_BGSCRIPTS_^$BGSCRIPTS^
 s^_CONTENTSCRIPTS_^$CONTENTSCRIPTS^" \
@@ -279,6 +264,7 @@ EOF
     fi
 
     cp -r copyright licenses/ "$BUILDDIR"
+    cp dummy "$BUILDDIR"
     cp html/*.css "$BUILDDIR"/html
     mkdir "$BUILDDIR"/icons
     cp icons/*.png "$BUILDDIR"/icons
-- 
cgit v1.2.3