Skip to content

Fix HTTP/S juggling. #17

New issue
New issue
Open
Open
Fix HTTP/S juggling.#17
Labels
bugenhancement
Milestone
ASAP
@indolering

Description

@indolering
indolering
opened on Dec 3, 2013

Querying DNS must ALWAYS occur over SSL. However, Firefox will block some HTTP content from loading in a page with HTTPS enabled.

Thus, in order to isolates DNS from possible malicious MTM attacks

  1. https://speech.is -> webWorker : {lookup:urn}
  2. https://speech.is <- webWorker : {name:urn, value:{http:FQDN}}
  3. https://speech.is: load(record.value.http)
    ...
function load(FQDN){
    if (isHttps(FQDN)){
        iframeLoad(FQDN);
    } else {
        forward self to "http://speech.is#!destination=" + FQDN;
    }
}
  1. http://speech.is#!destination=example.com:
if(location.hash.beginsWith('!destination='){
   //load http://example.com
} else {
  //load  https://speech.is + window.location.hash
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugenhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions