[webkit-gtk] [Q] block all network accesses – how?
Albrecht Dreß
albrecht.dress at posteo.de
Wed Aug 2 11:46:04 PDT 2023
Am 02.08.23 19:48 schrieb(en) Michael Catanzaro:
> On Wed, Aug 2 2023 at 04:47:47 PM +0000, Albrecht Dreß <albrecht.dress at posteo.de> wrote:
>> I use WebKitGtk in a MUA, which for privacy reasons shall block all external network accesses unless the user explicitly allows them. Using a web extension, I could redirect these accesses to “about:blank”. However, I /still/ see webkit opening tcp connections to the remote sites, which IMHO shouldn't happen, as it already leaks information to a potential attacker.
>
> You should be able to use the WebKitWebPage::send-request signal to block all network requests.
Please excuse my imprecise description – I *do* actually catch this signal in my extension. The handler is connected in the WebExtension::page-created callback via
g_signal_connect(web_page, "send-request", G_CALLBACK(send_request_cb), NULL);
and the latter callback changes the request URI to
webkit_uri_request_set_uri(request, "about:blank");
unless the uri is already “about:blank” or starts with “cid:” or “data:”. A debug message indicates that the signal is caught, and tcpdump doesn't show the http request, so I /think/ this part works as expected.
To me, this behavior looks as if the WebKitWebPage::send-request signal is fired only /after/ the connect() to the target host, but before the send(), which would perfectly explain my observations.
> If that doesn't work, it's probably a bug.
I see… so I should create a bug report in bugzilla?
Thanks,
Albrecht.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20230802/efb6e35b/attachment-0001.bin>
More information about the webkit-gtk
mailing list