Issue #322: Removed meek-azure bridge, which will stop working soon.

tladesignz · tladesignz · commit 21bc18428368 · 2021-04-06T16:28:53.000+02:00
diff --git a/OnionBrowser/Migration/Migration.swift b/OnionBrowser/Migration/Migration.swift
@@ -1,6 +1,6 @@
 /*
  * Onion Browser
- * Copyright (c) 2012-2018, Tigas Ventures, LLC (Mike Tigas)
+ * Copyright (c) 2012-2021, Tigas Ventures, LLC (Mike Tigas)
  *
  * This file is part of Onion Browser. See LICENSE file for redistribution terms.
  */
@@ -15,153 +15,143 @@ class Migration: NSObject {
 		.strict,
 		.blockXhr,
 		.open
-    ]
+	]
 
-    /**
-        Migrates bookmarks, bridge settings and miscelaneous other settings of version 1.x to 2.x.
-    */
-    @objc class func migrate() {
-        let settings = UserDefaults.standard
+	/**
+	Migrates bookmarks, bridge settings and miscelaneous other settings of version 1.x to 2.x.
+	*/
+	@objc class func migrate() {
+		let settings = UserDefaults.standard
 
-        let storeUrl = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).last?
-            .appendingPathComponent("Settings.sqlite")
+		let storeUrl = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).last?
+			.appendingPathComponent("Settings.sqlite")
 
-        var isReachable = try? storeUrl?.checkResourceIsReachable()
+		var isReachable = try? storeUrl?.checkResourceIsReachable()
 
-        // Check, if CoreData SQLite file is there, if so migrate bookmarks and bridge settings.
-        if isReachable ?? false {
+		// Check, if CoreData SQLite file is there, if so migrate bookmarks and bridge settings.
+		if isReachable ?? false {
 
-            // Initialize CoreData.
-            if let mom = NSManagedObjectModel.mergedModel(from: nil) {
-                let psc = NSPersistentStoreCoordinator(managedObjectModel: mom)
+			// Initialize CoreData.
+			if let mom = NSManagedObjectModel.mergedModel(from: nil) {
+				let psc = NSPersistentStoreCoordinator(managedObjectModel: mom)
 
-                let moc = NSManagedObjectContext(concurrencyType: .mainQueueConcurrencyType)
-                moc.persistentStoreCoordinator = psc
+				let moc = NSManagedObjectContext(concurrencyType: .mainQueueConcurrencyType)
+				moc.persistentStoreCoordinator = psc
 
-                let store = try? psc.addPersistentStore(ofType: NSSQLiteStoreType,
-                                                        configurationName: nil,
-                                                        at: storeUrl,
-                                                        options: nil)
+				let store = try? psc.addPersistentStore(ofType: NSSQLiteStoreType,
+														configurationName: nil,
+														at: storeUrl,
+														options: nil)
 
-                // Migrate bridges. Needs to be done in the main thread, otherwise it's too late.
-                let request = NSFetchRequest<Bridge>.init(entityName: "Bridge")
-                let oldBridges = try? moc.fetch(request)
+				// Migrate bridges. Needs to be done in the main thread, otherwise it's too late.
+				let request = NSFetchRequest<Bridge>.init(entityName: "Bridge")
+				let oldBridges = try? moc.fetch(request)
 
-                if (oldBridges?.count ?? 0) > 0 {
-                    // Don't show intro to bridge users - otherwise these settings are lost.
+				if (oldBridges?.count ?? 0) > 0 {
+					// Don't show intro to bridge users - otherwise these settings are lost.
 					Settings.didIntro = true
 
-                    // Detect default Meek bridges.
-                    if oldBridges!.count == 1 {
-                        let ob = oldBridges![0];
+					var newBridges = [String]()
 
-						if ob.conf == OnionManager.meekAzureBridge.first {
-							Settings.currentlyUsedBridges = .meekazure
-                        }
-                    }
-                    else {
-                        var newBridges = [String]()
+					for ob in oldBridges! {
+						newBridges.append(ob.conf)
+					}
 
-                        for ob in oldBridges! {
-                            newBridges.append(ob.conf)
-                        }
+					Settings.currentlyUsedBridges = .custom
+					Settings.customBridges = newBridges
 
-						Settings.currentlyUsedBridges = .custom
-						Settings.customBridges = newBridges
-                    }
+					settings.synchronize()
+				}
 
-                    settings.synchronize()
-                }
+				// Jump into a background thread to do the rest of the migration.
+				DispatchQueue.global(qos: .background).async {
+					// Migrate bookmarks.
+					let request = NSFetchRequest<OldBookmark>.init(entityName: "Bookmark")
+					request.sortDescriptors = [NSSortDescriptor.init(key: "order", ascending: true)]
 
-                // Jump into a background thread to do the rest of the migration.
-                DispatchQueue.global(qos: .background).async {
-                    // Migrate bookmarks.
-                    let request = NSFetchRequest<OldBookmark>.init(entityName: "Bookmark")
-                    request.sortDescriptors = [NSSortDescriptor.init(key: "order", ascending: true)]
-
-                    if let oldBookmarks = try? moc.fetch(request) {
-                        for ob in oldBookmarks {
+					if let oldBookmarks = try? moc.fetch(request) {
+						for ob in oldBookmarks {
 							Bookmark.add(ob.title, ob.url).acquireIcon {
 								Bookmark.store()
 							}
-                        }
-
-                        Bookmark.store()
-                    }
-
-                    // Remove old CoreData storage.
-                    do {
-                        if store != nil {
-                            try moc.persistentStoreCoordinator?.remove(store!)
-                        }
-
-                        try FileManager.default.removeItem(at: storeUrl!)
-                    } catch {
-                        // This should not happen.
-                        // Can't do anything now. We tried...
-                    }
-                }
-            }
-        }
-
-        let settingsUrl = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)
-            .last?.appendingPathComponent("Settings.plist")
-
-        isReachable = try? settingsUrl?.checkResourceIsReachable()
-
-        // Check, if Settings.plist file is there, if so, migrate some, which apply to Endless, too.
-        if isReachable ?? false {
-            
-            DispatchQueue.global(qos: .background).async {
-                if let raw = FileManager.default.contents(atPath: settingsUrl!.path) {
-                    let oldSettings = try? PropertyListSerialization.propertyList(
-                        from: raw,
-                        options: .mutableContainersAndLeaves,
-                        format: nil)
-                        as? [String: Any]
-
-                    // Do-Not-Track header.
-                    if let dnt = oldSettings?["dnt"] as? Int
-                    {
-                        // 1.X had 3 settings: 0 = unset, 1 = cantrack, 2 = notrack
-                        // Endless has only two options "send_dnt" true or false.
-                        // Translation table: 0 => false, 1 => false, 2 => true
+						}
+
+						Bookmark.store()
+					}
+
+					// Remove old CoreData storage.
+					do {
+						if store != nil {
+							try moc.persistentStoreCoordinator?.remove(store!)
+						}
+
+						try FileManager.default.removeItem(at: storeUrl!)
+					} catch {
+						// This should not happen.
+						// Can't do anything now. We tried...
+					}
+				}
+			}
+		}
+
+		let settingsUrl = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)
+			.last?.appendingPathComponent("Settings.plist")
+
+		isReachable = try? settingsUrl?.checkResourceIsReachable()
+
+		// Check, if Settings.plist file is there, if so, migrate some, which apply to Endless, too.
+		if isReachable ?? false {
+
+			DispatchQueue.global(qos: .background).async {
+				if let raw = FileManager.default.contents(atPath: settingsUrl!.path) {
+					let oldSettings = try? PropertyListSerialization.propertyList(
+						from: raw,
+						options: .mutableContainersAndLeaves,
+						format: nil)
+						as? [String: Any]
+
+					// Do-Not-Track header.
+					if let dnt = oldSettings?["dnt"] as? Int
+					{
+						// 1.X had 3 settings: 0 = unset, 1 = cantrack, 2 = notrack
+						// Endless has only two options "send_dnt" true or false.
+						// Translation table: 0 => false, 1 => false, 2 => true
 						Settings.sendDnt = dnt == 2
-                    }
+					}
 
-                    // Content security policy setting. For legacy reasons named "javascript".
-                    if let csp = oldSettings?["javascript"] as? Int {
-                        // From the 1.X sources:
-                        // #define CONTENTPOLICY_STRICT 0 // Blocks nearly every CSP type
-                        // #define CONTENTPOLICY_BLOCK_CONNECT 1 // Blocks `connect-src` (XHR, CORS, WebSocket)
-                        // #define CONTENTPOLICY_PERMISSIVE 2 // Allows all content (DANGEROUS: websockets leak outside tor)
+					// Content security policy setting. For legacy reasons named "javascript".
+					if let csp = oldSettings?["javascript"] as? Int {
+						// From the 1.X sources:
+						// #define CONTENTPOLICY_STRICT 0 // Blocks nearly every CSP type
+						// #define CONTENTPOLICY_BLOCK_CONNECT 1 // Blocks `connect-src` (XHR, CORS, WebSocket)
+						// #define CONTENTPOLICY_PERMISSIVE 2 // Allows all content (DANGEROUS: websockets leak outside tor)
 
 						let hs = HostSettings.forDefault()
 						hs.contentPolicy = cspTranslation[csp]
 						hs.save().store()
-                    }
-
-                    // Minimal TLS version. Only the "1.2 only" setting will be migrated, as 
-                    // the "SSL v3" setting is not supported in Endless.
-                    if let tlsver = oldSettings?["tlsver"] as? Int {
-                        // From the 1.X sources:
-                        // #define X_TLSVER_ANY 0
-                        // #define X_TLSVER_TLS1 1
-                        // #define X_TLSVER_TLS1_2_ONLY 2
-
-                        if tlsver == 2 {
-                            Settings.tlsVersion = .tls12
-                        }
-                    }
-                }
-
-                do {
-                    try FileManager.default.removeItem(at: settingsUrl!)
-                } catch {
-                    // This should not happen.
-                    // Can't do anything now. We tried...
-                }
-            }
-        }
-    }
+					}
+
+					// Minimal TLS version. Only the "1.2 only" setting will be migrated, as
+					// the "SSL v3" setting is not supported in Endless.
+					if let tlsver = oldSettings?["tlsver"] as? Int {
+						// From the 1.X sources:
+						// #define X_TLSVER_ANY 0
+						// #define X_TLSVER_TLS1 1
+						// #define X_TLSVER_TLS1_2_ONLY 2
+
+						if tlsver == 2 {
+							Settings.tlsVersion = .tls12
+						}
+					}
+				}
+
+				do {
+					try FileManager.default.removeItem(at: settingsUrl!)
+				} catch {
+					// This should not happen.
+					// Can't do anything now. We tried...
+				}
+			}
+		}
+	}
 }
diff --git a/OnionBrowser/OnionManager.swift b/OnionBrowser/OnionManager.swift
@@ -2,7 +2,7 @@
 //  OnionManager.swift
 //  OnionBrowser2
 //
-//  Copyright (c) 2012-2020, Tigas Ventures, LLC (Mike Tigas)
+//  Copyright (c) 2012-2021, Tigas Ventures, LLC (Mike Tigas)
 //
 //  This file is part of Onion Browser. See LICENSE file for redistribution terms.
 //
@@ -94,6 +94,12 @@ class OnionManager : NSObject {
 
 	static let obfs4Bridges = NSArray(contentsOfFile: Bundle.main.path(forResource: "obfs4-bridges", ofType: "plist")!) as! [String]
 
+	/**
+	Don't use anymore: Microsoft announced to start blocking domain fronting!
+
+	[Microsoft: Securing our approach to domain fronting within Azure](https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-domain-fronting-within-azure/)
+	*/
+	@available(*, deprecated)
 	static let meekAzureBridge = [
 		"meek_lite 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"
 	]
@@ -501,10 +507,6 @@ class OnionManager : NSObject {
 			startObfs4proxy()
 			return OnionManager.obfs4Bridges
 
-		case .meekazure:
-			startObfs4proxy()
-			return OnionManager.meekAzureBridge
-
 		case .snowflake:
 			startSnowflake()
 			return OnionManager.snowflakeBridge
diff --git a/OnionBrowser/Settings/BridgeConfViewController.swift b/OnionBrowser/Settings/BridgeConfViewController.swift
@@ -34,8 +34,8 @@ BridgeConfDelegate {
 			"",
 			String(format: NSLocalizedString("%1$@ %2$@ makes your traffic appear \"random\".",
 							  comment: ""), "\u{2022}", "obfs4"),
-			String(format: NSLocalizedString("%1$@ %2$@ makes your traffic pose as traffic to a Microsoft website.",
-							  comment: ""), "\u{2022}", "meek-azure"),
+			String(format: NSLocalizedString("%1$@ %2$@ makes your traffic look like a phone call to a random user on the net.",
+							  comment: ""), "\u{2022}", "snowflake"),
 			"",
 			NSLocalizedString("If one type of bridge does not work, try using a different one.",
 							  comment: "")
@@ -76,7 +76,6 @@ BridgeConfDelegate {
 		let bridges: [Settings.BridgesType: String] = [
 			.none: NSLocalizedString("No Bridges", comment: ""),
 			.obfs4: String(format: NSLocalizedString("Built-in %@", comment: ""), "obfs4"),
-			.meekazure: String(format: NSLocalizedString("Built-in %@", comment: ""), "meek-azure"),
 			.snowflake: String(format: NSLocalizedString("Built-in %@", comment: ""), "snowflake"),
 			.custom: NSLocalizedString("Custom Bridges", comment: ""),
 		]
diff --git a/OnionBrowser/Settings/Settings.swift b/OnionBrowser/Settings/Settings.swift
@@ -74,8 +74,18 @@ class Settings: NSObject {
 	enum BridgesType: Int {
 		case none = 0
 		case obfs4 = 1
+
+		@available(*, deprecated)
 		case meekamazon = 2 // Legacy. Retaining this number for future use if meek-amazon comes back.
-		case meekazure = 3
+
+		/**
+		Don't use anymore: Microsoft announced to start blocking domain fronting!
+
+		[Microsoft: Securing our approach to domain fronting within Azure](https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-domain-fronting-within-azure/)
+		*/
+		@available(*, deprecated)
+		case meekazure = 3 // Legacy. Retaining this number for future use if meek-azure comes back.
+
 		case snowflake = 4
 		case custom = 99
 	}
diff --git a/Resources/Base.lproj/Localizable.strings b/Resources/Base.lproj/Localizable.strings
diff --git a/Resources/de.lproj/Localizable.strings b/Resources/de.lproj/Localizable.strings
