Verify that we get site isolation in Tor

[riastradh-brave]

During some usability tests we seemed to get the same IP address more often than expected. Figure out why and whether there is a bug here.

TEST PLAN:

search 'what is my IP' on a tor tab
remember what duckduckgo says the IP is
click on a search result that shows you your IP.
it should show a different IP than what duckduckgo showed

[diracdeltas]

Based on my testing I'm pretty sure there is a bug here.

STR:

1. search 'what is my IP' on a tor tab
2. remember what duckduckgo says the IP is
3. click on a search result that shows you your IP.
4. note it's always the same as what duckduckgo said even though the site is a different origin

[darkdh]

re above,
changing 3rd step to open in a new tab and it works.
The circuit seems only been determined when first request shows per tab.

[darkdh]

And I fount out doing a Refresh after step 3, it show different ip than DDG.
So it seems like proxy setting is not able to applied in time before the request processed

[riastradh-brave]

Examination on the wire between brave and the tor daemon reveals:

1. a socks request with username duckduckgo.com to host duckduckgo.com when you do the search
2. a socks request with username iplocation.net to host iplocation.net when you open the link in a new tab
3. a socks request with username duckduckgo.com to host iplocation.net when you click on a link in the same tab
4. a socks request with username iplocation.net to host iplocation.net when you reload the page

[darkdh]

I'm working on a fix which will block request until proxy config is reload

[riastradh-brave]

Is this a race between the caller of CreateRequestContextForStoragePartition and TorSetProxy or something? Why doesn't the CONFIG_UNSET return from GetLatestProxyConfig already block it?

[darkdh]

because they are running on different threads, UI vs IO.

[kjozwiak]

@diracdeltas mind adding a test case for QA?

[diracdeltas]

@kjozwiak yup, the test plan is basically #14390 (comment) - i'll copy it into the issue

[kjozwiak]

Thanks @diracdeltas 👍 Wasn't sure if those were sufficient enough so figured I would ask you just incase!

[srirambv]

Verified on Windows 10 x64 using

• 0.23.16 - 2042c45
• Muon - 7.1.1
• libchromiumcontent - 67.0.3396.87
• Verified on 0.23.17 as well

Verified on Ubuntu 18.04 x64 using the following build:

• 0.23.16 2042c45
• muon: 7.1.1
• libchromiumcontent: 67.0.3396.87

Verified with macOS 10.12.6 using

• 0.23.17 bc754eb
• Muon 7.1.2
• libchromiumcontent 67.0.3396.87