[tbb-bugs] #16200 [Tor Browser]: Torbutton changes for ESR 38
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 22 19:44:20 UTC 2015
#16200: Torbutton changes for ESR 38
-------------------------+-------------------------------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-torbutton, ff38-esr,
Resolution: | TorBrowserTeam201506R, tbb-5.0a3-essential
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Changes (by mcs):
* cc: mikeperry (added)
Comment:
Something else to think about: on #tor-dev today, Mike asked whether we
could replace our https://127.0.0.1/ updateURL hacks with data:text/plain,
but Georg said we have to use an https: URL. And he is right; see the
providesUpdatesSecurely() function here http://mxr.mozilla.org/mozilla-
central/source/toolkit/mozapps/extensions/internal/XPIProvider.jsm#6495
But looking at that function led me to try using a data: URL with a
useless updateKey. And it seems to work, e.g.,
<em:updateURL>data:text/plain,</em:updateURL>
<em:updateKey>-</em:updateKey>
(the updateKey is not used unless some data is returned by the URL fetch).
Is this an improvement over the https://127.0.0.1/ hack? I think so.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16200#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list