[tbb-bugs] #16450 [Tor Browser]: Tor browser removes Authorization header
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 26 14:51:50 UTC 2015
#16450: Tor browser removes Authorization header
-------------------------+--------------------------
Reporter: justuser | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
I couldn't use epayments.com from tor-browser.
Their javascript making queries from https://my.epayments.com/ to
https://api.epayments.com
api.epayments.com send Access-Control-Allow-Origin:
https://my.epayments.com allowing my.epayments.com to make cross domain
request.
Javascript on my.epayments.com adds Authorization: Basic some token while
making request.
But tor browser removes this header, breaking authorization process. I
googled and found that this is for better privacy, but could you make this
feature disableable?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16450>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list