[tbb-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 7 23:34:39 UTC 2015
#15954: Canvas permission and HTTP auth still use FQDN isolation
-----------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: tbb-usability-website | Actual Points:
Parent ID: | Points:
-----------------------------------+--------------------------
In #15933, we relaxed our domain isolation to use TLD instead of FQDN,
because FQDN isolation was breaking several sites. However, the HTTP auth
and the canvas permissions were not using the same
ThirdPartyUtil::GetFirstPartyHostForIsolation() API as everything else
was.
We should fix their behavior to use TLD isolation for consistency. I bet
some sites will still break due to FQDN isolated HTTP auth in particular..
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15954>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list