[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Oct 3 08:52:23 UTC 2015
#9623: Referers being sent from hidden service websites
-----------------------------+----------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_revision
Priority: major | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-torbutton
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------------
Comment (by cypherpunks):
Replying to [comment:19 zyan]:
> Replying to [comment:13 cypherpunks]:
> > I found this comment to be interesting https://addons.mozilla.org/en-
us/firefox/addon/smart-referer/reviews/570470/
> >
> > Looks like setting about:config's network.http.referer.XOriginPolicy;1
may solve this problem without any further action needed, maybe the
torbrowser dev team can look into that.
>
> I think that would affect all origins, not just .onion origins, which is
probably not what we want. I usually browse with referrer disabled and I
find that it occasionally breaks things.
Is occasionally breaking things not worth the security tradeoff?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list