[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 6 23:01:40 UTC 2015
#9623: Referers being sent from hidden service websites
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: needs_revision
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-torbutton, tbb-security,
Browser | TorBrowserTeam201510R
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Comment (by teor):
Replying to [comment:28 zyan]:
> Will fix. On further thought, maybe just get rid of the pref entirely
until #17228? I can't think of an immediate use case where one would want
to enable cross-origin onion referrers.
Onion-sites using sub-onions to host (static) content.
Or the onion-per-role design that Facebook (and perhaps other sites) use
(I think it's upload, static, and dynamic).
Perhaps we could send an email to tor-dev before we decide whether we need
a preference?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list