[tbb-bugs] #18080 [Tor Browser]: Do not strip the Access-Control-Allow-Origin header

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 19 21:45:48 UTC 2016 

#18080: Do not strip the Access-Control-Allow-Origin header
-------------------------+-----------------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  needs_information
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+-----------------------------------

Comment (by bugzilla):

 Replying to [comment:4 cypherpunks]:
 > Replying to [comment:3 bugzilla]:
 > > Oops, algorithm in comment:2 is not so plain: first request is the
 second actually (first was in step 1)
 > If the Firefox Developer Tools window isn't open at step 1, the Network
 tab doesn't show any requests when you first open it. With the first
 request i meant the first one in the request list in the Network tab after
 the refresh at step 4. There should be only one request in this list
 because the page i linked has no other resources it needs to load.
 Furthermore, the list of requests gets cleared after each refresh (which
 is the default unless the setting has been changed).
 Not first request, but first shown request.
 > > it always misses header on alpha
 > Does loading node information on [https://globe.torproject.org/] work
 for you on alpha when the header is missing?
 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
 remote resource at
 https://onionoo.torproject.org/details?lookup=D4125249A474408F0FBA4DB15AC207E31E4CF6B3.
 (Reason: CORS header 'Access-Control-Allow-Origin' missing).
 > > except exitnode was changed by timeout
 > Did the exit node change alter the responses you got?
 The header is always present after New Circuit.
 > > how can it reappear if algorithm states to update only when header is
 not missing?
 > This could happen when you continue to refresh after you found that the
 header is missing. The steps are only to reproduce the missing header
 case.
 The header is always missed on step 5, so step 6 = false, why go to 4
 (refresh)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18080#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list