[tbb-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 23 21:38:51 UTC 2016
#18996: Investigate server logging in ESR45
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff45-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
Replying to [comment:4 mcs]:
> When the prefs are disabled, does the browser still parse the data sent
in the X-ChromeLogger-Data headers? I don't think this feature raises an
obvious security or privacy issue, but it would be bad to leave server
logging enabled if it turns out that there is a bug in how the JSON data
is parsed or presented.
Good question. I added a `dump` statement to the part of the code where
the "X-ChromeLogger-Data" header value is parsed. I was able to manually
confirm that this code is not called except when "Server" logging is
enabled (through the button in the devtools UI, or in the prefs). Here's
my test code in case anyone is interested:
https://github.com/arthuredelstein/tor-browser/commit/18996
(Note this patch is for testing purposes only.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18996#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list