[tbb-bugs] #21728 [Applications/Tor Browser]: Features that are made "HTTPS-only" should be available on .onion sites as well
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 17 10:59:15 UTC 2017
#21728: Features that are made "HTTPS-only" should be available on .onion sites as
well
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:1 yawning]:
> Can this be made opt-in? I don't really think Tor Browser should
support any of the APIs that require Secure Contexts in the first place,
even with HTTPS...
>
> https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
If it turns out to be the case that we think an API is to be disabled in
an HTTPS context it won't be available on .onion sites either. This bug is
more about stopping to bind `isSecureContext` to HTTPS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21728#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list