[tor-bugs] #3739 [TorBrowserButton]: SafeCache policy likely fails for https->http CORS (and reverse)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Aug 15 21:04:44 UTC 2011
#3739: SafeCache policy likely fails for https->http CORS (and reverse)
------------------------------+---------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Georg noticed several edge cases for the SafeCache policy in #3665. I
fixed the ones he found there, but I suspect more may remain, especially
for mixed-content pages with CORS requests
We need to first test this by standing up http://arunranga.com/examples
/access-control/simpleXSInvocation.html or similar on a mixed-mode server.
Fixing it will be extra fun, I suspect...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3739>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list