[tor-bugs] #3739 [TorBrowserButton]: SafeCache policy likely fails for https->http CORS (and reverse)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Aug 15 21:04:44 UTC 2011


#3739: SafeCache policy likely fails for https->http CORS (and reverse)
------------------------------+---------------------------------------------
 Reporter:  mikeperry         |          Owner:  mikeperry
     Type:  defect            |         Status:  new      
 Priority:  major             |      Milestone:           
Component:  TorBrowserButton  |        Version:           
 Keywords:                    |         Parent:           
   Points:                    |   Actualpoints:           
------------------------------+---------------------------------------------
 Georg noticed several edge cases for the SafeCache policy in #3665. I
 fixed the ones he found there, but I suspect more may remain, especially
 for mixed-content pages with CORS requests

 We need to first test this by standing up http://arunranga.com/examples
 /access-control/simpleXSInvocation.html or similar on a mixed-mode server.

 Fixing it will be extra fun, I suspect...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3739>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list