[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Feb 26 09:06:05 UTC 2011
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: assigned
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by mikeperry):
For your first example here, 'www' is a special case in the code for some
reason. I think it should have sent *some* kind of referrer for this case
though.. That may be a bug due to the special case of 'www'. I think that
we should not special case 'www'. If we have to, I think we're probably
doing something wrong.
'Not sending the referrer' in the case of the smart referrer code means it
spoofs to the origin domain of the *destination* URL. Hence that is why
you see the destination url in the second case. This makes intuitive sense
to me, but it should be consistent.
I think this means that there are three steps to the solution of this
general problem:
1. Make the behaviour consistent wrt subdomains, with no special cases.
2. Document all this in the design doc.
3. Verify for sanity, adjusting the code as needed.
I think that solving this bug definitely means doing #1 here. I am
thinking that 2 and 3 might be separate tickets.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list