[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Feb 28 01:19:04 UTC 2011
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: needs_review
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Changes (by mikeperry):
* status: assigned => needs_review
Comment:
TAILS guys: ok, now the referer behavior should be more uniform. The
attached .xpi is from origin/master
2589477ba1034c394d9ef74c33bd1123316da214. We may still want to change that
behavior, but at least it is now easier to describe.
The referer is left as the default behavior if either the source or the
destination hostname are full substrings of one another. Otherwise, the
referer is spoofed to be the prefix of the destination url (scheme+host).
We may want to loosen this to remove the TLD, and/or the prefix domain, if
the hostnames are short enough, before performing the suffix test.
Thoughts?
Also, does this git revision behave as described for you?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list