[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Feb 28 15:39:00 UTC 2011
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: needs_review
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by T(A)ILS developers):
Hi Mike,
I like this version better. The smartspoof now behaves as expected while
doing:
one.domain.tld/something → domain.tld (blank referrer)
domain.tld/something → one.domain.tld (blank referrer)
I'm fine with removing the the special case for www.
I guess now we'll have to find an agreement on what « not sending the
referrer » means, as I said before in comment 16. Because the « intuitive
sense » you advocated in comment 15 doesn't seem clear to me. But again I
don't consider that a major security issue. Maybe it's personal taste as I
usually prefer not saying anything instead of lying ;)
By the way, in the nospoof configuration we're still not sending the
referrer in most of the cases. It's a status quo from my first report:
domain.tld → one.domain.tld (blank referrer)
google.com → domain.tld (blank referrer)
www.domain.tld → domain.tld (blank referrer)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list