[tor-bugs] #6308 [Torbutton]: 3rd party HTTP auth removal is triggered whenever firefox attempts to fetch a nonexistant favicon.ico
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jul 5 16:40:13 UTC 2012
#6308: 3rd party HTTP auth removal is triggered whenever firefox attempts to fetch
a nonexistant favicon.ico
-----------------------------------------------------+----------------------
Reporter: cryptobear | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Torbutton | Version: Torbutton: 1.4.4
Keywords: favicon, torbutton, 3rd party http auth | Parent:
Points: | Actualpoints:
-----------------------------------------------------+----------------------
* Torbutton about says 1.4.6 but that's not available in the version
dropdown
When browsing within a single website with no 3rd party content that uses
HTTP authentication (in this case an simple onion site), the HTTP
authentication is periodically invalidated and one is forced to re-
authenticate. Setting the torbutton logging level to 3 the invalidation of
the HTTP auth seems correspond to entries like the one below:
Torbutton INFO: SSC: Parent browser for http://example.onion/favicon.ico
Torbutton INFO: SSC: Segmenting http://example.onion/favicon.ico content
loaded by browser
Torbutton NOTE: Removing 3rd party HTTP auth for url:
http://example.onion/favicon.ico
The site in question does not have a favicon nor any header code
indicating one should be fetched, and when Firefox makes a request for one
automatically, it seems to invalidate the HTTP auth.
Since this is an automatic behavior of Firefox, and at no point is a
request for content from a 3rd party being made Torbutton should handle
this case correctly (ie. not invalidate the HTTP auth session).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6308>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list