[tor-bugs] #8132 [EFF-HTTPS Everywhere]: [CHROME] Cookies rewriting infinite loop w/ Keep MORE|MY opt-outs installed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 2 02:40:52 UTC 2013
#8132: [CHROME] Cookies rewriting infinite loop w/ Keep MORE|MY opt-outs installed
----------------------------------+-----------------------------------------
Reporter: dtauerbach | Owner: dtauerbach
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by dtauerbach):
From http://developer.chrome.com/extensions/cookies.html:
"As a special case, note that updating a cookie's properties is
implemented as a two step process: the cookie to be updated is first
removed entirely, generating a notification with "cause" of "overwrite" .
Afterwards, a new cookie is written with the updated values, generating a
second notification with "cause" "explicit". "
HTTPS Everywhere is calling chrome.cookies.set() and KMOO has an onChanged
handler seeing that an (insecure) cookie is being deleted and trying to
recreate it.
I think we need KMOO to change its behavior for this to work by checking
for any valid version of a cookie before attempting to re-create it. I
will point Mike West to this thread.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8132#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list