[tor-bugs] #6458 [Tor Browser]: Disable HSTS for third party content on non-HSTS domains
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 15 18:34:03 UTC 2014
#6458: Disable HSTS for third party content on non-HSTS domains
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
mikeperry | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, tbb-bounty, tbb-
Browser | firefox-patch
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
mikeperry on IRC wrote: "I thought there was also a project to crawl sites
and transform any with hsts rules into https-everywhere rules". Here's an
HTTPS Everywhere ticket to transform HSTS rules to HTTPS-Everywhere rules.
https://github.com/EFForg/https-everywhere/issues/77
Would this allow us to turn off HSTS altogether?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6458#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list