[tor-bugs] #16983 [Tor Browser]: Favicon requests not isolated if one opens the tab list dropdown

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 14 15:41:48 UTC 2015 

#16983: Favicon requests not isolated if one opens the tab list dropdown
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  someone_else           |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability,
  Browser                |  TorBrowserTeam201509R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:8 gk]:
 > Replying to [comment:7 arthuredelstein]:
 > > Replying to [comment:6 gk]:
 > > > So, this actually means there won't be any fetches anymore at all as
 long as I have the tab open (at least that's what I am seeing)?
 > >
 > > With this patch, the assigned isolation domain is the same for both
 tab and dropdown. So my interpretation is that the favicon.ico file is
 cached and doesn't need to be fetched again.
 >
 > Yes, but what happens if the cache is full? Do the favicons get evicted
 so that they need to get refetched if you open the dropdown? If yes, what
 happens in this case wrt circuit usage? If no, this is good. But is that
 really the case?
 >
 > >
 > > > If not how could I verify that your patch is working as expected?
 > >
 > > You can set torbutton's `loglevel` pref to `3` to see it each request
 and its assigned isolation domain. If you see the correct favicon appear
 in both the tab and the dropdown for a given site, and you don't see any
 no-first-party fetches for the favicon file, then I would argue that the
 problem is fixed.
 >
 > Sure. The problem is that I don't see any fetches at all if I click on
 the dropdown. What I'd like to see is fetches using the circuit bound to
 the respective domain if this can happen at all.

 Here's a simple manual test that replaces the first favicon image in the
 dropdown when the dropdown is opened. First set torbutton's `loglevel`
 pref to `3`. Then open https://www.torproject.org/ in the leftmost tab.
 Open some additional tabs to the right so that the dropdown button is
 visible. Then enter the following in the Browser Console:

 {{{
 let popup = document.getElementById("alltabs-popup");
 popup.addEventListener("popupshown", function () {
   console.log("firstparty found: " +
 popup.children[3].getAttribute("firstparty"));
   popup.children[3].setAttribute("image",
 "https://en.wikipedia.org/favicon.ico");
 }, false);
 }}}

 Open the dropdown menu, and you should see the Wikipedia favicon
 immediately fetched via the SOCKS credential `torproject.org:0`. And the
 Wikipedia favicon will appear in the dropdown menu.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16983#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list