[tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 7 19:30:23 UTC 2016
#20317: Key permissions by first-party domain instead of origin (proposal)
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
Here's a demo that works on Firefox (not Tor Browser, because we don't
have navigator.geolocation exposed).
First visit
https://torpat.ch/geolocate.html
And choose "Always Share Location" for torpat.ch.
Now visit
https://arthuredelstein.github.io/tordemos/geolocate.html
The iframe runs the same torpat.ch page to obtain location, and then uses
postMessage to send the location to the parent page, at
arthuredelstein.github.io.
(When you are done, be sure to revoke permissions to torpat.ch! :))
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20317#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list