[tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 14 21:15:50 UTC 2016
#17334: Move Referrer spoofing for .onion domains out of Torbutton
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
| arthuredelstein
Type: task | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-torbutton-conversion, | Actual Points:
TorBrowserTeam201609R |
Parent ID: | Points:
Reviewer: | Sponsor:
| SponsorU
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
Replying to [comment:8 mcs]:
> Kathy and I reviewed this and it looks OK. We did not build and run the
code. How much testing have you done?
More now. :) I have set up a hidden site that lets us test this feature
manually:
http://5oyaubgz5hqruonh.onion/test17334.html
If you apply only the torbutton patch in comment:5, then referrer spoofing
is disabled. But if you apply the tor-browser.git patch as well, then
spoofing works again.
It would be nice to write an automated test, but I'm not sure what the
best approach is, as we need to be able to simulate an onion site or
connect to a real one.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17334#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list