[tor-bugs] #27280 [Applications/Tor Browser]: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on 8.0a9 / 8.0a10
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 21 13:50:59 UTC 2018
#27280: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on
8.0a9 / 8.0a10
--------------------------------------+--------------------------
Reporter: cypherpunks3 | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks3):
This problem doesn't happen when NoScript is disabled.
What's happening is that basically NoScript blocks scripts by using the
CSP, and HTTPS Everywhere does this as well using CSP so maybe there's
some conflict. In any case this seems to happen even in the Standard
security setting, so there may be something else.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27280#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list