[tor-bugs] #27884 [- Select a component]: Use sane about:config value: network.http.referer.XOriginPolicy = 2
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 27 08:43:31 UTC 2018
#27884: Use sane about:config value: network.http.referer.XOriginPolicy = 2
-------------------------+--------------------------------------
Reporter: floweb | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Component: - Select a component
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+--------------------------------------
While reading through various about:config security hardening guides, I
found several bad default values for the Tor Browser:
- network.http.referer.XOriginPolicy = 2
- Only send Referer header when the full hostnames match. (Note: if you
notice significant breakage, you might try 1 combined with an
XOriginTrimmingPolicy tweak below.) Source
- 0 = Send Referer in all cases
- 1 = Send Referer to same eTLD sites
- 2 = Send Referer only when the full hostnames match
(This issue was split from
https://trac.torproject.org/projects/tor/ticket/27059)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27884>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list