[tor-bugs] #27884 [- Select a component]: Use sane about:config value: network.http.referer.XOriginPolicy = 2

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 27 08:43:31 UTC 2018


#27884: Use sane about:config value: network.http.referer.XOriginPolicy = 2
-------------------------+--------------------------------------
 Reporter:  floweb       |          Owner:  (none)
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Component:  - Select a component
  Version:               |       Severity:  Normal
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+--------------------------------------
 While reading through various about:config security hardening guides, I
 found several bad default values for the Tor Browser:

 - network.http.referer.XOriginPolicy = 2
   - Only send Referer header when the full hostnames match. (Note: if you
 notice significant breakage, you might try 1 combined with an
 XOriginTrimmingPolicy tweak below.) Source
     - 0 = Send Referer in all cases
     - 1 = Send Referer to same eTLD sites
     - 2 = Send Referer only when the full hostnames match

 (This issue was split from
 https://trac.torproject.org/projects/tor/ticket/27059)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27884>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list