[tor-bugs] #30570 [Applications/Tor Browser]: Implement per-site security settings support
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 15 00:04:11 UTC 2020
#30570: Implement per-site security settings support
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
| pospeselr
Type: enhancement | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, tbb-9.5, | Actual Points:
TorBrowserTeam202001 |
Parent ID: #25658 | Points: 10
Reviewer: | Sponsor:
| Sponsor9
-------------------------------------------------+-------------------------
Comment (by ma1):
I've received a private email by pospeselr and latest update to this
ticket about at the same time, and realized I've missed some history and
context in the past weeks
He had written:
> if I enable scripts while visiting foo.com as the first
> party, all the child scripts would also be enabled, but only when they
> are in the foo.com context. A subsequent visit to baz.com should not
> have scripts enabled for it or any of its included 3rd parties.
This looks much like the "Cascade top document permissions to
subresources" settings in NoScript classic, and it's worth implementing
indeed.
I could make it even more granular by turning it into a "cascade" meta-
capability (like "webgl", "fetch", "ping"...) which can be configured per-
preset (e.g. for TRUSTED) or customized per-site in CUSTOM.
How does this sound?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30570#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list