[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30276 [Applications/Tor Browser]: The referer header should be spoofed in TBB

To: undisclosed-recipients: ;
Subject: [tor-bugs] #30276 [Applications/Tor Browser]: The referer header should be spoofed in TBB
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 23 Apr 2019 22:27:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Apr 2019 18:27:23 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30276: The referer header should be spoofed in TBB
------------------------------+------------------------------------------
 Reporter:  randomname213324  |          Owner:  tbb-team
     Type:  enhancement       |         Status:  new
 Priority:  Medium            |      Component:  Applications/Tor Browser
  Version:                    |       Severity:  Critical
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------------------
 Setting `network.http.referer.spoofSource` in about:config to true sends
 the target URL in the referer header. This shouldn't break any websites
 and it could only be enabled at the safer or safest security settings.

 This would stop websites from seeing what website you were previously on
 from the referer header.

 The referer can also be trimmed to reduce the amount of information sent.

 A list of all security/privacy related referer options can be found here
 https://wiki.mozilla.org/Security/Referrer

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30276>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #30276 [Applications/Tor Browser]: The referer header should be spoofed in TBB
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #30316 [Core Tor/Tor]: Vote's 'bandwidth-file-headers' is in wrong order
Next by Author: Re: [tor-bugs] #28223 [Core Tor/Tor]: Unparseable microdescriptor on public relay
Previous by thread: Re: [tor-bugs] #24191 [Internal Services/Service - trac]: Remove trac spam prevention from GRP_devel people
Next by thread: Re: [tor-bugs] #30276 [Applications/Tor Browser]: The referer header should be spoofed in TBB
Index(es):
- Author
- Thread