[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32865 [Applications/Tor Browser]: Setting Origin: null header still breaks CORS in Tor Browser 9.5

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #32865 [Applications/Tor Browser]: Setting Origin: null header still breaks CORS in Tor Browser 9.5
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 03 Jan 2020 10:49:04 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 Jan 2020 05:49:17 -0500
In-reply-to: <048.9e35a34c2df67e276d1ed4ff22d0606c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.9e35a34c2df67e276d1ed4ff22d0606c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#32865: Setting Origin: null header still breaks CORS in Tor Browser 9.5
--------------------------------------+--------------------------
 Reporter:  micahlee                  |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by alecmuffett):

 This strikes me as a farily fundamental question: Tor Browser in this
 instance is intentionally not following web standards behaviour in order
 to protect the "privacy of existence" / secrecy of given onion sites or
 pages. Questions for the TBB team include whether this non-standard
 behaviour will be plausibly copied (mandated?) in other browsers that
 implement onion networking, and how practical it is to assume that
 any/every onion site's threat model includes by-default privacy/secrecy,
 thereby breaking onions for (e.g.) TheIntercept and who knows whom else in
 future?

 Making broad assumptions of "intent" at layer 7, on the basis of layer 3,
 will continue to have unexpected consequences as Onion networking is more
 generally adopted.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32865#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #33076 [Metrics/Analysis]: Graph onionperf and consensus information from Rob's experiments
Next by Author: Re: [tor-bugs] #30917 [Core Tor/Tor]: Add instructions for making a new maint branch to EndOfLifeTor.md, and rename the file
Previous by thread: Re: [tor-bugs] #32865 [Applications/Tor Browser]: Setting Origin: null header still breaks CORS in Tor Browser 9.5
Next by thread: Re: [tor-bugs] #32865 [Applications/Tor Browser]: Setting Origin: null header still breaks CORS in Tor Browser 9.5
Index(es):
- Author
- Thread