[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #34305 [Applications/Tor Browser]: NoScript inconsistent behaviour in Firefox 77 (currently beta)
#34305: NoScript inconsistent behaviour in Firefox 77 (currently beta)
-------------------------------------------------+-------------------------
Reporter: acat | Owner: acat
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: noscript TorBrowserTeam202005, | Actual Points:
ff78-esr |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
Sorry for the late answer, but I was unable to comment (the textarea was
missing).
As correctly guessed by acat, the culprit isan implementation detail of
https://bugzilla.mozilla.org/show_bug.cgi?id=1462989 (a webRequest
listener can only either delete or merge CSP headers now, not both in the
same callback), which combined to the fact CSP headers injected by
extensions get cached by the browser and automatically reinserted in
cached responses, can cause all sorts of confusions when policies change
without cache-purging reloads.
The (quite annoying, but effective) work-around is uniquely "tagging"
NoScript's CSP headers, to not interfere with page's own policies or other
extensions (something NoScript already did) and registering a second
auxiliary listener which just does the cleanup by removing the previously
cached CSP headers.
I hope to release a development build containing this work-around later
today or tomorrow, and a stable AMO auto-update within this week.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34305#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs