[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7491 [- Select a component]: We sometimes flag cookies as "secure" even though they are from HTTP origins



#7491: We sometimes flag cookies as "secure" even though they are from HTTP
origins
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  mikeperry
     Type:  defect                |         Status:  new      
 Priority:  critical              |      Milestone:           
Component:  - Select a component  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------
 While investigating [https://mail1.eff.org/pipermail/https-everywhere-
 rules/2012-November/001397.html this bug report] I realised that HTTPS
 Everywhere will actually flag cookies as secure from within HTTP-only
 pages/origins.  Needless to say, this can interact very badly with
 *.example.com target host rules!

 This is something we [https://gitweb.torproject.org/https-
 everywhere.git/blob/3.0.4:/src/chrome/content/code/HTTPS.js#l214
 explicitly avoid] in the [https://gitweb.torproject.org/https-
 everywhere.git/blob/3.0.4:/src/components/https-everywhere.js#l442
 handleSecureCookies() path] that deals with cookies set in HTTP headers.

 But we have [https://gitweb.torproject.org/https-
 everywhere.git/blob/3.0.4:/src/components/https-everywhere.js#l448 another
 path] which I think was added to fix #3766 which does not perform the same
 check.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7491>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs