[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32549 [Applications/Tor Browser]: NoScript makes requests to sync-messages.invalid



#32549: NoScript makes requests to sync-messages.invalid
--------------------------------------+-----------------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  noscript                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by ma1):

 Replying to [comment:8 cypherpunks]:
 > Looks like `noscript-csp.invalid` is still interfering/messing with CSP:
 > {{{
 > [11-22 09:47:42] Torbutton INFO: tor SOCKS: https://noscript-
 csp.invalid/__NoScript_Probe__/ via
 >                        torproject.org:602f1e2c568ce366b5800e14a4383d41
 > Content Security Policy: The page’s settings blocked the loading of a
 resource at https://blog.torproject.org/sites/default/files/js/js.js
 (“script-src”).
 > }}}
 No interfering/messing here.
 That's the intended behavior. It's used to intercept and take note of any
 CSP violation in order to buy the UI when it's time (and again, these CSP
 reports won't reach the network anyway).
 This is likely going to be replaced with a securitypolicyviolation in the
 content script, now that's available on ESR as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32549#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs