[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27280 [Applications/Tor Browser]: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on 8.0a9 / 8.0a10

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #27280 [Applications/Tor Browser]: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on 8.0a9 / 8.0a10
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 21 Sep 2018 13:50:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Sep 2018 09:51:11 -0400
In-reply-to: <052.f5c94c4ada9026913d8f7ce46254016e@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <052.f5c94c4ada9026913d8f7ce46254016e@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27280: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on
8.0a9 / 8.0a10
--------------------------------------+--------------------------
 Reporter:  cypherpunks3              |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ff60-esr                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks3):

 This problem doesn't happen when NoScript is disabled.

 What's happening is that basically NoScript blocks scripts by using the
 CSP, and HTTPS Everywhere does this as well using CSP so maybe there's
 some conflict. In any case this seems to happen even in the Standard
 security setting, so there may be something else.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27280#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #27638 [Internal Services/Service - git]: Move old repositories to attic
Next by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #26806, #27838, #27468, #27751, ...
Previous by thread: Re: [tor-bugs] #26747 [Core Tor/Tor]: Split main.c into mainloop and app portions
Next by thread: Re: [tor-bugs] #27280 [Applications/Tor Browser]: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on 8.0a9 / 8.0a10
Index(es):
- Author
- Thread