[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #27885 [- Select a component]: Use sane about:config value: network.http.referer.XOriginTrimmingPolicy = 2



#27885: Use sane about:config value: network.http.referer.XOriginTrimmingPolicy = 2
-------------------------+--------------------------------------
 Reporter:  floweb       |          Owner:  (none)
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Component:  - Select a component
  Version:               |       Severity:  Normal
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+--------------------------------------
 While reading through various about:config security hardening guides, I
 found several bad default values for the Tor Browser:

 - network.http.referer.XOriginTrimmingPolicy = 2
   - When sending Referer across origins, only send scheme, host, and port
 in the Referer header of cross-origin requests. Source
     - 0 = Send full url in Referer
     - 1 = Send url without query string in Referer
     - 2 = Only send scheme, host, and port in Referer

 (This issue was split from
 https://trac.torproject.org/projects/tor/ticket/27059)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27885>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs