[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9536 [EFF-HTTPS Everywhere]: Doesn't respect CSP policies

To: undisclosed-recipients:;
Subject: [tor-bugs] #9536 [EFF-HTTPS Everywhere]: Doesn't respect CSP policies
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 19 Aug 2013 16:55:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 19 Aug 2013 12:55:36 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9536: Doesn't respect CSP policies
----------------------------------+-----------------------------------------
 Reporter:  Erom2                 |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Assume a site pulls scripts from a CDN, like cdnjs.cloudflare.com using
 the http protocol, and has a script-src of "http://cdnjs.cloudflare.com";
 set in the Content-Security-Policy header.

 If a user with HTTPS Everywhere installed were to browse on the site, it
 would try to fetch the scripts using https, which is forbidden by the CSP
 header, thus breaking the site.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9536>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #1776 [Tor]: Allow regular relays to be used as bridges
Next by Author: Re: [tor-bugs] #9445 [Tor Launcher]: Include support for Pluggable Transports
Previous by thread: Re: [tor-bugs] #1776 [Tor]: Allow regular relays to be used as bridges
Next by thread: Re: [tor-bugs] #1776 [Tor]: Allow regular relays (if they have a dirport open) to be used as bridges (was: Allow regular relays to be used as bridges)
Index(es):
- Author
- Thread