[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16893 [Ooni]: ADINA15 Registration Error

Subject: Re: [tor-bugs] #16893 [Ooni]: ADINA15 Registration Error
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 25 Aug 2015 14:45:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Aug 2015 10:45:39 -0400
In-reply-to: <044.6fb22459defa92eba5cff8ed18b21b92@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.6fb22459defa92eba5cff8ed18b21b92@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16893: ADINA15 Registration Error
------------------------+----------------------
     Reporter:  poly    |      Owner:  hellais
         Type:  defect  |     Status:  reopened
     Priority:  normal  |  Milestone:
    Component:  Ooni    |    Version:
   Resolution:          |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------

Comment (by hellais):

 So I have figured out what is going on here. This bug is something that
 only happens when the browser is configured to disallow third-party
 cookies (this is the case in Tor Browser Firefox, but not the default in
 most browser settings).

 Given the fact that we want to have SSL on the endpoint accepting the XHR
 request and given the fact that we can't host dynamic content on
 ooni.torproject.org we have two options to overcome this:

 1) Suggest TBB users to do the registration after having temporarily re-
 enabled third-party cookies (see attached screenshot for details on how to
 do that)

 2) Implement an alternative method for authentication that does not rely
 on cookies. There is some documentation for strongloop on how to do this
 (https://docs.strongloop.com/display/public/LB/Making+authenticated+requests
 #Makingauthenticatedrequests-Makingauthenticatedrequestswithaccesstokens)
 and we have implemented this in the past in GlobaLeaks with angular.js so
 it should be possible to implement this.

 Pull requests implementing either the informative text explaining how to
 workaround the issue or one implementing header based authentication are
 more than welcome.

 I don't think I can commit to implementing either of these any time soon
 though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16893#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16893 [Ooni]: ADINA15 Registration Error
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #16895 [Tor]: allow Tor to parse bridge information copied and pasted verbatim from bridges.torproject.org
Next by Author: Re: [tor-bugs] #16775 [Tor Browser]: about:preferences is broken with security slider set to "High"
Previous by thread: Re: [tor-bugs] #16893 [Ooni]: ADINA15 Registration Error
Next by thread: Re: [tor-bugs] #16893 [Ooni]: ADINA15 Registration Error
Index(es):
- Author
- Thread