[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch

Subject: Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Jul 2014 21:27:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Jul 2014 17:27:24 -0400
In-reply-to: <049.c44714db47217319ab0938e9a72d120d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.c44714db47217319ab0938e9a72d120d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#3246: Apply third party cookie patch
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  enhancement          |     Status:  new
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  backport-to-mozilla,
   Resolution:                       |  tbb-linkability, tbb-usability-
Actual Points:                       |  website, tbb-bounty,
       Points:                       |  TorBrowserTeam201407
                                     |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by michael):

 Replying to [comment:23 gk]:
 > Replying to [comment:22 michael]:
 > > The desired outcome from patch application is to interpret double
 keyed cookies as first party when they refer to foreign hosts but
 originate from content associated with the domain of the 'URL bar.'
 > >
 > > This allows us to forego changing cookie policy to 'accept all cookies
 by default' and instead keep it to 'only accept from the originating site
 (block third party cookies)' while transmitting double key matched cookies
 to foreign hosts.
 >
 > The cookie from facebook.com is still a third party cookie even if we
 bind it to the URL bar. So, my initial feeling is that we should have the
 option "Allow all cookies" checked (we want to allow all of them but need
 to bind the third party ones to the URL bar domain (too)) as we want the
 ones from other domains, too. That said, the logic governing whatever
 option we choose should be, of course, the double-keying logic.

 The outcome of our different approaches is equivalent. I like your idea
 best, to set "Allow all cookies" but still reject third party cookies not
 associated with the URL bar domain. By the way, looks like the (presently
 defective) code to test this is in
 netwerk/cookie/nsCookieService.cpp:nsCookieService::CheckPrefs().

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3246#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching
Next by Author: [tor-bugs] #12509 [Tor]: Really weird.
Previous by thread: Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch
Next by thread: Re: [tor-bugs] #3246 [Firefox Patch Issues]: Apply third party cookie patch
Index(es):
- Author
- Thread