[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21728 [Applications/Tor Browser]: Features that are made "HTTPS-only" should be available on .onion sites as well

Subject: Re: [tor-bugs] #21728 [Applications/Tor Browser]: Features that are made "HTTPS-only" should be available on .onion sites as well
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 17 Mar 2017 10:59:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 17 Mar 2017 06:59:26 -0400
In-reply-to: <042.60d00906b4c17e0da7ee4df450551a2f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.60d00906b4c17e0da7ee4df450551a2f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21728: Features that are made "HTTPS-only" should be available on .onion sites as
well
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:1 yawning]:
 > Can this be made opt-in?  I don't really think Tor Browser should
 support any of the APIs that require Secure Contexts in the first place,
 even with HTTPS...
 >
 > https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

 If it turns out to be the case that we think an API is to be disabled in
 an HTTPS context it won't be available on .onion sites either. This bug is
 more about stopping to bind `isSecureContext` to HTTPS.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21728#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #21728 [Applications/Tor Browser]: Features that are made "HTTPS-only" should be available on .onion sites as well
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21753 [Applications/Tor Browser]: Get rid of old GCC toolchain in pluggable transports macOS descriptor
Next by Author: Re: [tor-bugs] #21334 [Core Tor/Tor]: prop224: Update prop224 HS desriptor generation code to produce the latest descriptor format
Previous by thread: Re: [tor-bugs] #21728 [Applications/Tor Browser]: Features that are made "HTTPS-only" should be available on .onion sites as well
Next by thread: Re: [tor-bugs] #16861 [Core Tor/Tor]: Pad Tor connections to collapse netflow records
Index(es):
- Author
- Thread