[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation

Subject: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 07 May 2015 23:34:39 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 May 2015 19:35:13 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15954: Canvas permission and HTTP auth still use FQDN isolation
-----------------------------------+--------------------------
 Reporter:  mikeperry              |          Owner:  tbb-team
     Type:  defect                 |         Status:  new
 Priority:  normal                 |      Milestone:
Component:  Tor Browser            |        Version:
 Keywords:  tbb-usability-website  |  Actual Points:
Parent ID:                         |         Points:
-----------------------------------+--------------------------
 In #15933, we relaxed our domain isolation to use TLD instead of FQDN,
 because FQDN isolation was breaking several sites. However, the HTTP auth
 and the canvas permissions were not using the same
 ThirdPartyUtil::GetFirstPartyHostForIsolation() API as everything else
 was.

 We should fix their behavior to use TLD isolation for consistency. I bet
 some sites will still break due to FQDN isolated HTTP auth in particular..

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15954>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15933 [Tor Browser]: Relax domain isolation to use TLD instead of FQDN (was: Circuit Isolation in Tor Browser 4.5 breaks File Host sites)
Next by Author: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Previous by thread: Re: [tor-bugs] #15953 [Tor Browser]: Weird resizing dance on Tor Browser startup
Next by thread: Re: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
Index(es):
- Author
- Thread