[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites
#9623: Referers being sent from hidden service websites
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: needs_revision
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-torbutton, tbb-security,
Browser | TorBrowserTeam201510
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Comment (by zyan):
Replying to [comment:20 cypherpunks]:
> Replying to [comment:19 zyan]:
> > Replying to [comment:13 cypherpunks]:
> > > I found this comment to be interesting https://addons.mozilla.org
/en-us/firefox/addon/smart-referer/reviews/570470/
> > >
> > > Looks like setting about:config's
network.http.referer.XOriginPolicy;1 may solve this problem without any
further action needed, maybe the torbrowser dev team can look into that.
> >
> > I think that would affect all origins, not just .onion origins, which
is probably not what we want. I usually browse with referrer disabled and
I find that it occasionally breaks things.
>
> Is occasionally breaking things not worth the security tradeoff?
It might be, but this ticket is about .onion behavior, not general
referrer behavior in TBB. Worth a separate ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs