[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27280 [Applications/Tor Browser]: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on 8.0a9 / 8.0a10



#27280: HTTPS Everywhere upgrade-insecure-header injection appears to be broken on
8.0a9 / 8.0a10
--------------------------------------+--------------------------
 Reporter:  cypherpunks3              |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ff60-esr                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks3):

 This problem doesn't happen when NoScript is disabled.

 What's happening is that basically NoScript blocks scripts by using the
 CSP, and HTTPS Everywhere does this as well using CSP so maybe there's
 some conflict. In any case this seems to happen even in the Standard
 security setting, so there may be something else.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27280#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs