[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: needs_review
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by T(A)ILS developers):
Hi Mike,
I like this version better. The smartspoof now behaves as expected while
doing:
one.domain.tld/something â domain.tld (blank referrer)
domain.tld/something â one.domain.tld (blank referrer)
I'm fine with removing the the special case for www.
I guess now we'll have to find an agreement on what  not sending the
referrer  means, as I said before in comment 16. Because the  intuitive
sense  you advocated in comment 15 doesn't seem clear to me. But again I
don't consider that a major security issue. Maybe it's personal taste as I
usually prefer not saying anything instead of lying ;)
By the way, in the nospoof configuration we're still not sending the
referrer in most of the cases. It's a status quo from my first report:
domain.tld â one.domain.tld (blank referrer)
google.com â domain.tld (blank referrer)
www.domain.tld â domain.tld (blank referrer)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs