[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21361 [Applications/Tor Browser]: Enable browser APIs only allowed in secure contexts for NG HS



#21361: Enable browser APIs only allowed in secure contexts for NG HS
--------------------------------------+--------------------------
 Reporter:  legind                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 I agree with this in theory (even for non NGHS) - but what APIs are you
 specifically interested in?  I'm not sure if FF currently ships any such
 APIs that Tor Browser enables. For example: Web Bluetooth and EME we turn
 off; Service Workers is disabled in ESR also I believe. IS there any other
 such API? (In FF geolocation is not (yet?) required to be on a secure
 origin but of course we disable it.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21361#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs