[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21361 [Applications/Tor Browser]: Enable browser APIs only allowed in secure contexts for NG HS

Subject: Re: [tor-bugs] #21361 [Applications/Tor Browser]: Enable browser APIs only allowed in secure contexts for NG HS
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 01 Feb 2017 12:41:03 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 01 Feb 2017 07:41:13 -0500
In-reply-to: <046.11d13bf6e94bdbd8a4467394a520bf47@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.11d13bf6e94bdbd8a4467394a520bf47@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21361: Enable browser APIs only allowed in secure contexts for NG HS
--------------------------------------+--------------------------
 Reporter:  legind                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 I agree with this in theory (even for non NGHS) - but what APIs are you
 specifically interested in?  I'm not sure if FF currently ships any such
 APIs that Tor Browser enables. For example: Web Bluetooth and EME we turn
 off; Service Workers is disabled in ESR also I believe. IS there any other
 such API? (In FF geolocation is not (yet?) required to be on a secure
 origin but of course we disable it.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21361#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #21506 [Core Tor/Tor]: Client with current microdesc consensus but no descriptors chooses down fallback every time
Next by Author: Re: [tor-bugs] #17598 [Core Tor/Tor]: Trace cell queue times in Tor to measure Tor application "congestion"
Previous by thread: Re: [tor-bugs] #21364 [Metrics/Atlas]: Remove flag label from tooltips
Next by thread: Re: [tor-bugs] #21361 [Applications/Tor Browser]: Enable browser APIs only allowed in secure contexts for NG HS
Index(es):
- Author
- Thread