[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8292 [Firefox Patch Issues]: Alter behavior of getFirstPartyURI and consumers

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8292 [Firefox Patch Issues]: Alter behavior of getFirstPartyURI and consumers
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 04 Jun 2013 15:48:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Jun 2013 11:48:56 -0400
In-reply-to: <049.c142e64c74b80a707c1b497b55dc3f8d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.c142e64c74b80a707c1b497b55dc3f8d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8292: Alter behavior of getFirstPartyURI and consumers
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry
     Type:  enhancement           |         Status:  new      
 Priority:  major                 |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:  tbb-linkability       |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------

Comment(by brade):

 Replying to [comment:4 mikeperry]:
 > Yes, I think it is fine to not log for trusted schemes, though we might
 want to give them a unique pseudo-host based on their scheme for purposes
 of cache isolation just in case.

 OK, here is a proposal:

 1) Change getFirstPartyURI() to fail and log for all schemes that lack a
 host that we do not specifically "whitelist" (so schemes like chrome: and
 about: would not cause a failure but data: and javascript: would).

 2) Add the following function to centralize generation of the pseudo hosts
 (this would be used to by the image loader, DOM storage, etc. to generate
 cache keys):
 {{{
   /**
    * getFirstPartyHostForIsolation
    *
    * Obtain the host or pseudo-host for aFirstPartyURI.  Some examples:
    *    aFirstPartyURI                         Return Value
    *    --------------                         ------------
    *    https://news.google.com/nwshp?hl=en    "news.google.com"
    *    about:home                             "--NoFirstParty-
 abouthome--"
    *    chrome://browser/skin/Toolbar.png      "--NoFirstParty-chrome--"
    *    data:image/png;base64,AAABAA...        <error thrown>
    *
    * @param aFirstPartyURI
    *        The first party URI.
    *
    * @return host or pseudo host.
    *
    * @throws if the URI lacks a host and the scheme is not one for which
    *         we generate a pseudo host.
    */
   AUTF8String getFirstPartyHostForIsolation(in nsIURI aFirstPartyURI);
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8292#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #9016 [- Select a component]: [meta] Can't reset password on trac
Next by Author: [tor-bugs] #9017 [Tor]: Crash in assert_connection_ok
Previous by thread: [tor-bugs] #9016 [- Select a component]: [meta] Can't reset password on trac
Next by thread: Re: [tor-bugs] #8292 [Firefox Patch Issues]: Alter behavior of getFirstPartyURI and consumers
Index(es):
- Author
- Thread