[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #22320 [Applications/Tor Browser]: Referrer not hidden when comming from a .onion address
#22320: Referrer not hidden when comming from a .onion address
------------------------------------------+----------------------
Reporter: pege | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
In TorBroswer 7.0a4, when leaving a .onion page for a clearnet page, the
.onion address is sent as referrer.
This should not be the case and has originally been disabled with
[https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-
browser-45.8.0esr-6.5-2&id=09188cb14dfaa8ac22f687c978166c7bd171b576 this
commit] and appears to have been
[https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 uplifted to Firefox]
since. The `network.http.referer.hideOnionSource` preference is set to
`true` but seems to have no effect.
Steps to reproduce:
1. Go to [https://3g2upl4pq6kufc4m.onion/ duckduckgo's onion page]
2. enter any search term
3. click on one of the result
4. open the inspector observe the .onion referrer being send to the target
page
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22320>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs