Re: [tor-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#9623: Referers being sent from hidden service websites
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  cypherpunks            |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-torbutton, tbb-security,
  Browser                |  TorBrowserTeam201510R
   Resolution:           |  Parent ID:
Actual Points:           |    Sponsor:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 Here are a couple of thoughts:

 1) I think all the general referrer related logic should not be included
 in this patch. Just the .onion related one (as this ticket is only about
 this and all the bikeshedding should go into #17228) and a pref, say
 `extensions.torbutton.disable_onion_referrer`, which governs
 enabling/disabling this feature

 2) This code is called quite often and thus we should try to make it a bit
 more efficient IMO. E.g. there is no need to do
 {{{
 var prefs = Components.classes["@mozilla.org/preferences-
 service;1"].getService(Components.interfaces.nsIPrefBranch);
 }}}
 every time `http-on-modify-request` gets triggered

 3) I wonder why we need the tor_enabled check. What is its purpose in this
 patch?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs