[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
#20317: Key permissions by first-party domain instead of origin (proposal)
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
Here's a demo that works on Firefox (not Tor Browser, because we don't
have navigator.geolocation exposed).
First visit
https://torpat.ch/geolocate.html
And choose "Always Share Location" for torpat.ch.
Now visit
https://arthuredelstein.github.io/tordemos/geolocate.html
The iframe runs the same torpat.ch page to obtain location, and then uses
postMessage to send the location to the parent page, at
arthuredelstein.github.io.
(When you are done, be sure to revoke permissions to torpat.ch! :))
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20317#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs