[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton

Subject: Re: [tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 14 Sep 2016 21:15:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Sep 2016 17:16:01 -0400
In-reply-to: <042.b4c4dd52e72121eb21022c5e1247ad29@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.b4c4dd52e72121eb21022c5e1247ad29@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17334: Move Referrer spoofing for .onion domains out of Torbutton
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:
                                                 |  arthuredelstein
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-torbutton-conversion,            |  Actual Points:
  TorBrowserTeam201609R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorU
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 Replying to [comment:8 mcs]:
 > Kathy and I reviewed this and it looks OK. We did not build and run the
 code. How much testing have you done?

 More now. :) I have set up a hidden site that lets us test this feature
 manually:
 http://5oyaubgz5hqruonh.onion/test17334.html

 If you apply only the torbutton patch in comment:5, then referrer spoofing
 is disabled. But if you apply the tor-browser.git patch as well, then
 spoofing works again.

 It would be nice to write an automated test, but I'm not sure what the
 best approach is, as we need to be able to simulate an onion site or
 connect to a real one.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17334#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #20077 [Core Tor/Tor]: Make is_sensitive_dir_purpose and purpose_needs_anonymity consistent
Next by Author: Re: [tor-bugs] #17879 [Applications/Tor Browser]: Activating the Flash Player is not working anymore since Tor Browser 5.0.5
Previous by thread: Re: [tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton
Next by thread: Re: [tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton
Index(es):
- Author
- Thread