Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits:
-
90df17da
by Richard Pospesel at 2023-02-15T13:37:32+00:00
-
a697a2c0
by Richard Pospesel at 2023-02-15T13:38:06+00:00
2 changed files:
Changes:
| ... | ... | @@ -38,9 +38,6 @@ pref("dom.securecontext.allowlist_onions", true); |
| 38 | 38 | // Disable HTTPS-Only mode for .onion domains (tor-browser#19850)
|
| 39 | 39 | pref("dom.security.https_only_mode.upgrade_onion", false);
|
| 40 | 40 | |
| 41 | -// tor-browser#22320: Hide referer when comming from a .onion address
|
|
| 42 | -pref("network.http.referer.hideOnionSource", true);
|
|
| 43 | - |
|
| 44 | 41 | // Bug 40423/41137: Disable http/3
|
| 45 | 42 | // We should re-enable it as soon as Tor gets UDP support
|
| 46 | 43 | pref("network.http.http3.enabled", false);
|
| ... | ... | @@ -68,6 +68,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); |
| 68 | 68 | pref("dom.security.https_only_mode", true);
|
| 69 | 69 | pref("dom.security.https_only_mode_pbm", true);
|
| 70 | 70 | |
| 71 | +// tor-browser#22320: Hide referer when comming from a .onion address
|
|
| 72 | +// We enable this here (rather than in Tor Browser) in case users of other
|
|
| 73 | +// base-browser derived browsers configure it to use a system Tor daemon
|
|
| 74 | +// to visit onion services.
|
|
| 75 | +pref("network.http.referer.hideOnionSource", true);
|
|
| 76 | + |
|
| 71 | 77 | // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 )
|
| 72 | 78 | // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
|
| 73 | 79 | // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
|