Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits:
-
926c3f33
by Richard Pospesel at 2023-02-15T13:54:12+00:00
1 changed file:
Changes:
| ... | ... | @@ -68,6 +68,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); |
| 68 | 68 | pref("dom.security.https_only_mode", true);
|
| 69 | 69 | pref("dom.security.https_only_mode_pbm", true);
|
| 70 | 70 | |
| 71 | +// tor-browser#22320: Hide referer when comming from a .onion address
|
|
| 72 | +// We enable this here (rather than in Tor Browser) in case users of other
|
|
| 73 | +// base-browser derived browsers configure it to use a system Tor daemon
|
|
| 74 | +// to visit onion services.
|
|
| 75 | +pref("network.http.referer.hideOnionSource", true);
|
|
| 76 | + |
|
| 71 | 77 | // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 )
|
| 72 | 78 | // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
|
| 73 | 79 | // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
|