[tbb-bugs] #16919 [Tor Browser]: Why is HTTP_REFERER enabled?

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 28 15:56:37 UTC 2015


#16919: Why is HTTP_REFERER enabled?
-----------------------------+----------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------

Comment (by someone_else):

 While disabling HTTP_REFERER may be impractical due to some sites
 breaking, it would make sense to block it for links opened in new tabs.
 Most users likely expect that they won't be tracked to a new tab given the
 circuit isolation TBB has now.

 Proposed patch for tor-browser to disable referer passing for links opened
 in new tabs:

 {{{
 --- a/browser/base/content/utilityOverlay.js
 +++ b/browser/base/content/utilityOverlay.js
 @@ -358,7 +358,7 @@ function openLinkIn(url, where, params) {
    case "tab":
      w.gBrowser.loadOneTab(url, {
        referrerURI: aReferrerURI,
 -      referrerPolicy: aReferrerPolicy,
 +      referrerPolicy:
 Components.interfaces.nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
        charset: aCharset,
        postData: aPostData,
        inBackground: loadInBackground,
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16919#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list