[tbb-bugs] #15933 [Tor Browser]: Circuit Isolation in Tor Browser 4.5 breaks File Host sites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 7 19:49:10 UTC 2015
#15933: Circuit Isolation in Tor Browser 4.5 breaks File Host sites
-------------------------+-------------------------------------------------
Reporter: maxim | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-torbutton, tbb-usability-
Resolution: | website, tbb-4.5-regression
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
It looks like almost every use of ThirdPartyUtil::GetFirstParty*
ultimately converts the URI to a hostname using
ThirdPartyUtil::GetFirstPartyHostForIsolation().
I only noticed two cases where we don't do this: In the HTTP auth
stripping check, and in the canvas permissions.
This means we should be able to make a simple patch to add TLD isolation
in ThirdPartyUtil::GetFirstPartyHostForIsolation() using Mozilla's
existing urlbar formatting logic. I will see if I can produce a simple
patch for this today.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15933#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list