[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 3 08:52:23 UTC 2015

#9623: Referers being sent from hidden service websites
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  needs_revision
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-torbutton
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:

Comment (by cypherpunks):

 Replying to [comment:19 zyan]:
 > Replying to [comment:13 cypherpunks]:
 > > I found this comment to be interesting https://addons.mozilla.org/en-
 > >
 > > Looks like setting about:config's network.http.referer.XOriginPolicy;1
 may solve this problem without any further action needed, maybe the
 torbrowser dev team can look into that.
 > I think that would affect all origins, not just .onion origins, which is
 probably not what we want. I usually browse with referrer disabled and I
 find that it occasionally breaks things.

 Is occasionally breaking things not worth the security tradeoff?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list