[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

[Tor Bug Tracker & Wiki]

#9623: Referers being sent from hidden service websites
-----------------------------+----------------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  needs_revision
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-torbutton
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+----------------------------

Comment (by teor):

 Can we add the following behaviour to the security slider:
 * High-ish: Never send referrers to any cross-origin sites
 * Low-ish, or maybe default: don't send referrers containing .onion
 addresses to cross-origin sites

 I can't imagine any use case for cross-origin .onion referrers that
 outweighs the security risks. But some users might want their clearnet
 sites that depend on cross-origin referrers to keep working.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online