[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 3 17:29:36 UTC 2015

#9623: Referers being sent from hidden service websites
     Reporter:           |      Owner:  tbb-team
  cypherpunks            |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-torbutton, tbb-security,
  Browser                |  TorBrowserTeam201510
   Resolution:           |  Parent ID:
Actual Points:           |    Sponsor:
       Points:           |

Comment (by zyan):

 Replying to [comment:20 cypherpunks]:
 > Replying to [comment:19 zyan]:
 > > Replying to [comment:13 cypherpunks]:
 > > > I found this comment to be interesting https://addons.mozilla.org
 > > >
 > > > Looks like setting about:config's
 network.http.referer.XOriginPolicy;1 may solve this problem without any
 further action needed, maybe the torbrowser dev team can look into that.
 > >
 > > I think that would affect all origins, not just .onion origins, which
 is probably not what we want. I usually browse with referrer disabled and
 I find that it occasionally breaks things.
 > Is occasionally breaking things not worth the security tradeoff?

 It might be, but this ticket is about .onion behavior, not general
 referrer behavior in TBB. Worth a separate ticket.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list