[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 6 14:06:09 UTC 2015

#9623: Referers being sent from hidden service websites
     Reporter:           |      Owner:  tbb-team
  cypherpunks            |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-torbutton, tbb-security,
  Browser                |  TorBrowserTeam201510R
   Resolution:           |  Parent ID:
Actual Points:           |    Sponsor:
       Points:           |
Changes (by gk):

 * status:  needs_review => needs_revision


 Here are a couple of thoughts:

 1) I think all the general referrer related logic should not be included
 in this patch. Just the .onion related one (as this ticket is only about
 this and all the bikeshedding should go into #17228) and a pref, say
 `extensions.torbutton.disable_onion_referrer`, which governs
 enabling/disabling this feature

 2) This code is called quite often and thus we should try to make it a bit
 more efficient IMO. E.g. there is no need to do
 var prefs = Components.classes["@mozilla.org/preferences-
 every time `http-on-modify-request` gets triggered

 3) I wonder why we need the tor_enabled check. What is its purpose in this

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list