[tbb-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 6 23:01:40 UTC 2015

#9623: Referers being sent from hidden service websites
     Reporter:           |      Owner:  tbb-team
  cypherpunks            |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-torbutton, tbb-security,
  Browser                |  TorBrowserTeam201510R
   Resolution:           |  Parent ID:
Actual Points:           |    Sponsor:
       Points:           |

Comment (by teor):

 Replying to [comment:28 zyan]:
 > Will fix. On further thought, maybe just get rid of the pref entirely
 until #17228? I can't think of an immediate use case where one would want
 to enable cross-origin onion referrers.

 Onion-sites using sub-onions to host (static) content.
 Or the onion-per-role design that Facebook (and perhaps other sites) use
 (I think it's upload, static, and dynamic).

 Perhaps we could send an email to tor-dev before we decide whether we need
 a preference?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list