[tbb-bugs] #18080 [Tor Browser]: Do not strip the Access-Control-Allow-Origin header
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 19 17:58:08 UTC 2016
#18080: Do not strip the Access-Control-Allow-Origin header
-------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+-----------------------------------
Comment (by cypherpunks):
Replying to [comment:1 gk]:
> Hrm. I tried a bit and looked at our code but did not see anything
obvious. Steps for reproducing would be really helpful here.
I cannot reproduce it reliably but it happens sometimes with the following
steps.
1. Go to [https://onionoo.torproject.org/summary?limit=1].
2. Open Firefox Developer Tools.
3. Go to the Network tab.
4. Refresh the page with F5.
5. Look at the response headers of the first (and only) request.
6. If the Access-Control-Allow-Origin header is '''not''' missing, go to
step 4.
After 3-5 refreshes the header disappears. However, it can also reappear
and disappear again with subsequent refreshes.
FWIW I'm using Tor Browser 5.0.7.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18080#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list