[tbb-bugs] #18080 [Tor Browser]: Do not strip the Access-Control-Allow-Origin header
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 19 22:23:01 UTC 2016
#18080: Do not strip the Access-Control-Allow-Origin header
-------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+-----------------------------------
Comment (by cypherpunks):
The steps to reproduce this issue reliably are now
1. Go to [https://onionoo.torproject.org/summary?limit=1].
2. Open the Firefox Developer Tools window.
3. Go to the Network tab.
4. Use a new Tor circuit for the page.
5. The Access-Control-Allow-Origin header should now be among the response
headers of the first shown request.
6. Refresh the page with F5.
7. The Access-Control-Allow-Origin header isn't among the response headers
of the first shown request anymore.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18080#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list