[tbb-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 23 21:38:51 UTC 2016


#18996: Investigate server logging in ESR45
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ff45-esr                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 Replying to [comment:4 mcs]:
 > When the prefs are disabled, does the browser still parse the data sent
 in the X-ChromeLogger-Data headers? I don't think this feature raises an
 obvious security or privacy issue, but it would be bad to leave server
 logging enabled if it turns out that there is a bug in how the JSON data
 is parsed or presented.

 Good question. I added a `dump` statement to the part of the code where
 the "X-ChromeLogger-Data" header value is parsed. I was able to manually
 confirm that this code is not called except when "Server" logging is
 enabled (through the button in the devtools UI, or in the prefs). Here's
 my test code in case anyone is interested:

 https://github.com/arthuredelstein/tor-browser/commit/18996

 (Note this patch is for testing purposes only.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18996#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list