[tbb-bugs] #20754 [Applications/Tor Browser]: gmail.com and youtube.com aren't obeying first-party isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 24 04:00:03 UTC 2016
#20754: gmail.com and youtube.com aren't obeying first-party isolation
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by arthuredelstein):
When I log into gmail, I can see with the Network Monitor that several 302
redirects occur before we finally reach a 200 response at mail.google.com.
One of these redirects is at account.youtube.com, and it includes a Set-
Cookie header:
[[Image(gmail_redirects.png)]]
It's clear that 302 redirects are Google's way of ensuring that when you
log into gmail, you are also logged into youtube.
This clearly looks like another case of #14085.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20754#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list