[tbb-bugs] #21396 [Applications/Tor Browser]: Torbutton breaks Session Manager addon
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 9 10:44:35 UTC 2017
#21396: Torbutton breaks Session Manager addon
-------------------------------------------------+-------------------------
Reporter: HolD | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-6.5-regression, | Actual Points:
TorBrowserTeam201702, GeorgKoppen201702 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* cc: lnl (added)
Comment:
Replying to [comment:7 yawning]:
> Replying to [comment:6 gk]:
> > Session Manager does not like it that
`chrome://sessionmanager/locale/sessionmanager.dtd` and
`chrome://sessionmanager/locale/options.dtd` are blocked by our fix for
#8725. Things like `&toolbar.tooltip` need to be available for content
after the first installation. HolD: does adding the toolbar buttons
manually to the toolbar work for you?
>
> What's the origin URI when the requests make it to the content policy?
If this is one of the cases where `aRequestOrigin` can basically be
anything, the only way to solve this would be to whitelist the relevant
URIs. Note that, doing so will make it trivial for sites to fingerprint
if the addon is present or not (then again, people installing extra
addons/plugins void the non-existent warranty in the first place).
`moz-nullprincipal:{1f22744b-c4db-41b6-8d6e-3d06c176578e}`. Looking at the
docs it seems like checking for that one would be okay. But this is not a
solution that scales well. I wonder if we should just add a preference
`extensions.torbutton_resource_and_chrome_uri_fingerprinting` and set that
to `false` by default allowing users to override it and to disable the
content policy hack. Maybe UX folks have an idea.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21396#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list