[tbb-bugs] #15599 [Applications/Tor Browser]: Range requests used by pdfjs are not isolated to URL bar domain
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 29 18:30:14 UTC 2017
#15599: Range requests used by pdfjs are not isolated to URL bar domain
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
And its OCSP requests too:
{{{
[05-29 18:16:40] Torbutton INFO: tor SOCKS: http://ocsp.usertrust.com/ via
--unknown--:acc796c227a065d5b876d251f00beb87
}}}
Replying to [ticket:15599 gk]:
> Works even in a third party context with
https://people.torproject.org/~gk/misc/range-request-test.html (your
security slider level needs to be below medium-high in this case).
{{{
Security Error: Content at
https://kpdyer.com/publications/usenix2014-fte.pdf#disableRange=true may
not load data from https://people.torproject.org/~gk/misc/range-request-
test.html.
Load denied by X-Frame-Options:
https://kpdyer.com/publications/usenix2014-fte.pdf#disableRange=true does
not permit cross-origin framing. (unknown)
}}}
Hrm, does PDF.js support Private Browsing Mode?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15599#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list