[tor-bugs] #2098 [Website]: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 21 09:17:03 UTC 2010
#2098: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP
---------------------+------------------------------------------------------
Reporter: rransom | Owner: phobos
Type: defect | Status: new
Priority: major | Milestone:
Component: Website | Version:
Keywords: | Parent:
---------------------+------------------------------------------------------
Both the `trac_auth` and `trac_form_token` cookies are described in
Firefox's ‘Cookies’ dialog as “Send For: Any type of connection”. The Tor
Project should not do this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2098>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list