[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 1 07:27:01 UTC 2011


#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
 Reporter:  T(A)ILS developers                                     |          Owner:  mikeperry     
     Type:  defect                                                 |         Status:  needs_review  
 Priority:  blocker                                                |      Milestone:  Torbutton: 1.3
Component:  Torbutton                                              |        Version:  Torbutton: 1.3
 Keywords:  TorbuttonIteration20110305 MikePerryIteration20110305  |         Parent:                
   Points:  6                                                      |   Actualpoints:                
-------------------------------------------------------------------+--------

Comment(by mikeperry):

 Woah, hold on here. Are you actually saying that this:

 one.domain.tld/something → domain.tld (blank referrer)
 domain.tld/something → one.domain.tld (blank referrer)

 Because these exact cases are the only ones that *should ever* send a real
 referer now. Are you saying they do not? Which cases do send a referer now
 for you? Any? Something seems broken. Are you sure the scheme is the same
 in your tests? Referers do *not* get sent by default between https and
 http.


 Re what "blank referrer" actually means, we chose to send the destination
 url of the site because we feel that this is least likely to break things.
 Some sites actually check the referrer and refuse to serve content if it
 is not as expected. This is also why we might strip the prefix between
 one.domain.tld and two.domain.tld, and possibly even .tld in a future
 release, but only if people report breakage.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list