[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Mar 1 07:27:01 UTC 2011
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: needs_review
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by mikeperry):
Woah, hold on here. Are you actually saying that this:
one.domain.tld/something → domain.tld (blank referrer)
domain.tld/something → one.domain.tld (blank referrer)
Because these exact cases are the only ones that *should ever* send a real
referer now. Are you saying they do not? Which cases do send a referer now
for you? Any? Something seems broken. Are you sure the scheme is the same
in your tests? Referers do *not* get sent by default between https and
http.
Re what "blank referrer" actually means, we chose to send the destination
url of the site because we feel that this is least likely to break things.
Some sites actually check the referrer and refuse to serve content if it
is not as expected. This is also why we might strip the prefix between
one.domain.tld and two.domain.tld, and possibly even .tld in a future
release, but only if people report breakage.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list