[tor-bugs] #7491 [- Select a component]: We sometimes flag cookies as "secure" even though they are from HTTP origins
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 15 23:18:33 UTC 2012
#7491: We sometimes flag cookies as "secure" even though they are from HTTP
origins
----------------------------------+-----------------------------------------
Reporter: pde | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: - Select a component | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
While investigating [https://mail1.eff.org/pipermail/https-everywhere-
rules/2012-November/001397.html this bug report] I realised that HTTPS
Everywhere will actually flag cookies as secure from within HTTP-only
pages/origins. Needless to say, this can interact very badly with
*.example.com target host rules!
This is something we [https://gitweb.torproject.org/https-
everywhere.git/blob/3.0.4:/src/chrome/content/code/HTTPS.js#l214
explicitly avoid] in the [https://gitweb.torproject.org/https-
everywhere.git/blob/3.0.4:/src/components/https-everywhere.js#l442
handleSecureCookies() path] that deals with cookies set in HTTP headers.
But we have [https://gitweb.torproject.org/https-
everywhere.git/blob/3.0.4:/src/components/https-everywhere.js#l448 another
path] which I think was added to fix #3766 which does not perform the same
check.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7491>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list