[tor-bugs] #7491 [EFF-HTTPS Everywhere]: We sometimes flag cookies as "secure" even though they are from HTTP origins
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 16 00:09:27 UTC 2012
#7491: We sometimes flag cookies as "secure" even though they are from HTTP
origins
----------------------------------+-----------------------------------------
Reporter: pde | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by pde):
It looks as though we may not be able to get a reference to the document
or window from within the cookie-changed observer. In which case perhaps
the best we can do is before securing a cookie for foo.example.com, ask
whether we would have rewritten http://foo.example.com to https (and also
that it isn't in our redirects-back-to-HTTP blacklist).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7491#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list