[tor-bugs] #12146 [meek]: Firefox meek-http-helper leaks Host header in CONNECT requests
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 28 18:13:04 UTC 2014
#12146: Firefox meek-http-helper leaks Host header in CONNECT requests
------------------------+--------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: major | Milestone:
Component: meek | Version:
Resolution: | Keywords:
Actual Points: | Parent ID: #10935
Points: |
------------------------+--------------------
Comment (by dcf):
Here's where firefox is peeking into the tunneled request in order to copy
the Host to the proxy request.
https://gitweb.torproject.org/tor-
browser.git/blob/90a58a42063dcd56e29435656237bf4b976d83b8:/netwerk/protocol/http/nsHttpConnection.cpp#l1469
{{{
val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host);
if (val) {
// all HTTP/1.1 requests must include a Host header (even though
it
// may seem redundant in this case; see bug 82388).
request.SetHeader(nsHttp::Host, nsDependentCString(val));
}
}}}
Here's the linked [https://bugzilla.mozilla.org/show_bug.cgi?id=82388 bug
82388].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12146#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list