[tor-bugs] #13670 [- Select a component]: ensure OCSP & favicons respect URL bar domain isolation

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 5 04:57:17 UTC 2014


#13670: ensure OCSP & favicons respect URL bar domain isolation
----------------------------------+---------------------
 Reporter:  arthuredelstein       |          Owner:
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:
Component:  - Select a component  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------
 Following #5752, all web content for a page is requested on a circuit
 devoted to the page's URL bar domain. OCSP requests, however, are being
 sent on a separate circuit. Favicons and DNS queries, etc, should also be
 checked for violations.

 Probably we need to fix ThirdPartyUtil::GetFirstPartyUri to return the
 parent page's domain for OCSP requests.

 See also #9783.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list