[tor-bugs] #13670 [- Select a component]: ensure OCSP & favicons respect URL bar domain isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 5 04:57:46 UTC 2014
#13670: ensure OCSP & favicons respect URL bar domain isolation
--------------------------------------+-----------------
Reporter: arthuredelstein | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+-----------------
Description changed by arthuredelstein:
Old description:
> Following #5752, all web content for a page is requested on a circuit
> devoted to the page's URL bar domain. OCSP requests, however, are being
> sent on a separate circuit. Favicons and DNS queries, etc, should also be
> checked for violations.
>
> Probably we need to fix ThirdPartyUtil::GetFirstPartyUri to return the
> parent page's domain for OCSP requests.
>
> See also #9783.
New description:
Following #5752, all web content for a page is requested on a circuit
devoted to the page's URL bar domain. OCSP requests, however, are being
incorrectly sent on a separate circuit. Favicons and DNS queries, etc,
should also be checked for violations.
Probably we need to fix ThirdPartyUtil::GetFirstPartyUri to return the
parent page's domain for OCSP requests.
See also #9783.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list