[tor-bugs] #6458 [Tor Browser]: Disable HSTS for third party content on non-HSTS domains

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 15 18:34:03 UTC 2014


#6458: Disable HSTS for third party content on non-HSTS domains
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability, tbb-bounty, tbb-
  Browser                |  firefox-patch
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 mikeperry on IRC wrote: "I thought there was also a project to crawl sites
 and transform any with hsts rules into https-everywhere rules". Here's an
 HTTPS Everywhere ticket to transform HSTS rules to HTTPS-Everywhere rules.
 https://github.com/EFForg/https-everywhere/issues/77

 Would this allow us to turn off HSTS altogether?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6458#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list