[tor-bugs] #16871 [Tor Browser]: Tor fails at Content Security Policy (CSP)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 25 02:17:28 UTC 2015


#16871: Tor fails at Content Security Policy (CSP)
-----------------------------+----------------------
     Reporter:  HaronP       |      Owner:  tbb-team
         Type:  defect       |     Status:  closed
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:  invalid      |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------

Comment (by Godar):

 I think you missed that the post was not about CSP in general, but the
 shortcomings of Firefox and Tor browser.

 Firefox and the Tor browser supporting CSP as Google Chrome does. Firefox
 does not support javascript blocking feature "script-src" as clearly
 stated in their own compatibility list ( https://developer.mozilla.org/en-
 US/docs/Web/Security/CSP/CSP_policy_directives#Browser_compatibility ) and
 Tor does not support it either, because the CSP support is based on
 Firefox instead of Chromium.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16871#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list