[tor-bugs] #16893 [Ooni]: ADINA15 Registration Error
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 25 14:45:29 UTC 2015
#16893: ADINA15 Registration Error
------------------------+----------------------
Reporter: poly | Owner: hellais
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Ooni | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+----------------------
Comment (by hellais):
So I have figured out what is going on here. This bug is something that
only happens when the browser is configured to disallow third-party
cookies (this is the case in Tor Browser Firefox, but not the default in
most browser settings).
Given the fact that we want to have SSL on the endpoint accepting the XHR
request and given the fact that we can't host dynamic content on
ooni.torproject.org we have two options to overcome this:
1) Suggest TBB users to do the registration after having temporarily re-
enabled third-party cookies (see attached screenshot for details on how to
do that)
2) Implement an alternative method for authentication that does not rely
on cookies. There is some documentation for strongloop on how to do this
(https://docs.strongloop.com/display/public/LB/Making+authenticated+requests
#Makingauthenticatedrequests-Makingauthenticatedrequestswithaccesstokens)
and we have implemented this in the past in GlobaLeaks with angular.js so
it should be possible to implement this.
Pull requests implementing either the informative text explaining how to
workaround the issue or one implementing header based authentication are
more than welcome.
I don't think I can commit to implementing either of these any time soon
though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16893#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list