[tor-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Oct 3 19:32:42 UTC 2015
#9623: Referers being sent from hidden service websites
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: needs_revision
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-torbutton, tbb-security,
Browser | TorBrowserTeam201510
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Comment (by cypherpunks):
Replying to [comment:23 zyan]:
> Replying to [comment:20 cypherpunks]:
> > Replying to [comment:19 zyan]:
> > > Replying to [comment:13 cypherpunks]:
> > > > I found this comment to be interesting https://addons.mozilla.org
/en-us/firefox/addon/smart-referer/reviews/570470/
> > > >
> > > > Looks like setting about:config's
network.http.referer.XOriginPolicy;1 may solve this problem without any
further action needed, maybe the torbrowser dev team can look into that.
> > >
> > > I think that would affect all origins, not just .onion origins,
which is probably not what we want. I usually browse with referrer
disabled and I find that it occasionally breaks things.
> >
> > Is occasionally breaking things not worth the security tradeoff?
>
> It might be, but this ticket is about .onion behavior, not general
referrer behavior in TBB. Worth a separate ticket.
Good point, I have created a ticket here:
https://trac.torproject.org/projects/tor/ticket/17228
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list