[tor-bugs] #9623 [Tor Browser]: Referers being sent from hidden service websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 6 14:06:09 UTC 2015
#9623: Referers being sent from hidden service websites
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: needs_revision
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-torbutton, tbb-security,
Browser | TorBrowserTeam201510R
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Changes (by gk):
* status: needs_review => needs_revision
Comment:
Here are a couple of thoughts:
1) I think all the general referrer related logic should not be included
in this patch. Just the .onion related one (as this ticket is only about
this and all the bikeshedding should go into #17228) and a pref, say
`extensions.torbutton.disable_onion_referrer`, which governs
enabling/disabling this feature
2) This code is called quite often and thus we should try to make it a bit
more efficient IMO. E.g. there is no need to do
{{{
var prefs = Components.classes["@mozilla.org/preferences-
service;1"].getService(Components.interfaces.nsIPrefBranch);
}}}
every time `http-on-modify-request` gets triggered
3) I wonder why we need the tor_enabled check. What is its purpose in this
patch?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list