[tor-bugs] #18811 [Applications/Tor Browser]: Our first-party isolation patch incorrectly rejects blobs retrieved in workers
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 20 06:31:10 UTC 2016
#18811: Our first-party isolation patch incorrectly rejects blobs retrieved in
workers
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner:
Type: defect | arthuredelstein
Priority: Medium | Status:
Component: Applications/Tor Browser | needs_review
Severity: Normal | Milestone:
Keywords: ff45-esr, TorBrowserTeam201605R, | Version:
tbb-6.0-must | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):
* status: assigned => needs_review
* keywords: ff45-esr, TorBrowserTeam201605, tbb-6.0-must => ff45-esr,
TorBrowserTeam201605R, tbb-6.0-must
Comment:
Here's a patch to fix the problem.
https://github.com/arthuredelstein/tor-browser/commit/18811+3
94fa4b050a1252914c57e59c747d4c9342cdf2cb
Unfortunately I had to resort to making the blob URL a special case to
undo the Tor Browser regression caused by the Mozilla patch mentioned in
the description. I considered various alternatives but didn't find a
better solution -- at least the change here is localized. Mozilla is
working on blob isolation using origin attributes, so hopefully a cleaner
solution will emerge from that approach.
The problem reported in this ticket was originally revealed by two failing
tests in
`./mach mochitest dom/base/test/test_tor_bug15502.html`
After this patch is applied, the tests all pass.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18811#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list