[tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 7 19:30:23 UTC 2016


#20317: Key permissions by first-party domain instead of origin (proposal)
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-linkability           |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 Here's a demo that works on Firefox (not Tor Browser, because we don't
 have navigator.geolocation exposed).

 First visit
 https://torpat.ch/geolocate.html
 And choose "Always Share Location" for torpat.ch.

 Now visit
 https://arthuredelstein.github.io/tordemos/geolocate.html
 The iframe runs the same torpat.ch page to obtain location, and then uses
 postMessage to send the location to the parent page, at
 arthuredelstein.github.io.

 (When you are done, be sure to revoke permissions to torpat.ch! :))

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20317#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list