[tor-bugs] #21361 [Applications/Tor Browser]: Enable browser APIs only allowed in secure contexts for NG HS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 1 12:41:03 UTC 2017
#21361: Enable browser APIs only allowed in secure contexts for NG HS
--------------------------------------+--------------------------
Reporter: legind | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
I agree with this in theory (even for non NGHS) - but what APIs are you
specifically interested in? I'm not sure if FF currently ships any such
APIs that Tor Browser enables. For example: Web Bluetooth and EME we turn
off; Service Workers is disabled in ESR also I believe. IS there any other
such API? (In FF geolocation is not (yet?) required to be on a secure
origin but of course we disable it.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21361#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list