[tor-bugs] #22501 [Applications/Tor Browser]: Requests via javascript: violate FPI

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 27 08:48:34 UTC 2017


#22501: Requests via javascript: violate FPI
---------------------------------------+---------------------------
 Reporter:  cypherpunks                |          Owner:  pospeselr
     Type:  defect                     |         Status:  assigned
 Priority:  High                       |      Milestone:
Component:  Applications/Tor Browser   |        Version:
 Severity:  Major                      |     Resolution:
 Keywords:  tbb-linkability, noscript  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+---------------------------
Changes (by gk):

 * status:  needs_information => assigned


Comment:

 Replying to [comment:9 ma1]:
 > It's the "Attempt to fix Javascript links" ('''noscript.fixLinks''' in
 ''!about:config'') feature.
 >
 > Do you need me to modify the HEAD XHR preflight request in order to fit
 into your navigation restrictions, or to omit it outright? Or would it be
 better for you to just flip the preference?

 It seems to me flipping the preference might not be that bad. Richard: can
 you take a look whether that could be a viable way for solving our issue
 (without introducing other unintended ones)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22501#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list