[tor-bugs] #21537 [Applications/Tor Browser]: Consider ignoring secure cookies for .onion addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 11 11:24:29 UTC 2018
#21537: Consider ignoring secure cookies for .onion addresses
-------------------------------------------------+-------------------------
Reporter: micah | Owner: tbb-
| team
Type: enhancement | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability, | Actual Points:
TorBrowserTeam201804R, GeorgKoppen201804 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* cc: pospeselr, mcs, brade, arthuredelstein, sysrqb, igt0 (added)
Comment:
Replying to [comment:12 pospeselr]:
> Change looks good, only thing I'd suggest is moving the block at 3340 a
couple lines up before the Telemetry::Accumulate call ( since the enum
seems to be a question of cookie security, rather than http(s) ).
>
> I also verified the hostURI that's passed in is already normalized, so
we don't have to worry about case insensitive string compare.
Thanks. I added the suggested change in `bug_21537_v3`
(https://gitweb.torproject.org/user/gk/tor-
browser.git/log/?h=bug_21537_v3). Let me know if that still looks good.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21537#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list