[tor-bugs] #21537 [Applications/Tor Browser]: Consider ignoring secure cookies for .onion addresses

Fri Apr 13 17:04:51 UTC 2018

#21537: Consider ignoring secure cookies for .onion addresses
-------------------------------------------------+-------------------------
 Reporter:  micah                                |          Owner:  gk
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability,                       |  Actual Points:
  TorBrowserTeam201804R, GeorgKoppen201804       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  assigned => needs_review
 * keywords:  tbb-usability, TorBrowserTeam201804, GeorgKoppen201804 => tbb-
     usability, TorBrowserTeam201804R, GeorgKoppen201804

Comment:

 Okay, how is `bug_21537_v4` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/log/?h=bug_21537_v4)? Returning a boolean value made this
 slightly more complicated as we actually have more than two values to
 consider due to the telemtry part. But as we don't want to have the latter
 anyway, I just ripped it out. We can revisit that when we think we want to
 upstream that patch but that's a bit in the future as I am not sure
 whether Mozilla would take it right now anyway. There is no easy way
 around the HTTPS = secure equation for cookies I am afraid...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21537#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online