[tor-bugs] #32549 [Applications/Tor Browser]: NoScript makes requests to sync-messages.invalid
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 22 11:13:46 UTC 2019
#32549: NoScript makes requests to sync-messages.invalid
--------------------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by ma1):
Replying to [comment:8 cypherpunks]:
> Looks like `noscript-csp.invalid` is still interfering/messing with CSP:
> {{{
> [11-22 09:47:42] Torbutton INFO: tor SOCKS: https://noscript-
csp.invalid/__NoScript_Probe__/ via
> torproject.org:602f1e2c568ce366b5800e14a4383d41
> Content Security Policy: The page’s settings blocked the loading of a
resource at https://blog.torproject.org/sites/default/files/js/js.js
(“script-src”).
> }}}
No interfering/messing here.
That's the intended behavior. It's used to intercept and take note of any
CSP violation in order to buy the UI when it's time (and again, these CSP
reports won't reach the network anyway).
This is likely going to be replaced with a securitypolicyviolation in the
content script, now that's available on ESR as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32549#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list