[tor-bugs] #32271 [Webpages/Website]: Mac OSX Tor Browser 9.0 missing Request header origin

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 24 18:28:25 UTC 2019


#32271: Mac OSX Tor Browser 9.0 missing Request header origin
--------------------------+----------------------------------
 Reporter:  stridentbean  |          Owner:  hiro
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Component:  Webpages/Website
  Version:                |       Severity:  Normal
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------
 I'm running a hidden service on my raspberry pi. My pi is running a docker
 container with tor running version 0.4.1.6 although a few other pis have
 lower versions and still see this issue. On the pi I also run a few apis
 and a Vuejs application.

 Previously while running version 8.5.5, when making http requests (I'm not
 using https), the request header origin was always supplied and my cross
 origin policy was fine. However, with 9.0.0 the request header origin is
 not passed via a standard http request. Then the Tor browser throws this,
 "Cross-Origin Request Blocked: The Same Origin Policy disallows reading
 the remote resource at http://OMITTED.onion:3000/OMITTED/. (Reason: CORS
 header ‘Access-Control-Allow-Origin’ missing"

 Was this an intentional change or a bug? Is there any settings I could
 change in the browser to alleviate this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32271>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list