[tor-bugs] #15563 [Applications/Tor Browser]: ServiceWorkers violate first party isolation, probably
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 19 10:20:28 UTC 2019
#15563: ServiceWorkers violate first party isolation, probably
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability, ff68-esr, tbb-9.0 | Actual Points:
-must-alpha |
Parent ID: | Points: 1
Reviewer: | Sponsor:
| Sponsor44-can
-------------------------------------------------+-------------------------
Changes (by acat):
* status: new => needs_information
Comment:
AFAIK, service workers APIs should not be usable in private browsing mode,
`navigator.serviceWorker` is not present in that case. So in mobile they
have flipped the serviceworker pref but as long as we only have private
windows it should not be usable. Should we still investigate this for
`browser.privatebrowsing.autostart = false`?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15563#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list