[tor-bugs] #32414 [Applications/Tor Browser]: window.external.AddSearchProvider request goes through catch-all-circuit

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 10 17:05:35 UTC 2020

#32414: window.external.AddSearchProvider request goes through catch-all-circuit
 Reporter:  acat                                 |          Owner:  acat
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-linkability,                     |  Actual Points:
  TorBrowserTeam202001R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by acat):

 * keywords:  tbb-linkability, TorBrowserTeam202001 => tbb-linkability,
 * status:  assigned => needs_review


 Patch for review in https://github.com/acatarineu/tor-

 The requests that were not respecting FPI were the .xml and icons fetches
 when `Services.search.addEngine` is used to add an engine. From web
 content, this can be via the (deprecated) API `external.AddSearchProvider`
 or via the page action that is added when a page has a `<link rel="search"
 type="application/opensearchdescription+xml"...` tag.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32414#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list