Opened 9 years ago

Closed 9 years ago

#1505 closed enhancement (fixed)

Improved Referer Handling

Reported by: mikeperry Owned by:
Priority: High Milestone:
Component: Applications/Torbutton Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The Torbutton master branch has some code for improving referer handling, courtesy of Kory Kirk. However, a potentially better strategy for only proving referer headers to page elements has been implemented by JonDos: http://www.jondos.org/en/node/1754.

It's possible that FactorBee also provides something like this, but it is too hard to communicate and interact with its author. The preferred reference implementation should be the JonDos version.

JonDos also claims to have improved certificate store protections in that release that are worth investigating.

Child Tickets

Change History (4)

comment:1 Changed 9 years ago by mikeperry

See also bug #664, which is about isolation of certificates (related to the second part of that JonDos post).

comment:2 Changed 9 years ago by mikeperry

There is some new referer handling in 'master'. This could be added as an additional option, possibly even replacing some or all of the options in master.

comment:3 Changed 9 years ago by mikeperry

Component: Tor-Tor clientTor-Torbutton

comment:4 Changed 9 years ago by mikeperry

Resolution: fixed
Status: newclosed

Implemented in torbutton 1.3.0-alpha.

Note: See TracTickets for help on using tickets.