Tor browser removes Authorization header on subdomains
|Reported by:||justuser||Owned by:||tbb-team|
|Cc:||gk, jamesbroadhead, fdsfgs@…||Actual Points:|
I couldn't use epayments.com from tor-browser.
api.epayments.com send Access-Control-Allow-Origin: https://my.epayments.com allowing my.epayments.com to make cross domain request.
But tor browser removes this header, breaking authorization process. I googled and found that this is for better privacy, but could you make this feature disableable?
Change History (10)
comment:3 Changed 14 months ago by jamesbroadhead
- Priority changed from Medium to High
- Severity set to Normal
comment:6 Changed 5 months ago by cypherpunks
- Summary changed from Tor browser removes Authorization header to Tor browser removes third-party cookies
comment:9 Changed 7 weeks ago by gk
- Summary changed from Tor browser removes third-party cookies to Tor browser removes Authorization header on subdomains