Opened 17 months ago

Last modified 9 months ago

#17933 assigned defect

Tor Browser does not isolate the pdf 'download' (via the download button) to URL bar domain

Reported by: arma Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, tbb-usability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I've logged in to the pets reviewing website, and I clicked on a pdf, and the pdf.js is showing me the pdf. Then I click on the 'download' link inside the pdf viewer, which in the past caused a pdf to end up on my disk. Now it causes an html file, essentially saying that I wasn't logged in, to end up on my disk instead.

I managed to work around it by "right click, save page as", which does what the download button used to do. But not sending any of the current credentials/cookies/etc to whatever is doing the download is pretty surprising.

Child Tickets

Change History (3)

comment:1 Changed 17 months ago by gk

  • Status changed from new to needs_information

Interesting. Do you think you could make the log for this available after setting extensions.torbutton.loglevel to 3 and extensions.torbutton.logmethod to 0 and restarting tor-browser with the --log switch? There should be a tor-browser.log file available this way.

I don't have a setup to reproduce that myself.

comment:2 Changed 17 months ago by gk

  • Keywords tbb-linkability added

comment:3 Changed 9 months ago by gk

  • Keywords tbb-usability added
  • Status changed from needs_information to assigned
  • Summary changed from Recent Tor Browser isolates the pdf 'download' outcome from the current tab to Tor Browser does not isolate the pdf 'download' (via the download button) to URL bar domain

We probably have arma's issue as downloading with the Download button is going over the catch-all curcuit and is not isolated to the URL bar domain.

Note: See TracTickets for help on using tickets.