Opened 3 years ago

Closed 3 years ago

#19366 closed defect (worksforme)

torbrowser stream isolation considers domain:443 different from domain:444

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

torbrowser isolates domain:800 from domain:80. This is inconvenient when domain:800 checks whether the request matches the IP seen by domain:80, especially as there is no way to disable stream isolation.

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by yawning

Resolution: worksforme
Status: newclosed

Tor Browser does not isolate base on ports. The IsolateDestPort option is *not* set, and the domain isolator doesn't look at the port at all when it generates/retrieves the auth based isolation nonce.

Eg: example.com via http and https use the same circuit.

The only thing I can think of that's happening is that you really do happen to mean "port 800" which isn't a commonly allowed destination port. If you used an Exit that allows port 80, but does not allow port 800, then the tor daemon has no choice but to create a new circuit with a more suitable Exit for the 2nd request.

This is totally orthogonal to isolation (which should be/is doing the right thing), and boils down to Tor Browser not being clairvoyant.

Note: See TracTickets for help on using tickets.