Opened 3 years ago

Closed 3 years ago

#22305 closed defect (fixed)

Don't send accept-encoding on anon http requests

Reported by: nickm Owned by: ahf
Priority: High Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On an anonymized request, we shouldn't send an accept-encoding header.

Further, if we get an lzma-encrypted or zstd-encrypted thing over an anonymized connection, we shouldn't decompress it, since that would also reveal whether we have lzma/zstd support.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by nickm

(Thanks to arma for catching this before we put out an alpha release)

comment:2 Changed 3 years ago by arma

Summary: Don't send accept-encoding on anon requestsDon't send accept-encoding on anon http requests

comment:3 Changed 3 years ago by nickm

Owner: set to ahf
Status: newassigned

comment:4 Changed 3 years ago by ahf

Status: assignedneeds_review

comment:5 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

lgtm; merging

Note: See TracTickets for help on using tickets.