Opened 19 months ago

Last modified 19 months ago

#25482 new defect

Origin header sent from hidden service to clearnet websites

Reported by: kkm Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When browsing hidden service on Tor browser like https://www.nytimes3xbfgragh.onion/, XHR and fetch calls on this service to clear net websites/services like (https://securepubads.g.doubleclick.net) sends the name of hidden service in origin header.

Given that Tor browser ensures that referrer are not sent from .onion to clearnet(https://trac.torproject.org/projects/tor/ticket/9623), not sure how big of an issue is XHR / fetch requests sending Origin header.

Note:

  1. Would be worth checking, if not sending Origin header, breaks some functionality.
  2. Origin header is always capped to domain level. So in this case the service will not now the exact URL on hidden service, but at least will learn the hidden service name.

Child Tickets

Attachments (3)

Screen Shot 2018-03-13 at 22.48.20.png (52.3 KB) - added by kkm 19 months ago.
Screen Shot 2018-03-13 at 22.48.10.png (55.5 KB) - added by kkm 19 months ago.
Screen Shot 2018-03-13 at 22.48.00.png (59.7 KB) - added by kkm 19 months ago.

Download all attachments as: .zip

Change History (4)

Changed 19 months ago by kkm

Changed 19 months ago by kkm

Changed 19 months ago by kkm

comment:1 Changed 19 months ago by gk

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team
Note: See TracTickets for help on using tickets.