Opened 8 months ago
Last modified 2 months ago
#31899 new task
Hook .onion with URI_IS_POTENTIALLY_TRUSTWORTHY?
| Reported by: | gk | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | TorBrowserTeam202006 |
| Cc: | Actual Points: | ||
| Parent ID: | #21728 | Points: | 2.5 |
| Reviewer: | Sponsor: | Sponsor27 |
Description (last modified by )
There is the idea that the check whether a particular origin is trustworthy should consider the URI flags. We should think about how that fits into our particular model of declaring .onions to a potentially trustworthy origin.
Child Tickets
Change History (8)
comment:1 Changed 7 months ago by
| Description: | modified (diff) |
|---|
comment:2 Changed 7 months ago by
| Keywords: | TorBrowserTeam202001 added |
|---|
comment:3 Changed 6 months ago by
| Sponsor: | → Sponsor27 |
|---|
comment:4 Changed 6 months ago by
| Points: | → 2.5 |
|---|
comment:5 Changed 5 months ago by
comment:6 Changed 4 months ago by
| Keywords: | TorBrowserTeam202002 added; TorBrowserTeam202001 removed |
|---|
Moving tickets to February
comment:7 Changed 3 months ago by
| Keywords: | TorBrowserTeam202003 added; TorBrowserTeam202002 removed |
|---|
We are no longer in February, moving tickets
comment:8 Changed 2 months ago by
| Keywords: | TorBrowserTeam202006 added; TorBrowserTeam202003 removed |
|---|
Move tickets to 2020 June
Note: See
TracTickets for help on using
tickets.
For context, the spec describes this as "A potentially trustworthy origin is one which a user agent can generally trust as delivering data securely".
This includes authenticated and encrypted channels, such as schemes
httpsandwss. This also includes "internal" channels such as localresource,file, andabout.Considering our work on elevating the security of URLs with the
.onionTLD within the browser, I think we can reasonably argue loading a.onionURL as a secure context (and therefore adding the URI flag).