Opened 9 years ago

Closed 9 years ago

#3665 closed defect (fixed)

SafeCache policy has corner cases

Reported by: mikeperry Owned by: mikeperry
Priority: Very High Milestone: TorBrowserBundle 2.2.x-stable
Component: TorBrowserButton Version:
Severity: Keywords: MikePerryIteration20110814
Cc: g.koppen@… Actual Points: 4
Parent ID: Points: 6
Reviewer: Sponsor:


According to Georg Koppen, SafeCache has some corner cases wrt some 3rd party content, especially content created from JavaScript. In particular, is getting a unique cache id when sourced off of, instead of the id for

There are also potential issues with our use of notificationCallbacks to obtain the sourcing domain. In some cases, we may also need to use the url from the loadGroup, but for this is not what is going wrong..

Child Tickets

Change History (7)

comment:1 Changed 9 years ago by mikeperry

Points: 6

This is going to be a fun one to fix, I can sense it already...

comment:2 Changed 9 years ago by gk

Cc: g.koppen@… added

comment:3 Changed 9 years ago by gk

The issue here is indeed missing notification callbacks. There are no channel notifications available for CSS files included via <link> elements in the head of the document. But the loadGroup saved the day in this regard. Thus, that should be easy to fix. But the problems with CORS requests remain untouched so far.

comment:4 Changed 9 years ago by mikeperry

Keywords: MikePerryIteration20110814 added

comment:6 Changed 9 years ago by mikeperry

Status: newneeds_information

Ok, I committed a change with the loadGroup fix as well as a hack to use the referer host if we have neither loadGroup nor notificationCallbacks..

It solves all of the test cases above, but I'm not sure if the referer property is present in the channel for http->https sourcing.. Any test cases of that? If we get lucky, it might be present but not transmitted. From reading it sounds like we won't get lucky... But is there anything else we can do?

comment:7 Changed 9 years ago by mikeperry

Actual Points: 4
Resolution: fixed
Status: needs_informationclosed

Ok, I am closing this on the grounds that I eliminated a lot of corner cases. I have opened ticket #3739 for the possible remaining corner case that we still need to test.

Note: See TracTickets for help on using tickets.