Re: [tor-bugs] #25482 [- Select a component]: Origin header sent from hidden service to clearnet websites

2018-03-13 Thread Tor Bug Tracker & Wiki 
#25482: Origin header sent from hidden service to clearnet websites
--+
 Reporter:  kkm   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by kkm):

 * Attachment "Screen Shot 2018-03-13 at 22.48.00.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25482 [- Select a component]: Origin header sent from hidden service to clearnet websites

2018-03-13 Thread Tor Bug Tracker & Wiki 
#25482: Origin header sent from hidden service to clearnet websites
--+
 Reporter:  kkm   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by kkm):

 * Attachment "Screen Shot 2018-03-13 at 22.48.10.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25482 [- Select a component]: Origin header sent from hidden service to clearnet websites

2018-03-13 Thread Tor Bug Tracker & Wiki 
#25482: Origin header sent from hidden service to clearnet websites
--+
 Reporter:  kkm   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 When browsing hidden service on Tor browser like
 `https://www.nytimes3xbfgragh.onion/`, XHR and fetch calls on this service
 to clear net websites/services like
 (https://securepubads.g.doubleclick.net) sends the name of hidden service
 in `origin` header.

 Given that Tor browser ensures that referrer are not sent from .onion to
 clearnet(https://trac.torproject.org/projects/tor/ticket/9623), not sure
 how big of an issue is XHR / fetch requests sending Origin header.

 Note:
 1. Would be worth checking, if not sending `Origin` header, breaks some
 functionality.
 2. Origin header is always capped to domain level. So in this case the
 service will not now the exact URL on hidden service, but at least will
 learn the hidden service name.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25482 [- Select a component]: Origin header sent from hidden service to clearnet websites

2018-03-13 Thread Tor Bug Tracker & Wiki 
#25482: Origin header sent from hidden service to clearnet websites
--+
 Reporter:  kkm   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by kkm):

 * Attachment "Screen Shot 2018-03-13 at 22.48.20.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs