#21728: Features that are made "HTTPS-only" should be available on .onion sites
as
well
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:1 yawning]:
> Can this be made opt-in? I don't really think Tor Browser should
support any of the APIs that require Secure Contexts in the first place,
even with HTTPS...
>
> https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
If it turns out to be the case that we think an API is to be disabled in
an HTTPS context it won't be available on .onion sites either. This bug is
more about stopping to bind `isSecureContext` to HTTPS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21728#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
