#16919: Why is HTTP_REFERER enabled?
-----------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------
Comment (by someone_else):
While disabling HTTP_REFERER may be impractical due to some sites
breaking, it would make sense to block it for links opened in new tabs.
Most users likely expect that they won't be tracked to a new tab given the
circuit isolation TBB has now.
Proposed patch for tor-browser to disable referer passing for links opened
in new tabs:
{{{
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -358,7 +358,7 @@ function openLinkIn(url, where, params) {
case "tab":
w.gBrowser.loadOneTab(url, {
referrerURI: aReferrerURI,
- referrerPolicy: aReferrerPolicy,
+ referrerPolicy:
Components.interfaces.nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
charset: aCharset,
postData: aPostData,
inBackground: loadInBackground,
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16919#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
