Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Yawning Angel@yawning

HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.

The HTTPs request made to check.torproject.org as part of startup doesn't use domain isolation at all.

How to reproduce:

  1. Monitor the SOCKS traffic (or circuit list).
  2. Start Tor Browser, get to the about:tor page.
  3. Gasp in horror.

Tested with 6.0.5.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information