Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #29803

Closed (moved)
Open
Opened Mar 18, 2019 by cypherpunks@cypherpunks

Trust Tor Project domain in NoScript when TorButton security level is changed

Trust *.torproject.org in NoScript for first-party access when the TorButton security level is changed.

I don't know if it's possible to restrict to first-party in NoScript. It is in uMatrix. I don't know if trusting TP's sites by default could aid fingerprinting TB as TB rather than its UserAgent if, for example, a TP resource is embedded in a third-party page. On a related note, IIRC, the blog is hosted by a third-party.

Or always trust TP's onions only? https://onion.torproject.org/ Same unknown but for onion and non-onion third parties.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#29803