Closed Bug 1503736 Opened 2 years ago Closed 2 years ago

Origin header honors network.http.referer.hideOnionSource

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: junior, Assigned: junior)

References

Details

(Whiteboard: [tor][domsecurity-active])

Attachments

(1 file)

Option to hide Origin header when leaving a .onion domain
Whiteboard: [tor]
I believe bug 446344 did already since the origin is extracted by the referrer.
However, we need some test here because we might make them independent one day.

For the forceOrigin fetch, we need some code here since the origin is from the principal.
Status: NEW → ASSIGNED
Whiteboard: [tor] → [tor][domsecurity-active]
note to myself: turn off network.dns.blockDotOnion for local testing
(In reply to Junior Hsu from comment #1)
> I believe bug 446344 did already since the origin is extracted by the
> referrer.
the referrer is also from policy instead of header.
ni? dragana for signing off attachment 9023483 [details]
Flags: needinfo?(dd.mozilla)
Keywords: checkin-needed
Pushed by rvandermeulen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5125f9c64d27
Origin header honors network.http.referer.hideOnionSource r=ckerschb,dragana
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/5125f9c64d27
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.