Closed Bug 1742784 Opened 3 years ago Closed 1 year ago

After a redirect from .onion domain, the Origin header should be null

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kershaw, Unassigned)

References

Details

(Whiteboard: [necko-triaged])

Severity: -- → S2
Priority: -- → P2
Whiteboard: [necko-triaged]

See the very last test case at the bottom of http://ixrdj3iwwhkuau5tby5jh3a536a2rdhpbdbu6ldhng43r47kim7a3lid.onion/referrer/onion.html:

Check referrer after a cross-origin POST navigation ending up in a same-origin redirect.

Whiteboard: [necko-triaged] → [necko-triaged][necko-priority-review]

Hi Tom,

Not sure if this bug is still important. Tom, what do you think?
If yes, do you probably have time to fix this?

Thanks.

Severity: S2 → S3
Flags: needinfo?(tschuster)
Priority: P2 → P3
Whiteboard: [necko-triaged][necko-priority-review] → [necko-triaged]

Check referrer after a cross-origin POST navigation ending up in a same-origin redirect.

I think this was fixed by the tainting for cross-origin redirects, which of course also applies to cross-origin .onion URLs.

We also have the pref network.http.referer.hideOnionSource.

Flags: needinfo?(tschuster)

(In reply to Tom Schuster (MoCo) from comment #3)

Check referrer after a cross-origin POST navigation ending up in a same-origin redirect.

I think this was fixed by the tainting for cross-origin redirects, which of course also applies to cross-origin .onion URLs.

We also have the pref network.http.referer.hideOnionSource.

Thanks, I'll close this bug.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.