Open Bug 402144 Opened 14 years ago Updated 6 years ago

web-based content handlers could leak secure URIs

Categories

(Firefox :: File Handling, defect)

defect
Not set
normal

Tracking

()

People

(Reporter: dmosedale, Unassigned)

Details

(Keywords: privacy)

Section 4.5.1.1 of the current draft of WhatWG sez:

Leaking secure URIs. User agents should not send HTTPS URIs to third-party sites registered as content handlers, in the same way that user agents do not send Referer headers from secure sites to third-party sites.

When I asked Hixie about the rationale for this, he referred me to the paragraphs above it about leaking intranet URIs.  Note that he didn't really know what the exact rationale for the Referer stuff was.  I presume the theory is that if you care enough to encrypt a site, than you probably want its contents kept private.  Not crazy, but that's an awfully large hammer for this nail.

My inclination is to not implement this restriction, but I'm conflicted about this.  Alternate ideas encouraged...
This only applies to web-based *content* handlers, not web-based *protocol* handlers, right?
You're totally right.
Summary: web-based protocol handlers could leak secure URIs → web-based content handlers could leak secure URIs
Is this going to be an issue for feeds (due to feed:https: or feed mime types) in Firefox 3?
> in the same way that user agents do not send Referer headers from secure sites
> to third-party sites.

This is because said URIs often contain the entire contents of a form (HTTP GET and all), and hence contain information that the user and site may not want to broadcast, possibly including authentication information (e.g. username).
(In reply to comment #3)
> Is this going to be an issue for feeds (due to feed:https: or feed mime types)
> in Firefox 3?
> 

It's probably already an issue for feeds due to the MIME types.
Product: Core → Firefox
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.