[tahoe-dev] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header
tahoe-lafs
trac at allmydata.org
Wed Oct 28 23:34:50 PDT 2009
#127: Cap URLs leaked via HTTP Referer header
-------------------------------+--------------------------------------------
Reporter: warner | Owner:
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: 0.7.0
Keywords: security | Launchpad_bug:
-------------------------------+--------------------------------------------
Comment(by davidsarah):
The behaviour of Mozilla browsers for the secure -> secure case is
controlled by this preference [note "rr" spelling]:
http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer
Summary: it does the wrong thing by default :-(
(This preference controls when to send Referer in other cases:
http://kb.mozillazine.org/Network.http.sendRefererHeader
I just changed my Firefox config to '''never''' send it, i.e.
{{{network.http.sendRefererHeader = 0}}} and
{{{network.http.sendSecureXSiteReferrer = false}}}. I doubt anything will
break.)
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/127#comment:14>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list