#21396: Torbutton breaks Session Manager addon -------------------------------------------------+------------------------- Reporter: HolD | Owner: tbb- | team Type: defect | Status: | needs_information Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-6.5-regression, | Actual Points: TorBrowserTeam201702, GeorgKoppen201702 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by gk):
* cc: lnl (added) Comment: Replying to [comment:7 yawning]: > Replying to [comment:6 gk]: > > Session Manager does not like it that `chrome://sessionmanager/locale/sessionmanager.dtd` and `chrome://sessionmanager/locale/options.dtd` are blocked by our fix for #8725. Things like `&toolbar.tooltip` need to be available for content after the first installation. HolD: does adding the toolbar buttons manually to the toolbar work for you? > > What's the origin URI when the requests make it to the content policy? If this is one of the cases where `aRequestOrigin` can basically be anything, the only way to solve this would be to whitelist the relevant URIs. Note that, doing so will make it trivial for sites to fingerprint if the addon is present or not (then again, people installing extra addons/plugins void the non-existent warranty in the first place). `moz-nullprincipal:{1f22744b-c4db-41b6-8d6e-3d06c176578e}`. Looking at the docs it seems like checking for that one would be okay. But this is not a solution that scales well. I wonder if we should just add a preference `extensions.torbutton_resource_and_chrome_uri_fingerprinting` and set that to `false` by default allowing users to override it and to disable the content policy hack. Maybe UX folks have an idea. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21396#comment:9> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs