#15599: Range requests used by pdfjs are not isolated to URL bar domain --------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: assigned Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by cypherpunks): And its OCSP requests too: {{{ [05-29 18:16:40] Torbutton INFO: tor SOCKS: http://ocsp.usertrust.com/ via --unknown--:acc796c227a065d5b876d251f00beb87 }}} Replying to [ticket:15599 gk]: > Works even in a third party context with https://people.torproject.org/~gk/misc/range-request-test.html (your security slider level needs to be below medium-high in this case). {{{ Security Error: Content at https://kpdyer.com/publications/usenix2014-fte.pdf#disableRange=true may not load data from https://people.torproject.org/~gk/misc/range-request- test.html. Load denied by X-Frame-Options: https://kpdyer.com/publications/usenix2014-fte.pdf#disableRange=true does not permit cross-origin framing. (unknown) }}} Hrm, does PDF.js support Private Browsing Mode? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15599#comment:9> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs