View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005373 | Taler | wallet (WebExtension) | public | 2018-06-29 17:24 | 2019-12-20 19:11 |
Reporter | Florian Dold | Assigned To | Florian Dold | ||
Priority | high | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | git (master) | ||||
Target Version | 0.6 | Fixed in Version | 0.6 | ||
Summary | 0005373: wallet does not properly implement same origin restrictions for resource based payments | ||||
Description | This allows other websites to, in some cases, find out whether a customer has paid for a certain resource URL. | ||||
Tags | No tags attached. | ||||
|
Fixed in f6c0108511. We do not actually base this off the origin (as one merchant deployment could have multiple origins for content and backend), but based on the merchant public key. Existing payment redirection only kicks in when we see another contract from the *same* merchant. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-06-29 17:24 | Florian Dold | New Issue | |
2018-06-29 17:24 | Florian Dold | Status | new => assigned |
2018-06-29 17:24 | Florian Dold | Assigned To | => Florian Dold |
2018-11-18 00:44 | Christian Grothoff | Product Version | => git (master) |
2018-11-18 00:44 | Christian Grothoff | Target Version | => 0.6 |
2019-09-06 11:10 | Florian Dold | Status | assigned => resolved |
2019-09-06 11:10 | Florian Dold | Resolution | open => fixed |
2019-09-06 11:10 | Florian Dold | Note Added: 0014869 | |
2019-09-16 09:08 | Christian Grothoff | Fixed in Version | => 0.6 |
2019-12-20 19:11 | Christian Grothoff | Status | resolved => closed |
2023-04-13 20:37 | Florian Dold | Category | wallet (WebExtensions) => wallet (WebExtension) |