View Issue Details

IDProjectCategoryView StatusLast Update
0005373Talerwallet (WebExtensions)public2019-12-20 19:11
ReporterFlorian Dold Assigned ToFlorian Dold  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.6Fixed in Version0.6 
Summary0005373: wallet does not properly implement same origin restrictions for resource based payments
DescriptionThis allows other websites to, in some cases, find out whether a customer has paid for a certain resource URL.
TagsNo tags attached.


Florian Dold

2019-09-06 11:10

manager   ~0014869

Fixed in f6c0108511.

We do not actually base this off the origin (as one merchant deployment could have multiple origins for content and backend), but based on the merchant public key.

Existing payment redirection only kicks in when we see another contract from the *same* merchant.

Issue History

Date Modified Username Field Change
2018-06-29 17:24 Florian Dold New Issue
2018-06-29 17:24 Florian Dold Status new => assigned
2018-06-29 17:24 Florian Dold Assigned To => Florian Dold
2018-11-18 00:44 Christian Grothoff Product Version => git (master)
2018-11-18 00:44 Christian Grothoff Target Version => 0.6
2019-09-06 11:10 Florian Dold Status assigned => resolved
2019-09-06 11:10 Florian Dold Resolution open => fixed
2019-09-06 11:10 Florian Dold Note Added: 0014869
2019-09-16 09:08 Christian Grothoff Fixed in Version => 0.6
2019-12-20 19:11 Christian Grothoff Status resolved => closed