New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Use Ajax to send files in receive mode to workaround browser bug with large files #901
Conversation
I couldn't get the flashes to appear properly after all. So I leave this as a simpler PoC, at least for you to test that it indeed fixes the upload issue. More work will need to be done |
I'm actually quite confused why the script is being blocked though. Here are the errors in the Tor Browser console:
The header looks like this:
And the script being loaded is indeed getting loaded from
|
The problem was the Tor Browser security slider set to Safer, I think. One of the things it does is "JavaScript is disabled on non-HTTPS sites", and it appears that HTTP sites that are .onions aren't an exception. If I set the security slider to Standard, it works. |
But nice, I confirmed that uploading via Ajax does indeed resolve #899. |
How does this warning look? The text is:
|
Ok I've got to work on other stuff now, but FYI my work in progress is in my |
Sad about this situation. I hope we can have more flexibility per tab in the Tor Browser (and make Tor Browser smarter and friendlier for .onion sites), so users don't need to sacrifice the global security level, but enable/disable features temporarily. That said, a link to open Security Slider/Settings could be cool in that line. |
Also, we have https://trac.torproject.org/projects/tor/ticket/27610 to fix this. |
I know, me too @holantonela. Per-tab security sliders would be great. After talking in the keybase chat with @mig5 about how sometimes this bug may still be triggered on smaller uploads, and also after reviewing SecureDrop's current plans for UX around messaging this bug, I changed the text to:
The "security slider" link goes to https://tb-manual.torproject.org/en-US/security-slider/, and the link includes the
The "turn off your Tor Browser's NoScript XSS setting" links to a new static page that I've added to the OnionShare web server ( The complete text is:
The link there again uses the |
Nice. I also just opened a related issue specifically about the |
It's cool that you are sharing patterns. In the short future (TB8.5), you will be able to link directly to |
yes, thanks. Tagged it. |
I'm closing this PR in favor of #904, so that way my code can get reviewed before merged. |
No description provided.