[tbb-bugs] #21952 [Applications/Tor Browser]: Onion-location: increasing the use of onion services through automatic redirects and aliasing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 31 19:59:29 UTC 2020
#21952: Onion-location: increasing the use of onion services through automatic
redirects and aliasing
-------------------------------------------------+-------------------------
Reporter: linda | Owner: acat
Type: project | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, tor-hs, network-team- | Actual Points: 11.6
roadmap-november, tbb-9.5, network-team- |
roadmap-2020Q1, TorBrowserTeam202003R |
Parent ID: #30024 | Points: 6
Reviewer: pospeselr, mcs, brade | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by sysrqb):
acat and I briefly discussed the header format earlier. One piece of
feedback reminded me that we should use X-Onion-Location, because we are
not implementing a standardized HTTP header. However, acat pointed me to
https://tools.ietf.org/html/rfc6648 where `X-*` headers are considered
deprecated. So, we should think a little harder about the format of the
value for this field. The `Location` HTTP header is
[https://tools.ietf.org/html/rfc7231#page-68 defined] as:
{{{
The "Location" header field is used in some responses to refer to a
specific resource in relation to the response. The type of
relationship is defined by the combination of request method and
status code semantics.
Location = URI-reference
The field value consists of a single URI-reference. When it has the
form of a relative reference ([RFC3986], Section 4.2), the final
value is computed by resolving it against the effective request URI
([RFC3986], Section 5).
For 201 (Created) responses, the Location value refers to the primary
resource created by the request. For 3xx (Redirection) responses,
the Location value refers to the preferred target resource for
automatically redirecting the request.
If the Location value provided in a 3xx (Redirection) response does
not have a fragment component, a user agent MUST process the
redirection as if the value inherits the fragment component of the
URI reference used to generate the request target (i.e., the
redirection inherits the original reference's fragment, if any).
For example, a GET request generated for the URI reference
"http://www.example.org/~tim" might result in a 303 (See Other)
response containing the header field:
Location: /People.html#tim
which suggests that the user agent redirect to
"http://www.example.org/People.html#tim"
Likewise, a GET request generated for the URI reference
"http://www.example.org/index.html#larry" might result in a 301
(Moved Permanently) response containing the header field:
Location: http://www.example.net/index.html
which suggests that the user agent redirect to
"http://www.example.net/index.html#larry", preserving the original
fragment identifier.
}}}
In the future, we may find it advantageous if we specify `Onion-Location`
as a [https://httpwg.org/http-extensions/draft-ietf-httpbis-header-
structure.html structured header] with a backwards compatible format
matching that of the Location header.
To be clear, we can use the current implementation and get this into
Nightly builds, but we should think about this idea before the feature
moves to Stable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21952#comment:134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list