[tor-bugs] #33705 [Internal Services/Tor Sysadmin Team]: Add header to redirect websites visitors using tor-browser to the .onion address
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 25 15:17:14 UTC 2020
#33705: Add header to redirect websites visitors using tor-browser to the .onion
address
-------------------------------------------------+-------------------------
Reporter: hiro | Owner: hiro
Type: defect | Status:
| assigned
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Description changed by hiro:
Old description:
> We have received a number of tickets by Tor Browser users that we should
> keep people visiting the .onion version of a torproject.org website in
> the .onion space. Instead because we have different subdomains for
> different websites a user surfing the onion version of torproject.org
> will be taken to support.torproject.org instead of its onion address.
>
> I am willing to implement a header that signal the .onion address for all
> of our onions and I am currently considering two options.
>
> 1. Implement alt-svc. This is what facebook does. Specifically the
> browser receive a alt-sv header like:
>
> {{{
> alt-svc:
> h2="facebook2futmrduts5uqn3ahwg4qyqoks6h3alxf5drhsgyhzujyqad.onion:443";
> ma=86400
> }}}
>
> 2. Use onion-location:
>
> {{{
> Onion-Location:
> http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/header/
> }}}
>
> 3. Use a onion-location meta-tag:
>
> {{{
> <!DOCTYPE html>
> <html>
> <head>
> <meta http-equiv="onion-location"
> content="http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/meta/"/>
> </head>
> <body>
> Onion-Location meta tag test.
> </body>
> </html>
> }}}
>
> I would personally prefer to use one of the two headers options. Either
> the alt-sv or the onion-location one. Both have advantages. I like that
> with alt-sv the connection is upgraded to an onion location without the
> address bar changing. At the same time we should also showcase our
> onions! And if we launch the onion-location header support we should show
> it on our websites.
>
> Something I would avoid is following the model that Privacy International
> use, and issue a "Location:" redirect when the client comes from an exit
> node. We currently do not check in our infrastructure where a user is
> coming from and I wouldn't like to start doing that.
New description:
We have received a number of tickets by Tor Browser users that we should
keep people visiting the .onion version of a torproject.org website in the
.onion space. Instead because we have different subdomains for different
websites a user surfing the onion version of torproject.org will be, for
example, taken to support.torproject.org instead of its onion address.
I am willing to implement a header that signal the .onion address for all
of our onions and I am currently considering the following options.
1. Implement alt-svc. This is what facebook does. Specifically the browser
receive a alt-sv header like:
{{{
alt-svc:
h2="facebook2futmrduts5uqn3ahwg4qyqoks6h3alxf5drhsgyhzujyqad.onion:443";
ma=86400
}}}
2. Use onion-location:
{{{
Onion-Location:
http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/header/
}}}
3. Use a onion-location meta-tag:
{{{
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="onion-location"
content="http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/meta/"/>
</head>
<body>
Onion-Location meta tag test.
</body>
</html>
}}}
I would personally prefer to use one of the two headers options. Either
the alt-sv or the onion-location one. Both have advantages. I like that
with alt-sv the connection is upgraded to an onion location without the
address bar changing. At the same time we should also showcase our onions!
And if we launch the onion-location header support we should show it on
our websites.
Something I would avoid is following the model that Privacy International
use, and issue a "Location:" redirect when the client comes from an exit
node. We currently do not check in our infrastructure where a user is
coming from and I wouldn't like to start doing that.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33705#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list