Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Omit referrers on cross-origin requests from an .onion address #156

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Omit referrers on cross-origin requests from an .onion address #156

wants to merge 1 commit into from

Conversation

fmarier
Copy link
Member

@fmarier fmarier commented Nov 9, 2021
edited by pr-preview bot
Loading

This is to address #155.

Preview | Diff

@fmarier fmarier self-assigned this Nov 9, 2021
@annevk
Copy link
Member

annevk commented Nov 9, 2021

whatwg/fetch#1351 proposes similar language. Do we expect many other places to need this? If we find a third it probably warrants abstraction.

@fmarier
Copy link
Member Author

fmarier commented Nov 10, 2021

Do we expect many other places to need this? If we find a third it probably warrants abstraction.

The only other special treatment of .onion I could see in Firefox has to do with treating .onion services over HTTP as a secure context, which we are also planning to do in Brave.

@fmarier fmarier marked this pull request as ready for review November 10, 2021 23:12
domfarolino
domfarolino reviewed Nov 16, 2021
View reviewed changes
index.src.html Outdated Show resolved Hide resolved
@domfarolino
Copy link
Member

domfarolino commented Nov 25, 2022
edited
Loading

This has been sitting for a while now with no activity (partially because I've failed to review it, but that's mostly because I haven't seen much activity in terms of consensus on the other related issues). I've tried to round up all of the related web platform .onion issues and PRs:

It seems like the Fetch issue is stalled on feedback that hasn't come in, and perhaps also stalled on general consensus for this from other browsers. Would you mind if I closed this or marked it as a draft until some of the consensus around handling .onion in web specs gets sorted out, and we can go from there? Let me know if you have plans to still work on this.

@domfarolino domfarolino marked this pull request as draft November 25, 2022 18:48
@fmarier
Copy link
Member Author

fmarier commented Nov 26, 2022

You can also add brave/brave-browser#18071 if you want (that's the Brave issue where we implemented this in order to match the Tor Browser behavior).

Marking it as draft makes sense. I do intend to pick this up again since I think it would be worthwhile to agree on what the correct behavior should be and/or standardize what the two browser with built-in support for Tor already ship.

@fmarier fmarier mentioned this pull request Nov 7, 2023
Closed
@domfarolino
Copy link
Member

(This is showing up in my active review requests on GitHub, so I'll remove myself for now while this is parked as a draft)

@domfarolino domfarolino removed their request for review March 13, 2024 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domfarolino domfarolino domfarolino left review comments

Assignees

@fmarier fmarier

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fmarier @annevk @domfarolino