Hi, On 13/07/18 16:24, Tom Ritter wrote: > Ah, that makes sense. You want /foo.html to serve an Onion-Location > that goes to /foo.html
Exactly! But I might also want that /foo/bar.html goes to /bar.html on the onion service while /baz/bar.html goes to /bar.html on another onion service. Otherwise I don't think we can claim that the Onion-Location header is similar to the Location header. > But you're saying you did this manually for each file? I guess I > hadn't thought about how I would implement this (for Apache)... http > -> https redirection is done with mod_write, typically something like My personal website is currently hosted by Netlify. They allow you to provide a file that is used to send custom headers on a per-URL basis. https://www.netlify.com/docs/headers-and-basic-auth/ I've attached the script I'm using for this. It's a manual step in that I have to run the script. I could probably automate it if I learnt a little more Hugo. > I don't mess with Apache/mod_rewrite much, but surely there's a way to > write out the Onion-Location header with the supplied path/querystring > automatically? I would imagine there are ways to configure this, but I don't know what they are. > I agree that if a Location header is present, the browser should > follow it immediately. If the subsequent location has an > Onion-Location header (and no Location header) then the browser should > prompt. This sounds reasonable. > Location is a non-prompt, non-negotiable redirect. > Onion-Location is a prompted, user-chosen redirect. > > The only question in my mind is if the user has opted in to always > following Onion-Location redirects, then the question is: which header > do you follow? And I would suggest Onion-Location although I don't > have a strong argument for that choice besides "It's our feature, we > should give it precedence." I think in this case, I would prefer to follow the Onion-Location header first, as the user has chosen to make the usability trade-off for security by enabling the automatic redirects. Would it be worthwhile for me to write some text to this effect as a patch for the proposal document? Thanks, Iain.
#!/usr/bin/zsh
hugo
find public | \
grep index.html | \
sed 's/^public//' | \
sed 's/index.html$//' | \
awk '{ print $0 "\n Onion-Location:
http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion"; $0 }' \
> static/_headers
# Limited compatibility with Healthy Onions add-on
sed -i 's,^ Onion-Location:
http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion/$,
Onion-Location:
http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion,'
static/_headers
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
