Parsing of Onion-Location header is different from Tor Browser

[fmarier]

Description

The specification for the Onion-Location header is unclear about two points:

• How to handle multiple copies of the Onion-Location header.
• Whether the header or the <meta> tag takes precedence.

Steps to reproduce

Look at the following test pages which demonstrate the problem:

• https://fmarier.org/test/onion-location1.html
• https://fmarier.org/test/onion-location2.html

Actual result

In Brave, we only look at the first value and use that. The header takes precedence.

Expected result

The Tor Browser merges all header values together (separated by ", " (without the quotes) and uses that as the URL. The <meta> tag takes precedence.

We should match the Tor browser since it is the de-facto reference implementation, but we should check upstream whether that's the intended behavior.

Reproduces how often

Always

Brave version (brave://version info)

Brave   1.68.110 Chromium: 127.0.6533.26 (Official Build) beta (64-bit) 
Revision    83a08b66c8afbf78547e2acc7b3a7ebb962f359b
OS  Linux

Channel information

• [X] release (stable)
• [ ] beta
• [ ] nightly

[fmarier]

I have opened an issue upstream: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42688