Open fmarier opened 3 days ago
The specification for the Onion-Location header is unclear about two points:
Onion-Location
<meta>
Look at the following test pages which demonstrate the problem:
In Brave, we only look at the first value and use that. The header takes precedence.
The Tor Browser merges all header values together (separated by ", " (without the quotes) and uses that as the URL. The <meta> tag takes precedence.
", "
We should match the Tor browser since it is the de-facto reference implementation, but we should check upstream whether that's the intended behavior.
Always
Brave 1.68.110 Chromium: 127.0.6533.26 (Official Build) beta (64-bit) Revision 83a08b66c8afbf78547e2acc7b3a7ebb962f359b OS Linux
I have opened an issue upstream: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42688
Description
The specification for the
Onion-Location
header is unclear about two points:Onion-Location
header.<meta>
tag takes precedence.Steps to reproduce
Look at the following test pages which demonstrate the problem:
Actual result
In Brave, we only look at the first value and use that. The header takes precedence.
Expected result
The Tor Browser merges all header values together (separated by
", "
(without the quotes) and uses that as the URL. The<meta>
tag takes precedence.We should match the Tor browser since it is the de-facto reference implementation, but we should check upstream whether that's the intended behavior.
Reproduces how often
Always
Brave version (brave://version info)
Channel information