search

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.25k stars 274 forks source link

Tor Browser detection isn't working properly, not redirecting to .onion #2244

Closed fpietrosanti closed 6 years ago

fpietrosanti commented 6 years ago

Current behavior While testing the platform for a project we've identified that the platform didn't detected that the user was using Tor Browser and properly redirected to the .onion address.

The user was using a secondary instance in a multi-site environment.

Expected behavior The platform should detect that the user is using Tor and redirect to the .onion, if and only if this is present and active.

Steps to reproduce the problem or feature illustration Connect with Tor Browser to a website platform with a .onion active.

There should be a redirection, but it doesn't happen.

evilaliv3 commented 6 years ago

The bug happened testing on multitenant instance and does probably not apply to the root tenant.

fpietrosanti commented 6 years ago

Possibly integrate new Tor Fingerprinting mainteined js library https://github.com/jonaslejon/tor-fingerprint https://github.com/jonaslejon/tor-fingerprint/blob/master/tor-fingerprint.js

evilaliv3 commented 6 years ago

This bug was identified and fixed recently and appears to not be present in the up-to-date release (3.1.10)