We have at least two places in the code (search for the URL of this bug) where we decide to route a request to the TOR socks by checking if the DNS host ends in '.onion'. There are two problems here:
I'm not sure that the check is really secure in any meaningful sense of the term.
We WANT non onion addresses to go to Tor if possible since that hides them. But in some cases, such as local connections, we can't use Tor because the address is not resolvable outside of the local network. So we need a better way to decide if a non-onion address should go to the socks proxy.
yaronyg
commented
10 years ago
We have at least two places in the code (search for the URL of this bug) where we decide to route a request to the TOR socks by checking if the DNS host ends in '.onion'. There are two problems here: