Closed virgil closed 9 years ago
evilaliv3
commented
9 years ago @fpietrosanti/@hellais passing the tor2web basehost seems not a bad idea. what do you think?
for sure before doing such a change we should see how is using it apart now and eventually alert them in order to make the change. (e.g., securedrop people is using it and changing this without alerting them may introduce a vulnerability due to their treath model) so we can't merge this pull request by now.
fpietrosanti
commented
9 years ago At #79 we've been thinking to add a new header to pass the information of TLS cipher being negotiated.
This ticket propose to passe also the basehost.
What about making a set of Tor2web header to communicate different stuff OR to define a data-format that could contain all of that information?
virgil
commented
9 years ago I propose to use the set-cookie notation. i.e.,
x-tor2web: key1=value1; key2=value2
fpietrosanti
commented
9 years ago @virgil love, let's then document on the Wiki the different values supported https://github.com/globaleaks/Tor2web-3.0/wiki as we also have #50 that's a useful HTTP header thing
evilaliv3
commented
9 years ago currently this patch cant' be integrated.
projects like securedrop are using the current header specification to block tor access, so specification will need provided and discussed before appling such a code edit.
fpietrosanti
commented
9 years ago @evilaliv3 why not? I think they only match if the X-Tor2web header existing, not the content
evilaliv3
commented
9 years ago cause for now it's an header change that forward the basehost and i think it's better to discuss what we want to to and a clean way on how to do it.
concernin the format i'm ok with the format that virgil is suggesting "x-tor2web: key1=value1; key2=value2" that is equal to the set cookie format so that the parsing is standard. but what about the variables and onfos that we want to pass? can we make a list of the useful ones?
virgil
commented
9 years ago @fpietrosanti agreed. As far as I've seen websites only check for the existence of the x-tor2web header.
landscape-bot
commented
9 years ago 
Repository health decreased by 0.50% when pulling 2318975 on virgil:patch-29 into 52c7249 on globaleaks:master.
landscape-bot
commented
9 years ago
Repository health decreased by 0.50% when pulling 2318975 on virgil:patch-29 into 52c7249 on globaleaks:master.
landscape-bot
commented
9 years ago
Repository health decreased by 11% when pulling 2318975 on virgil:patch-29 into 24bbce7 on globaleaks:master.
landscape-bot
commented
9 years ago
Repository health decreased by 12% when pulling 2318975 on virgil:patch-29 into c99a6a9 on globaleaks:master.
landscape-bot
commented
9 years ago
Repository health decreased by 17% when pulling 2318975 on virgil:patch-29 into 85e0f4e on globaleaks:master.
virgil
commented
9 years ago Found a better way to do this.
Connection isn't always encrypted (e.g., onion.city uses HTTP) and it'd be nice to know which tor2web node is making the request. So adding that too.
Double-check the config.proto. It's on my version but I don't know if you accepted it. On my version config.proto is always either 'http://' or 'https://'