Implement a CheckTor API

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers

https://www.tor2web.org

GNU Affero General Public License v3.0

705 stars 176 forks source link

Implement a CheckTor API #221

Closed evilaliv3 closed 9 years ago

evilaliv3 commented 9 years ago

The aim of this ticket is to design and and implement a CheckTor API useful for allowing clients to detect if they are using Tor or not, by simply making requests to a Tor2web domain.

This would allow to perfom this check on the same domain of a Tor2web instance without requiring user to perform requests to different domain, or to implement the check on an existing domain of an initiative without leaking any requests to external services.

evilaliv3 commented 9 years ago

Current specification discussed with @fpietrosanti is the following:

the API should permit requests to a /gettor resource
the resource should provide an output compliant to current Tor API implemented at: https://check.torproject.org/api/ip
the HTTP response should inject an x-check-tor header returning a simple boolean value depending if the user is detected to be using Tor or not
the resource should allow CORS as specified in https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

fpietrosanti commented 9 years ago

Finalize documentation on the different use-case of Tor2web CheckTor Javascript https://github.com/globaleaks/Tor2web-3.0/wiki/CheckTor

fpietrosanti commented 9 years ago

Done