#29705: Enable Brotli compression for .onion domains --------------------------------------+--------------------------- Reporter: expyuzz4wqqyqhjn | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: #21728 | Points: Reviewer: | Sponsor: Sponsor27 --------------------------------------+---------------------------
Comment (by willbarr): Aside from treating onion as a secure context, I think this needs to be fixed separately. The reason google banned brotli from http seems 1) to promote https 2) poorly maintained http sites may broke. Refer: https://hacks.mozilla.org/2015/11/better-than-gzip-compression- with-brotli/ I think the risks of enabling brotli over http and breaking onion sites is less important than it’s advantages when supported. There are two ways to enable brotli support, 1) just enable it on all http requests including non-onions 2) creating a “potentialy trustworthy” context, put onion sites there and enable brotli there. The first approach will be as simple as adding br here. https://gitweb.torproject.org/tor- browser.git/tree/modules/libpref/init/all.js#n1754 This is presumed to break certain legacy sites. However I haven’t had any problems when I tested this on various sites. The second approach is rather hard, and it deviates a lot from upstream firefox code base. I’ve found an example implementation, which enables brotli on localhost by putting them into a “potentially trustworthy” context”. https://bugzilla.mozilla.org/show_bug.cgi?id=1222541 https://bug1222541.bmoattachments.org/attachment.cgi?id=9040956 I’d like to hear devs opinion on this. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29705#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs