-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hey y'all,
Copying this over from a reply I made to tor-talk (since I mentioned it over in the #tor-onions IRC channel). Basically 1) confirming that alt-svc does seem to work consistently in newer TBB, and 2) a fun accident in sending a HTTP 302 to folks that get to the onion via alt-svc. > [...] > In any case, I did a quick test on propublica.org *not* using cloudflare's > built-in onion service feature (since we're running our own with our own EV > cert anyway), and wanted to mention it here: > > Set `alt-svc: h2="www.propub3r6espa33w.onion:443"; ma=300`, and looks like > TBB (8.5a1) actually did silently switch over to using the onion for the > connection. As above, there'd generally be no outward indication to the user > that this has happened, except I'd actually configured the onion proxying > bits (right now running nginx) to throw the browser a 302 redirect to the > onion domain if the HTTP Host header isn't the onion domain. So, I'd > inadvertently set this up to work where the user actually > does get fully > redirected over to the onion. > > (I've since taken off the alt-svc header, since that was just a quick test > and I'll need to figure out if that's behavior we want in lieu of the TBB UI > getting an explicit user interaction before moving to the alt-svc. But > figured that's worth mentioning for folks who _do_ want to easily make a > clearnet domain redir TBB to an onion domain.) > > [1]: https://trac.torproject.org/projects/tor/ticket/27590 > [2]: > https://trac.torproject.org/projects/tor/attachment/ticket/21952/21952.png Anyway, that was a fun and awesome surprise. Perhaps should be obvious, but honestly I had no idea how the alt-svc behavior was going to work. Hopefully this is helpful to others? - -- Mike Tigas https://mike.tig.as/ -----BEGIN PGP SIGNATURE----- Comment: https://mike.tig.as/pgp/ Comment: http://tigas3l7uusztiqu.onion/pgp/ iQIzBAEBCgAdFiEEGzfVMu3Uhpsce8OaFLh4upXaaEoFAluley0ACgkQFLh4upXa aEp25g//ZvfORMnDMc4kf0OicTYRsv0mJUA/QS7GAqtpNX4Su5iqQWRYN8yE80iU a3u06z+V1lVCLW5GKjGdPZjcxtAaRmq+fezR9ScUhxIg+BdeApQHUpYgf7DABZtL ImYNx8dO3gkFjbmA0P6Cpxzf5Fl8nYMuyH40LivlufWERapYX9r6YKTR0o0zmkzj 06A9E7wPGeJxnbD+pc8XxSdtCJhxFRGVqoT9MqnRkiMTRU1Dh2Fbriyaqx1iHj/H CjCGIE3A9WmGdUKlRgcJzMFoRz/GXLnxGzEjT3eOu56BA3CY/ShYyUMmUf3ILj0s 8L5UHs7zlzSWFpfqO7kYrm0IJForS32DxtsQHGcVyz6Hi+UHBHoWob+1caukWX4G CI7sC+rw//M3iGxJddRUYHTNh8ZJSpglDAP0mBd3qBCTvBHTDuqBopfLr4/Vs3MY DKTYmjT+vp2HeXu3gT7S8E+aF40WmFNmQLBvnxqb0PclbhRxXhd+5UxAfzv6EW0L oZgL4vQzuEjV4j15vozqlojTInIlrpLdWAmx0xAhRfQIdjSHlWWXhkKdGIl12H76 wswRkBi2LHBzPANx7VkMT7FItF7+Hcw5MwEsZ8NJV7P6mWZ8CtT8fUJaPLAAYaBX q0UELMhkXQi6XoX7M8WRfY/d8R71fNUgzJTUNffktE3yBpxdliWIuAQBEwoAHRYh BOk8LVk3LzcQmzAuvZFvvD/f12DEBQJbpXstAAoJEJFvvD/f12DE4fkCCM54+/b8 Z3qI9XBUC2iNgjaFuVYd8IgS0ikl5xLMePJTZVp1FxrNhBmqd0G8JwhRxOq6PNWf tPH7VLpv1jtPX/AGAgkBqemkYIZnEGujCdQuiYjyHDsiWofIjcycX3ei593IDMXp NqdrFz2/auLeZYHBPKaH5ts4Vj+xIAW4Zk0DBafmQfM= =XpLQ -----END PGP SIGNATURE----- _______________________________________________ tor-onions mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
