[whatwg/fetch] Send "null" Origin headers on cross-origin requests from an RFC7686 address (Issue #1350) from Francois Marier on 2021-11-09 (public-webapps-github@w3.org from November 2021)

From: Francois Marier <notifications@github.com>
Date: Mon, 08 Nov 2021 19:17:56 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1350@github.com>

The special-use `.onion` domain name, defined in [RFC7686](https://datatracker.ietf.org/doc/rfc7686/), receives special treatment in the Tor browser and in Firefox: https://searchfox.org/mozilla-central/rev/6c8d325e61b0b445ed2e04899da38c3a4c266cba/netwerk/protocol/http/nsCORSListenerProxy.cpp#979-984

It seems like this behavior should be standardized since any browser could be setup to proxy traffic over the Tor SOCKS5 proxy.

I also filed an [issue against the Referrer Policy spec](https://github.com/w3c/webappsec-referrer-policy/issues/155) to address the Referrer header.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1350

Received on Tuesday, 9 November 2021 03:18:09 UTC