Re: [whatwg/fetch] Send "null" Origin header on cross-origin .onion requests (PR #1351) from Francois Marier on 2021-11-23 (public-webapps-github@w3.org from November 2021)

From: Francois Marier <notifications@github.com>
Date: Mon, 22 Nov 2021 17:54:27 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1351/review/813171195@github.com>

@fmarier commented on this pull request.



> @@ -2820,6 +2823,11 @@ given a <a for=/>request</a> <var>request</var>, run these steps:
  <li><p>Let <var>serializedOrigin</var> be the result of <a>byte-serializing a request origin</a>
  with <var>request</var>.
 
+ <li><p>If <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>'s
+ <a for=origin>host</a> ends with "<code>.onion</code>" or "<code>.onion.</code>", and
+ is not <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, then set
+ <var>serializedOrigin</var> to `<code>null</code>`. [[ONION]]

The starting origin in all cases is `example.onion`. It issues two 307 redirects.

In the first example, it goes from `example.onion` to `example.onion/anotherpage` before ending on `example.com`.

In the second example, it goes from `example.onion` to `example.com` before ending on `example.onion/anotherpage`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1351#discussion_r754756751

Received on Tuesday, 23 November 2021 01:54:39 UTC