Hi,
On 13/07/18 16:24, Tom Ritter wrote:
Ah, that makes sense. You want /foo.html to serve an Onion-Location that goes to /foo.html
Exactly! But I might also want that /foo/bar.html goes to /bar.html on the onion service while /baz/bar.html goes to /bar.html on another onion service. Otherwise I don't think we can claim that the Onion-Location header is similar to the Location header.
But you're saying you did this manually for each file? I guess I hadn't thought about how I would implement this (for Apache)... http -> https redirection is done with mod_write, typically something like
My personal website is currently hosted by Netlify. They allow you to provide a file that is used to send custom headers on a per-URL basis.
https://www.netlify.com/docs/headers-and-basic-auth/
I've attached the script I'm using for this. It's a manual step in that I have to run the script. I could probably automate it if I learnt a little more Hugo.
I don't mess with Apache/mod_rewrite much, but surely there's a way to write out the Onion-Location header with the supplied path/querystring automatically?
I would imagine there are ways to configure this, but I don't know what they are.
I agree that if a Location header is present, the browser should follow it immediately. If the subsequent location has an Onion-Location header (and no Location header) then the browser should prompt.
This sounds reasonable.
Location is a non-prompt, non-negotiable redirect. Onion-Location is a prompted, user-chosen redirect.
The only question in my mind is if the user has opted in to always following Onion-Location redirects, then the question is: which header do you follow? And I would suggest Onion-Location although I don't have a strong argument for that choice besides "It's our feature, we should give it precedence."
I think in this case, I would prefer to follow the Onion-Location header first, as the user has chosen to make the usability trade-off for security by enabling the automatic redirects.
Would it be worthwhile for me to write some text to this effect as a patch for the proposal document?
Thanks, Iain.