Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reject port 80 non-onion destinations #21

Open
JeremyRand opened this issue Jul 11, 2021 · 3 comments
Open

Reject port 80 non-onion destinations #21

JeremyRand opened this issue Jul 11, 2021 · 3 comments
Labels
enhancement New feature or request Hacktoberfest

Comments

@JeremyRand
Copy link
Member

We should add an option (per eTLD) to reject destinations that are not .onion domains if they are using TCP port 80. This has the effect of guaranteeing that the eTLD will use a secure origin for HTTP traffic.

@JeremyRand
Copy link
Member Author

Maybe wait on this until Namecoin TLS support for Tor Browser is further along?

@yanmaani
Copy link
Contributor

yanmaani commented Dec 2, 2021

Seems a bit gross. If it's needed, it's needed, but it seems conceptually cleaner to limit ourselves to .onion and punt on this until later.

@JeremyRand
Copy link
Member Author

Seems low priority at the moment, but if a volunteer wants to implement this, I'd accept a PR.

@JeremyRand JeremyRand added enhancement New feature or request Hacktoberfest labels Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Hacktoberfest
Projects
None yet
Development

No branches or pull requests

2 participants