Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HTTP Onion Header ignored for local install

See original GitHub issue

I have BTCPay Server installed on a rockpro64.

When opening it via Brave, with local ip or local domain, I don’t see the Open in Tor option in brave. This might come from the fact the page is not https.

But this is problematic, because there is no easy way to discover the onion address of your install outside going to server settings / services.

Maybe we should add again the Tor link in the login page… That said, it seems to happen only if it is opened on HTTP. To make sure we don’t get black listed again by google safe browsing, maybe we should show the Tor link on login page only if http.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:11 (11 by maintainers)

github_iconTop GitHub Comments

3reactions
dennisreimanncommented, Aug 25, 2021

In the design meeting I think we already decided to re-add the button once we get to rework the footer. So we are in good shape, just need to find the time to implement it 😃

2reactions
dennisreimanncommented, Jul 11, 2021

Some more context, as I started to look into this a bit and the references might be helpful …

At least from our general Tor checks it seems we do not exclude the Onion-Location header when using http.

The docs state this, which explains why the button isn’t displayed:

The webpage defining the Onion-Location header must be served over HTTPS.

So this is indeed the problem and we need to fix it on our end to solve this. Unfortunately we never clearly found out where the safe browsing issue came from. Nevertheless the first pass of trying, which removed the Tor link from the login page, did not resolve the issue. So, having the link on the login page might actually solve this one without bringing back the safe browsing problem.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Onion-location: increasing the use of onion services through ...
I modified nsHttpChannel.cpp to do a redirect to Onion-Location if the pref is true (for automatic redirects) or the channel has a flag...
Read more >
I have setup tor on Ubuntu 16.04 using Apache2 It works ...
I am running the onion server from my home computer. It is not commercial in any way, mostly just a learning experience.. Given...
Read more >
Making an Apache website available as a Tor Onion Service
I started by installing the Tor daemon locally: apt install tor. and then setting the following in /etc/tor/torrc :
Read more >
Onion-Location read only from HTTP header (http-equiv ...
Go to https://group.miletic.net/ which doesn't send the header, but instead sends the onion-location in the http-equiv meta tag. $ curl -I https ...
Read more >
How to Build and Send an HTTP Request to a Tor Hidden ...
Curl only uses a proxy if you set it up in your "curl"-block. For example: c = Curl::Easy.new() do |curl| curl.proxy_tunnel = true ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error message too verbose/cryptic on "Create an Invoice" field validation

Next page

PayJoin *client* randomly fails with bogus error "Some of our outputs are not included in the proposal"