Origin header sent from hidden service to clearnet websites
When browsing hidden service on Tor browser like https://www.nytimes3xbfgragh.onion/
, XHR and fetch calls on this service to clear net websites/services like (https://securepubads.g.doubleclick.net) sends the name of hidden service in origin
header.
Given that Tor browser ensures that referrer are not sent from .onion to clearnet(https://trac.torproject.org/projects/tor/ticket/9623), not sure how big of an issue is XHR / fetch requests sending Origin header.
Note:
- Would be worth checking, if not sending
Origin
header, breaks some functionality. - Origin header is always capped to domain level. So in this case the service will not now the exact URL on hidden service, but at least will learn the hidden service name.
Trac:
Username: kkm