Inconsistent behavior for .onion and .onion. (with tailing dot) hosts

[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
[//]: # (We welcome input from users on improving this project.)
[//]: #
[//]: # (Please help us by following this issue template.)
[//]: # (You can delete all blank lines and all lines starting)
[//]: # (with the comment marker, such as this one.)
[//]: #
[//]: # (Delete all but one of the following "Type" lines.)
[//]: # (Leave in the line that best describes the issue you are reporting.)

Type: code issue

[//]: # (If you are reporting a ruleset/website problem, include the top-level)
[//]: # (domain below. For example, if you want to report an issue about)
[//]: # ("one.example.com" and "two.example.com", then the line below should)
[//]: # (be:)
[//]: #
[//]: # (Domain: example.com)
[//]: #
[//]: # (Be sure to remove the parenthesis and comment marker.  If you are only)
[//]: # (reporting an issue about "one.example.com", then the line below should)
[//]: # (be:)
[//]: #
[//]: # (Domain: one.example.com) 
[//]: #
[//]: # (Only include one top-level domain. If you have more than one top-level)
[//]: # (domain to report, such as both "example.com" and "example.org", open a)
[//]: # (new issue for each top-level domain.)
[//]: #
[//]: # (If you are not reporting a ruleset/website problem, you can delete the)
[//]: # ("Domain" line or leave it blank.)

Domain: onion.

[//]: # (Include any other relevant information below. Thank you again for)
[//]: # (helping to improve HTTPS Everywhere.)

As per the following code, we do not cancel `.onion` requests in "Block all unencrypted requests" mode even if they are not available in HTTPS. However, the same does not hold true for `.onion.` (with tailing dot) requests. Requests to `.onion.` are forced to go through HTTPS (main_frame) or otherwise canceled if there is no applicable ruleset.

https://github.com/EFForg/https-everywhere/blob/159a9fa4ca9ea0109ad7bbb4a367a42fadc342f7/chromium/background.js#L236-L243

e.g.

`http://nonhttpsonionaddress.onion/` -> `http://nonhttpsonionaddress.onion/`

`http://nonhttpsonionaddress.onion./` -> `https://nonhttpsonionaddress.onion/`


P.S. I am not really sure if this is the expected behavior. @Hainish @cowlicks can you confirm?

P.S.2 Possible fix in #13569 


	var shouldCancel = (
	httpNowhereOn &&
	uri.protocol === 'http:' &&
	!/\.onion$/.test(uri.hostname) &&
	!/^localhost$/.test(uri.hostname) &&
	!/^127(\.[0-9]{1,3}){3}$/.test(uri.hostname) &&
	!/^0\.0\.0\.0$/.test(uri.hostname)
	);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Inconsistent behavior for .onion and .onion. (with tailing dot) hosts #13568

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Inconsistent behavior for .onion and .onion. (with tailing dot) hosts #13568

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions