[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29705 [Applications/Tor Browser]: Enable Brotli compression for .onion domains



#29705: Enable Brotli compression for .onion domains
--------------------------------------+---------------------------
 Reporter:  expyuzz4wqqyqhjn          |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #21728                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27
--------------------------------------+---------------------------

Comment (by willbarr):

 Aside from treating onion as a secure context, I think this needs to be
 fixed separately.

 The reason google banned brotli from http seems 1) to promote https 2)
 poorly maintained http sites may broke.

 Refer: https://hacks.mozilla.org/2015/11/better-than-gzip-compression-
 with-brotli/

 I think the risks of enabling brotli over http and breaking onion sites is
 less important than it’s advantages when supported.

 There are two ways to enable brotli support, 1) just enable it on all http
 requests including non-onions 2) creating a “potentialy trustworthy”
 context, put onion sites there and enable brotli there.

 The first approach will be as simple as adding br here.
 https://gitweb.torproject.org/tor-
 browser.git/tree/modules/libpref/init/all.js#n1754

 This is presumed to break certain legacy sites. However I haven’t had any
 problems when I tested this on various sites.

 The second approach is rather hard, and it deviates a lot from upstream
 firefox code base. I’ve found an example implementation, which enables
 brotli on localhost by putting them into a “potentially trustworthy”
 context”.

 https://bugzilla.mozilla.org/show_bug.cgi?id=1222541

 https://bug1222541.bmoattachments.org/attachment.cgi?id=9040956


 I’d like to hear devs opinion on this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29705#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs