[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Implement JSONP interface for check.torproject.org

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Implement JSONP interface for check.torproject.org
From: tor@xxxxxxxxxxxxxxxxxx
Date: Sun, 06 Nov 2011 14:01:50 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Nov 2011 09:02:10 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.grepular.com; s=dkim1; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=TvK6uV+9Nq9EUs8A0Hw/6vILaMnoX8rqL78s+EuywWw=; b=AdXGPyRhid64CnbOxxoDMHU78H7B3JHn4iHXULStPkPEv85aS21+VQhYwTUo80jnOoOOl9Z0TygDtJWIcNgB+ZJRv7N0Ic6pYMMF3IZfuToFcEFqADPfci5tzUCQj93FjI8VkCBREny4zBOKJM8NmlRWXsFaMUMn85mMrl9FRC0=;
In-reply-to: <4EB5E251.1020909@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: url=https://grepular.com/0018461F.pub.asc
References: <4EB5E251.1020909@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1

On 06/11/11 01:26, Arturo Filastò wrote:

> I have made a patch to check.torproject.org to expose a JSONP interface
> that would allow people to have the user check client side if (s)he is
> using Tor.

It would be safer to expose a JSON web service than a JSONP web service,
and use a wild "Access-Control-Allow-Origin" HTTP response header to
allow cross-site XMLHttpRequest. That way, people could pull the data
without suffering the risks of embeddeding third party JavaScript.
There's nothing stopping it from being provided as a secondary option.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Implement JSONP interface for check.torproject.org
  - From: Arturo Filastò

Prev by Author: Re: [tor-talk] Implement JSONP interface for check.torproject.org
Next by Author: Re: [tor-talk] New Browser Bundle
Previous by thread: Re: [tor-talk] [tor-dev] Implement JSONP interface for check.torproject.org
Next by thread: [tor-talk] BlackBeltPrivacy-Tor+WASTE darkNet()
Index(es):
- Author
- Thread