Forcing hostname has broken support for Onion Services

Hi,

I think this commit has broken the ability to host a Discourse forum on a Tor .onion service.

https://github.com/discourse/discourse/commit/e7001f879a2cd87cba8dbfc5bb4e0f4f9023471c

After logging in via .onion, the user is redirected back to the ‘clearnet’ domain.

I realise it’s a security fix, but in some jurisdictions, redirecting the user away from the Tor network could place them in danger. I know it’s a niche thing to be concerned about, but the danger is very real for some people.

Is there any way Discourse can accept a whitelist of domains to be used on as opposed to just one? The way it was worked without a problem for hosting Discourse on a clear net domain as well as an .onion alternative, until now.

Thanks!

1 Like

I am not sure, this has to do with specific host headers, @sam would need to reply.

1 Like

The Tor network supports carrying traffic to “clearnet” sites, not just sites that are specifically hosted on onion domains. Onion services are only needed if the host of the forum themselves wants to be anonymous, in which case you wouldn’t have a clearnet domain.

4 Likes

Fundamentally the problem is we expect Discourse sites just to have 1 domain. The reason for this is that we send out emails and have to pick a domain we can not pick random.

I am not following why not have the onion address as your hostname.

If you really really want to enable this ninja I am allowed to have 2 domains going feature, you can use a plugin, example of a commit that made this work for my blog is here:

https://github.com/SamSaffron/blog/commit/d09f5ea409e4a3a5d4905f511273bc0566e21cff

4 Likes

Thanks @sam for providing a workaround.

In our use case we want to support both an .onion and a clearnet domain as options for our users.

The previous reply has overlooked other benefits of .onion than just anonymity, as well as the fact that Tor’s support for accessing clearnet sites introduces other risks by requiring exit nodes (unlike .onions) so is not sufficient on its own, but I don’t want to get into a big discussion here on the merits/disadvantages, I’m not here to convince anyone of why.

Other popular opensource apps such as Phabricator, Drupal, etc, all support methods with which to ‘whitelist’ multiple valid domain names for the app, even if one is considered the ‘primary’ for purposes such as sending mail, and still preventing cache poisoning attacks etc via invalid domains. I had hoped Discourse could do the same, but I’m satisfied with a plugin solution for our very corner-case requirement. Thanks again! :slight_smile:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.