![]() There is often no need to track users on Tor because they are anonymous as in they often leave the same User Agent and IP-address since they almost exclusive use TBB and therefore have the same User Agent and your web server will see the IP as 127.0.0.1 if they are connecting via the Tor network. Note that CSP is supported in Tor Browser Bundle and you should use it because attacks such as XSS and CSRF are still very possible on onion-domains! Speaking of CSP, if you have the report-uri-directive you must point that to your onion if you are hosting the CSP-violate-logger locally. If you are using CSP you could use the ‘self’-directive because the browser will interpret that as the onion-domain in this case. ![]() The best fix is to never direct link resources in your code, that is “ “, instead you should just have it as “/scripts/jquery.js” If a user only gets resources via the onion-domain the web server will only see 127.0.0.1 as IP. This is because the web server will see the request and therefore the current exit relay for that specific user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |