Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Tor2web does provide a technical facility to enable third party website, to verify if a user is connecting over Tor or not, called
CheckTor for Tor2web .
This facility is implemented under the name
CheckTor for Tor2web,following the example of the official CheckTor extension of Tor Project.
CheckTor for Tor2web matchs if a user it's on Tor or not, looking at it's
source IP address or trough the
X-Forwarded-For HTTP header (if available because deployed behind a reverse-proxy), matching it via the Onionoo web service.
CheckTor for Tor2web signals to the Web Client if the user is running Tor or not by using two different methods:
An HTTP Header
X-Check-Torwith boolean True/False value in all HTTP Response by Tor2web
An HTTP Response under
/checktorURI that's compatible with official CheckTor resource https://check.torproject.org/api/ip
The HTTP Response under
/checktor enables inclusion by third party website, explicitly allowing Cross Site CORS headers.
CheckTor for Tor2web provides a very simple
The CheckTor JS can be integrated in 3 different way with public or private Tor2web servers:
included script resource from a remote Tor2web, loading a remote
embedded CheckTor JS into your website HTML code, loading a remote
embedded CheckTor JS into your website HTML code, loading a local
/checktorservice (proxed trough apache/nginx reverse-proxying, to avoid leaking your users IP address to CheckTor for Tor2web service, using X-Forwarded-For)