Added Onion-Location response header.

infinity-next · May 5, 2020 · 1b0aff9 · 1b0aff9
1 parent 4f22ee0
commit 1b0aff9
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
@@ -8,6 +8,7 @@
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Illuminate\Session\TokenMismatchException;
 use Illuminate\Validation\ValidationException;
 use Symfony\Component\ErrorHandler\ErrorRenderer\HtmlErrorRenderer;
 use Symfony\Component\ErrorHandler\Exception\FlattenException;
@@ -35,6 +36,7 @@ class Handler extends ExceptionHandler
         ModelNotFoundException::class,
         MethodNotAllowedHttpException::class,
         NotFoundHttpException::class,
+        TokenMismatchException::class,
         TorClearnet::class,
         ValidationException::class,
     ];

diff --git a/app/Http/Middleware/TorFilter.php b/app/Http/Middleware/TorFilter.php
@@ -13,22 +13,30 @@ public function handle($request, Closure $next)
     {
         $accountable = true;
         $geolocation = new Geolocation;
+        $hiddenService = is_hidden_service();
+        $hiddenServiceExists = config('app.url_hs', false);
 
-        if ($request->header('X-TOR', false) || is_hidden_service()) {
+        if ($request->header('X-TOR', false) || $hiddenService) {
             // Consider a user unaccountable if there's a custom X-TOR header,
             // or if the hostname is our hidden service name.
             $accountable = false;
         }
         elseif ($geolocation->getCountryCode() == 'tor') {
             $accountable = false;
 
-            if (!config('app.debug', false) && env('APP_URL_HS', false)) {
+            if (!config('app.debug', false) && $hiddenServiceExists) {
                 throw new TorClearnet;
             }
         }
 
         user()->setAccountable($accountable);
 
-        return $next($request);
+        if (!$accountable || !$hiddenServiceExists) {
+            return $next($request);
+        }
+        else {
+            // for Tor Browser as of 9.5a11
+            return $next($request)->header('Onion-Location', 'http://' . config('app.url_hs') . '/' . $request->path());
+        }
     }
 }