|
|
|
|
|
|
by rnhmjoj
288 days ago
|
|
|
> But don't most people use custom browsers with built-in support for onion anyway? If that's the case, the easiest solution would seem to just declare .onion a "secure origin" like localhost and patch the browser accordingly. Indeed, the use of the onion TLD has been standardised in RFC 7686 [1], so browsers should really treat it as secure and stop the usual plaintext HTTP shenanings. [1]: https://datatracker.ietf.org/doc/html/rfc7686 |
|
|