Tor2web icon indicating copy to clipboard operation
Tor2web copied to clipboard

Published 20 hours ago verified publisher icon tor2web

Introduce API to Check if client is behind Tor or not

Open fpietrosanti opened this issue 11 years ago • 2 comments

This ticket is to implement an API that can be queried by HTTP client (also with CORS) to know if he is behind Tor or not.

This API should use the cached information of onionoo coming from #10 implementation .

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

fpietrosanti avatar Mar 01 '13 17:03 fpietrosanti

The API should implement a JSONP (CORS headers are not required) interface that will allow the requester to obtain if their publicly exposed IP address appears to be from the Tor network or not.

The API should return at minimum the following JSON dict:

{
    'tor': true | false
        if the IP address appears to be coming from the Tor network

    'ip': string
         the ipv4 dotted quad or ipv6 address

    'country': string
         (optional) two letter country code from which the request has originated
}

hellais avatar Mar 01 '13 18:03 hellais

Didn't we received some criticism about the risks related to JSONP, being able to inject JS code into the client's browser (maybe there was a thread on tor-talk)?

Wouldn't be safer something different than jsonp?

fpietrosanti avatar Mar 01 '13 18:03 fpietrosanti