Skip to content

Revert #21537: Mark .onion cookies as secure

Following a conversation about the #21537 (closed) patch, we should back out that change. The patch is correct from the perspective that a connection with an onion service is a secure channel, however there are circumstances where the onion services connects with a remote web server and potentially sends secure cookies over an insecure (plaintext) channel.

While this configuration is entirely dependent on how the web site was configured, and it is not a flaw in onion services, Tor Browser should take this into account instead of assuming all onion service connections are end-to-end encrypted and authenticated secure channels.

We should find an (opt-in) alternative solution for allowing the use of secure cookies over onion service connections that are secure channels, without exposing secure cookies on onion services connections that are not secure channels.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information