Onion authentication when using ".tor.onion" alias
Something @richard brought up.
In principle, a website using the ".tor.onion" domain may also ask for an authentication key. I'm not sure such an onion site exists, or whether it will in the future.
In this scenario, I think our current authentication prompt would fail:
- I'm not sure whether the host passed to the prompt is the ".tor.onion" or ".onion" address. If it is the former, then we will not show the prompt because we won't extract the required
onionServiceId
from it. - The prompt should show the alias address to match the address in the URL bar.
- For the saved key dialog in the preferences, we should probably show the ".tor.onion" address rather than just the current ".onion" address. However, a user may have entered their key when visiting the ".onion" address, and may be confused if it shows up in their settings as the alias instead. Not sure what we can do about this, other than showing both the ".tor.onion" and ".onion" address.
I think this is just a future-hypothetical at the moment, so I don't know how much weight we should give it. But it might be something to consider addressing if we ever want to expand on the onion alias feature.