Lox should only use moat when the user gives consent
Currently the Lox
module will always use moat for requests to the lox authority whilst the user is not bootstrapped.
From our design documents:
Proxy Obedience
Prior to connecting to the Tor Network, the browser MUST NOT bypass Tor proxy settings for any content. User consent is REQUIRED when the browser needs to access remote services to facilitate connecting to the Tor Network (for example, to acquire bridges from the rdsys service).
So we should only use moat in response to a user event. I think we can basically restrict this to redeeming an invite. Background tasks and generating new invites can wait until after we are bootstrapped.
@donuts ideally, if we have not yet bootstrapped, we would change the wording in the "Add new bridges" dialog to make it clear that a bridge pass invite requires a plain internet connection. Maybe a bit tricky since the input accepts both a bridge pass invite and bridge addresses, and we wouldn't want the user to think that a bridge address would require a connection. It is only on alpha right now, so this is not that urgent, so we could split this into a separate issue to deal with later.