From fefa1dc2c53caf3c02239824fc7cb632c57cfd60 Mon Sep 17 00:00:00 2001
From: Francois Marier <francois@brave.com>
Date: Mon, 8 Nov 2021 19:19:45 -0800
Subject: [PATCH] Send "null" Origin header on cross-origin .onion requests

Fixes #1350.
---
 fetch.bs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/fetch.bs b/fetch.bs
index 8f34ae887..7cbadab09 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -111,6 +111,9 @@ urlPrefix:https://w3c.github.io/hr-time/#;spec:hr-time
         "href": "https://datatracker.ietf.org/doc/html/draft-ietf-masque-h3-datagram",
         "publisher": "IETF",
         "title": "Using QUIC Datagrams with HTTP/3"
+    },
+    "ONION": {
+        "aliasOf": "RFC7686"
     }
 }
 </pre>
@@ -2820,6 +2823,11 @@ given a <a for=/>request</a> <var>request</var>, run these steps:
  <li><p>Let <var>serializedOrigin</var> be the result of <a>byte-serializing a request origin</a>
  with <var>request</var>.
 
+ <li><p>If <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>'s
+ <a for=origin>host</a> ends with <code>.onion</code> or <code>.onion.</code> [[ONION]], and
+ is not <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, then set
+ <var>serializedOrigin</var> to `<code>null</code>`.
+
  <li><p>If <var>request</var>'s <a for=request>response tainting</a> is "<code>cors</code>" or
  <var>request</var>'s <a for=request>mode</a> is "<code>websocket</code>", then
  <a for="header list">append</a> (`<code>Origin</code>`, <var>serializedOrigin</var>) to