CheckTor

Tor2web does provide a technical facility to enable third party website, to verify if a user is connecting over Tor or not, called CheckTor for Tor2web .

This facility is implemented under the name CheckTor for Tor2web, following the example of the official CheckTor extension of Tor Project.

CheckTor for Tor2web match if a user it's on Tor or not, looking at it's source IP address or trough the X-Forwarded-For HTTP header (if available because deployed behind a reverse-proxy), matching it via the Onionoo web service.

CheckTor for Tor2web signal to the Web Client if the user is running Tor or not by using two different methods:

• An HTTP Header X-Check-Tor with True/False value in all HTTP Response by Tor2web

• An HTTP Response under /checktor URI that's compatible with official CheckTor resource https://check.torproject.org/api/ip

The HTTP Response under /checktor enable inclusion by third party website, explicitly allowing Cross Site CORS headers.

CheckTor for Tor2web provide a very simple CheckTor Javascript file for use by third party websites that used to be published on the Internet AND on the Tor Hidden Service .onion, facilitating detection of Tor users and automatic redirection to the corresponding .onion .

The CheckTor JS can be integrated in 3 different way with public or private Tor2web servers:

• included script resource from a remote Tor2web, loading a remote /checktor service

• embedded CheckTor JS into your website HTML code, loading a remote /checktor service

• embedded CheckTor JS into your website HTML code, loading a local /checktor service (proxed trough apache/nginx reverse-proxying, to avoid leaking your users IP address to CheckTor for Tor2web service, using X-Forwarded-For)

TODO: Document how to use the JS <script> TODO`` by then using the function RedirectTor()```