Onion location header redirects to homepage

[deeplow]

The "Onion location header" introduced in #695 redirects the user to the onion version of the securedrop website.

The user is being redirected to the homepage instead of to the page where they were, which is quite annoying.

A lot of websites had this problem. See how they fixed it on the Qubes website for inspiration.

[conorsch]

@deeplow Thanks for pointing this out, you're right that it's a bit frustrating to navigate to a subpage and be redirected to the onion version of the homepage. Adding a bit more detail:

How it currently works

1. Navigate to https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/ in Tor Browser
2. Click the Onion Available button
3. Observe redirect to https://secrdrop5wyphb5x.onion/

How it Should™ work

1. Navigate to https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/ in Tor Browser
2. Click the Onion Available button
3. Observe redirect to https://secrdrop5wyphb5x.onion/news/piloting-securedrop-workstation-qubes-os/

The latter definitely feels much more intuitive to me, so let's go with that.

[conorsch]

This is now fixed. Note that we've updated to a v3 Onion URL as part of recent improvements, and retired the old v2 URL. SInce Onion-Location headers are served, Tor Browser will discover it automatically.

Just confirmed via interactive testing that https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/ shows "onion available", and clicking on it takes me to https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/

Thanks for your thoughtful report in the original post, @deeplow!