privoxy.git
9 years agoRebuild config file for 3.0.22 stable
Fabian Keil [Fri, 14 Nov 2014 11:31:53 +0000 (11:31 +0000)]
Rebuild config file for 3.0.22 stable

9 years agoUpdate SGML ChangeLog
Fabian Keil [Fri, 14 Nov 2014 11:31:41 +0000 (11:31 +0000)]
Update SGML ChangeLog

9 years agoPrevent leading and trailing whitespace in quotes
Fabian Keil [Fri, 14 Nov 2014 11:31:24 +0000 (11:31 +0000)]
Prevent leading and trailing whitespace in quotes

9 years agoChangeLog cosmetic
Fabian Keil [Fri, 14 Nov 2014 11:31:11 +0000 (11:31 +0000)]
ChangeLog cosmetic

9 years agoDeclare 3.0.22 'stable'
Fabian Keil [Fri, 14 Nov 2014 11:30:59 +0000 (11:30 +0000)]
Declare 3.0.22 'stable'

9 years agoChangeLog cosmetic
Fabian Keil [Fri, 14 Nov 2014 10:40:50 +0000 (10:40 +0000)]
ChangeLog cosmetic

9 years agoUpdate ChangeLog to reflect recent changes
Fabian Keil [Fri, 14 Nov 2014 10:40:40 +0000 (10:40 +0000)]
Update ChangeLog to reflect recent changes

9 years agoFix memory leak in rfc2553_connect_to()
Fabian Keil [Fri, 14 Nov 2014 10:40:24 +0000 (10:40 +0000)]
Fix memory leak in rfc2553_connect_to()

CID 66382.

9 years agopcrs_execute(): Consistently set *result to NULL in case of errors
Fabian Keil [Fri, 14 Nov 2014 10:40:10 +0000 (10:40 +0000)]
pcrs_execute(): Consistently set *result to NULL in case of errors

Should make use-after-free in the caller less likely.

CID 66391, CID 66376.

9 years agounmap(): Prevent use-after-free if the map only consists of one item
Fabian Keil [Fri, 14 Nov 2014 10:39:49 +0000 (10:39 +0000)]
unmap(): Prevent use-after-free if the map only consists of one item

CID 66394.

10 years agoMake sure csp flags have unique values
Fabian Keil [Wed, 12 Nov 2014 12:00:41 +0000 (12:00 +0000)]
Make sure csp flags have unique values

Previously CSP_FLAG_CRUNCHED and CSP_FLAG_CLIENT_CONNECTION_HEADER_SET
shared the same bit which obviously wasn't intentional.

The only negative effect was that Privoxy potentially reused less
connections than it could have, which explains why the problem hasn't
been noticed for seven years and was only found by manual code
inspection.

10 years agoLink to the 'Would you like to donate?' FAQ
Fabian Keil [Wed, 12 Nov 2014 12:00:10 +0000 (12:00 +0000)]
Link to the 'Would you like to donate?' FAQ

... instead of repeating parts of it while leaving out the rest.

10 years agoLet server_keep_alive() always remove the Keep-Alive header
Fabian Keil [Wed, 12 Nov 2014 11:59:47 +0000 (11:59 +0000)]
Let server_keep_alive() always remove the Keep-Alive header

Not forwarding the header to the client is a MUST and
non-compliance has no advantage here.

Fixes Co-Advisor test case rfc2616/hopHdr-Keep-Alive-toClt.

10 years agoUpdate URL of Polipo's website
Fabian Keil [Tue, 11 Nov 2014 12:19:52 +0000 (12:19 +0000)]
Update URL of Polipo's website

10 years agoDisable banners-by-size for kggp.de/
Fabian Keil [Tue, 11 Nov 2014 12:19:38 +0000 (12:19 +0000)]
Disable banners-by-size for kggp.de/

10 years agoPreserve negative HTTP status numbers
Fabian Keil [Mon, 3 Nov 2014 14:41:12 +0000 (14:41 +0000)]
Preserve negative HTTP status numbers

While they are technically invalid, "supporting" them doesn't
hurt and this gets the recently added curl test 1430 "working".

10 years agoAdd two consenting donors to the list of contributors
Fabian Keil [Mon, 3 Nov 2014 14:40:53 +0000 (14:40 +0000)]
Add two consenting donors to the list of contributors

10 years agoAdd changes for 3.0.22 stable
Fabian Keil [Mon, 3 Nov 2014 14:40:25 +0000 (14:40 +0000)]
Add changes for 3.0.22 stable

10 years agoAdd a couple of contributors
Fabian Keil [Mon, 3 Nov 2014 14:39:37 +0000 (14:39 +0000)]
Add a couple of contributors

10 years agoRegenerate docs
Fabian Keil [Tue, 21 Oct 2014 15:31:49 +0000 (15:31 +0000)]
Regenerate docs

10 years agoAdd #138: Bring back the scripts to provide actions file feedback
Fabian Keil [Tue, 21 Oct 2014 15:31:32 +0000 (15:31 +0000)]
Add #138: Bring back the scripts to provide actions file feedback

10 years agoBump copyright
Fabian Keil [Tue, 21 Oct 2014 15:31:16 +0000 (15:31 +0000)]
Bump copyright

10 years agoFix web-actions target
Fabian Keil [Tue, 21 Oct 2014 15:31:05 +0000 (15:31 +0000)]
Fix web-actions target

10 years agoGarbage-collect bookmarklets section
Fabian Keil [Tue, 21 Oct 2014 15:30:52 +0000 (15:30 +0000)]
Garbage-collect bookmarklets section

Most of the bookmarklets can't possible work due to not using a
trusted referer header and the rest of them can be replaced with
common bookmarks.

10 years agoFormally declare the scripts in doc/webserver/actions/ out of action
Fabian Keil [Tue, 21 Oct 2014 15:30:27 +0000 (15:30 +0000)]
Formally declare the scripts in doc/webserver/actions/ out of action

They haven't worked in years and the docs no longer reference them.

10 years agoAdd a web-faq target that only updates the FAQ on the webserver
Fabian Keil [Tue, 21 Oct 2014 15:30:06 +0000 (15:30 +0000)]
Add a web-faq target that only updates the FAQ on the webserver

10 years agoRemove already-commented-out non-portable DOSFILTER alternatives
Fabian Keil [Tue, 21 Oct 2014 15:29:46 +0000 (15:29 +0000)]
Remove already-commented-out non-portable DOSFILTER alternatives

10 years agoRemove the obsolete targets dok-put and dok-get
Fabian Keil [Tue, 21 Oct 2014 15:29:34 +0000 (15:29 +0000)]
Remove the obsolete targets dok-put and dok-get

10 years agoAdd a sf-shell target
Fabian Keil [Tue, 21 Oct 2014 15:29:20 +0000 (15:29 +0000)]
Add a sf-shell target

10 years agoRegenerate FAQ
Fabian Keil [Tue, 21 Oct 2014 12:05:55 +0000 (12:05 +0000)]
Regenerate FAQ

10 years agoMention more stuff donations may be used for
Fabian Keil [Tue, 21 Oct 2014 12:05:12 +0000 (12:05 +0000)]
Mention more stuff donations may be used for

10 years agoBump FAQ copyright
Fabian Keil [Tue, 21 Oct 2014 12:02:16 +0000 (12:02 +0000)]
Bump FAQ copyright

10 years agoFix comment typos in free_map()'s description
Fabian Keil [Tue, 21 Oct 2014 12:01:59 +0000 (12:01 +0000)]
Fix comment typos in free_map()'s description

10 years agoRemove #138. Coverity scan results are analyzed
Fabian Keil [Sat, 18 Oct 2014 11:32:07 +0000 (11:32 +0000)]
Remove #138. Coverity scan results are analyzed

10 years agoLet new_map() exit if the new map can't be allocated
Fabian Keil [Sat, 18 Oct 2014 11:31:52 +0000 (11:31 +0000)]
Let new_map() exit if the new map can't be allocated

This is not expected to happen in the real world
and it makes life easier for the callers.

10 years agoAdd missing return check in dispatch_known_cgi()
Fabian Keil [Sat, 18 Oct 2014 11:31:25 +0000 (11:31 +0000)]
Add missing return check in dispatch_known_cgi()

CID 66354.

10 years agoreceive_client_request(): Don't ignore list_append_list_unique()'s return value
Fabian Keil [Sat, 18 Oct 2014 11:31:12 +0000 (11:31 +0000)]
receive_client_request(): Don't ignore list_append_list_unique()'s return value

CID 66360.

10 years agoFix error handling in server_content_type()
Fabian Keil [Sat, 18 Oct 2014 11:30:56 +0000 (11:30 +0000)]
Fix error handling in server_content_type()

CID 66369.

10 years agojb_err_to_string(): Only check for internal errors once
Fabian Keil [Sat, 18 Oct 2014 11:30:40 +0000 (11:30 +0000)]
jb_err_to_string(): Only check for internal errors once

Silences a Coverity complaint about unreachable code.

CID 66387.

10 years agoThe filter file array can't be NULL so don't bother checking
Fabian Keil [Sat, 18 Oct 2014 11:30:24 +0000 (11:30 +0000)]
The filter file array can't be NULL so don't bother checking

The intention was checking whether or not filters are available,
but that's a premature optimization for an unlikely scenario,
so the bogus checks can be dropped without replacement.

CID 66389, CID 66385, CID 66375.

10 years agoserver_content_encoding(): Check for enabled content filters properly
Fabian Keil [Sat, 18 Oct 2014 11:30:04 +0000 (11:30 +0000)]
server_content_encoding(): Check for enabled content filters properly

Previously external filters and gif deanimation weren't considered.

CID 66374.

10 years agoFix error handling in edit_write_file()
Fabian Keil [Sat, 18 Oct 2014 11:29:48 +0000 (11:29 +0000)]
Fix error handling in edit_write_file()

CID 66359.

10 years agoFix error handling in edit_read_file()
Fabian Keil [Sat, 18 Oct 2014 11:29:22 +0000 (11:29 +0000)]
Fix error handling in edit_read_file()

CID 66359.

10 years agoedit_read_file(): Remove bogus NULL check and use strdup_or_die() instead
Fabian Keil [Sat, 18 Oct 2014 11:29:06 +0000 (11:29 +0000)]
edit_read_file(): Remove bogus NULL check and use strdup_or_die() instead

CID 66372.

10 years agoFix memory leak in cgi_show_file()
Fabian Keil [Sat, 18 Oct 2014 11:28:49 +0000 (11:28 +0000)]
Fix memory leak in cgi_show_file()

CID 66362.

10 years agoUse strdup_or_die() if the duplicated string is tiny
Fabian Keil [Sat, 18 Oct 2014 11:28:36 +0000 (11:28 +0000)]
Use strdup_or_die() if the duplicated string is tiny

Fixes a theoretical memory leak in trust_url() reported by Coverity.

CID 66364.

10 years agobind_port(): Fix file descriptor leak in error path
Fabian Keil [Sat, 18 Oct 2014 11:28:05 +0000 (11:28 +0000)]
bind_port(): Fix file descriptor leak in error path

CID 66368.

10 years agoIn bind_port(), check if the socket is valid before marking it CLOSEEXEC
Fabian Keil [Sat, 18 Oct 2014 11:27:43 +0000 (11:27 +0000)]
In bind_port(), check if the socket is valid before marking it CLOSEEXEC

10 years agoFix memory leaks in load_config()
Fabian Keil [Sat, 18 Oct 2014 11:27:28 +0000 (11:27 +0000)]
Fix memory leaks in load_config()

CID 66370.

10 years agoFix memory leak in pcrs_compile_dynamic_command()
Fabian Keil [Sat, 18 Oct 2014 11:27:04 +0000 (11:27 +0000)]
Fix memory leak in pcrs_compile_dynamic_command()

CID 66373.

10 years agoFix a theoretical memory leak in get_last_url()
Fabian Keil [Sat, 18 Oct 2014 11:26:48 +0000 (11:26 +0000)]
Fix a theoretical memory leak in get_last_url()

CID 66378.

10 years agoload_file(): Treat fread() failures like other non-fatal file errors
Fabian Keil [Sat, 18 Oct 2014 11:26:31 +0000 (11:26 +0000)]
load_file(): Treat fread() failures like other non-fatal file errors

... and check for underreads properly.

Previously Privoxy was supposedly serving the file partially
if it was edited in place, but actually would have served an
error message and leaked memory. Now it just serves the error
message (if it's run in a fantasy world were this actually
happens).

CID 66380, CID 66362, CID 66357.

10 years agoFix a memory leak in execute_content_filters() if there's more than one job
Fabian Keil [Sat, 18 Oct 2014 11:26:18 +0000 (11:26 +0000)]
Fix a memory leak in execute_content_filters() if there's more than one job

Also don't crash if a job that isn't the last one fails.

CID 66381.

10 years agoexecute_external_filter(): Fix file descriptor leak in error path
Fabian Keil [Sat, 18 Oct 2014 11:25:57 +0000 (11:25 +0000)]
execute_external_filter(): Fix file descriptor leak in error path

CID 66384.

10 years agoFix theoretical memory leaks in edit_parse_actions_file()
Fabian Keil [Sat, 18 Oct 2014 11:25:42 +0000 (11:25 +0000)]
Fix theoretical memory leaks in edit_parse_actions_file()

CID 66388.

10 years agoFix a comment typo
Fabian Keil [Sat, 18 Oct 2014 11:25:24 +0000 (11:25 +0000)]
Fix a comment typo

10 years agoFix a theoretical memory leak in cgi_show_url_info()
Fabian Keil [Sat, 18 Oct 2014 11:25:13 +0000 (11:25 +0000)]
Fix a theoretical memory leak in cgi_show_url_info()

In the real world map_block_killer() is unlikely to run out of memory.

CID 66392.

10 years agoaccept_connection(): Adjust loop condition to silence a ressource leak warning
Fabian Keil [Sat, 18 Oct 2014 11:24:53 +0000 (11:24 +0000)]
accept_connection(): Adjust loop condition to silence a ressource leak warning

This is a nop because fd 0 is guaranteed to be in use and
thus can't be returned by accept() anyway.

CID 66393.

10 years agoserver_http(): Make the HTTP reason phrase optional again
Fabian Keil [Sat, 18 Oct 2014 11:24:34 +0000 (11:24 +0000)]
server_http(): Make the HTTP reason phrase optional again

There are still servers around that that don't set one
and Privoxy doesn't really need it anyway.

10 years agoBump copyright
Fabian Keil [Fri, 17 Oct 2014 14:45:41 +0000 (14:45 +0000)]
Bump copyright

10 years agoAdd range-related tests for external-filter{}
Fabian Keil [Fri, 17 Oct 2014 14:45:29 +0000 (14:45 +0000)]
Add range-related tests for external-filter{}

10 years agoPrevent img-reorder from messing up img tags with empty src attributes
Fabian Keil [Fri, 17 Oct 2014 14:45:10 +0000 (14:45 +0000)]
Prevent img-reorder from messing up img tags with empty src attributes

Fixes #880 reported by Duncan.

10 years agoAdd #138: Analyse Coverity scan results
Fabian Keil [Thu, 16 Oct 2014 11:55:45 +0000 (11:55 +0000)]
Add #138: Analyse Coverity scan results

Remove #55 which is done.

10 years agoDisable +fast-redirects{} for ixquick-proxy.com/
Fabian Keil [Thu, 16 Oct 2014 11:55:15 +0000 (11:55 +0000)]
Disable +fast-redirects{} for ixquick-proxy.com/

10 years agoAdd #137: Add a (preferably vector-based) logo
Fabian Keil [Thu, 16 Oct 2014 11:54:58 +0000 (11:54 +0000)]
Add #137: Add a (preferably vector-based) logo

10 years agoRebuild docs
Fabian Keil [Mon, 6 Oct 2014 10:20:31 +0000 (10:20 +0000)]
Rebuild docs

10 years agoUpdate the 'Would you like to donate?' section
Fabian Keil [Mon, 6 Oct 2014 10:20:09 +0000 (10:20 +0000)]
Update the 'Would you like to donate?' section

Mention that donations will be used to get TODO list
items done and add the Zwiebelfreunde e.V. bank
account.

10 years agoAdd Sam Chen as contributor
Fabian Keil [Mon, 6 Oct 2014 10:19:43 +0000 (10:19 +0000)]
Add Sam Chen as contributor

10 years agoChange declared template file encoding to UTF-8
Fabian Keil [Mon, 6 Oct 2014 10:19:30 +0000 (10:19 +0000)]
Change declared template file encoding to UTF-8

The files already used a subset of UTF-8 anyway and changing
the declaration allows to properly display UTF-8 characters
used in the action files.

This change may require existing action files with ISO-8859-1
characters that aren't valid UTF-8 to be converted to UTF-8.

Requested by Sam Chen in #582.

10 years agoAdd #136: Make builds reproducible
Fabian Keil [Mon, 6 Oct 2014 10:18:37 +0000 (10:18 +0000)]
Add #136: Make builds reproducible

10 years agoRemove and incorrect and an obsolete sentence from the action file section
Fabian Keil [Mon, 6 Oct 2014 10:18:25 +0000 (10:18 +0000)]
Remove and incorrect and an obsolete sentence from the action file section

Using Privoxy without action files is not actually pointless if
its only being used as HTTP router or HTTP to SOCK gateways.

People who still care about syntax changes in 3.0.7 should look at
the ChangeLog to see all the changes combined.

10 years agoStop mentioning the log defaults before 3.0.7 which are no longer relevant
Fabian Keil [Mon, 6 Oct 2014 10:17:43 +0000 (10:17 +0000)]
Stop mentioning the log defaults before 3.0.7 which are no longer relevant

10 years agoMake it more obvious that many operating systems support log rotation out of the box
Fabian Keil [Mon, 6 Oct 2014 10:17:28 +0000 (10:17 +0000)]
Make it more obvious that many operating systems support log rotation out of the box

10 years agoSync config.guess and config.sub with upstream 2012-12-23/306afce2
Fabian Keil [Mon, 6 Oct 2014 10:17:12 +0000 (10:17 +0000)]
Sync config.guess and config.sub with upstream 2012-12-23/306afce2

... which is the last commit that is still GPLv2+.

10 years agoAdd #135: Add OpenBSM audit support
Fabian Keil [Mon, 6 Oct 2014 10:13:56 +0000 (10:13 +0000)]
Add #135: Add OpenBSM audit support

10 years agoUpdate URL of the 'current development version of this file'
Fabian Keil [Fri, 22 Aug 2014 09:45:29 +0000 (09:45 +0000)]
Update URL of the 'current development version of this file'

10 years agoUnblock 'adele*.'
Fabian Keil [Fri, 8 Aug 2014 13:05:23 +0000 (13:05 +0000)]
Unblock 'adele*.'

Reported by Adele Lime in #1663.

10 years agoUnblock "adina*."
Fabian Keil [Fri, 1 Aug 2014 12:34:21 +0000 (12:34 +0000)]
Unblock "adina*."

According to Wikipedia, "Adina is a Biblical Hebrew name meaning
delicate, slender, refined or gentle".

Fixes #919 reported by Morton A. Goldberg.

10 years agoLet server_http() regenerate the response line
Fabian Keil [Fri, 25 Jul 2014 11:57:17 +0000 (11:57 +0000)]
Let server_http() regenerate the response line

... making sure Privoxy forwards a valid one.

Normalizing the HTTP-version is an explicit RFC 2616 MUST,
RFC 7230 mandates that intermediaries send their own
HTTP-version in forwarded messages.

10 years agoLet sed() failures result in an error response
Fabian Keil [Fri, 25 Jul 2014 11:56:54 +0000 (11:56 +0000)]
Let sed() failures result in an error response

While at it, make sure fatal parse errors are reported
to the caller right away.

10 years agoNormalize the HTTP-version in forwarded request lines
Fabian Keil [Fri, 25 Jul 2014 11:56:26 +0000 (11:56 +0000)]
Normalize the HTTP-version in forwarded request lines

This is an explicit RFC 2616 MUST and RFC 7230 mandates
that intermediaries send their own HTTP-version in forwarded
messages.

10 years agoUpdate normalize_lws()'s description to reference RFC 7230
Fabian Keil [Fri, 25 Jul 2014 11:56:02 +0000 (11:56 +0000)]
Update normalize_lws()'s description to reference RFC 7230

10 years agoSpell whitespace consistently without whitespace
Fabian Keil [Fri, 25 Jul 2014 11:55:47 +0000 (11:55 +0000)]
Spell whitespace consistently without whitespace

That's how it's done in RFC 7230 which obsoletes RFC 2616.

10 years agoBump copyright
Fabian Keil [Fri, 25 Jul 2014 11:55:27 +0000 (11:55 +0000)]
Bump copyright

10 years agoReject requests with unsupported Expect header values
Fabian Keil [Fri, 25 Jul 2014 11:55:11 +0000 (11:55 +0000)]
Reject requests with unsupported Expect header values

This changes the test status for the following Co-Advisor
tests from "Violation" to "Success":

rfc2616/unsuppExpect-0100-continue
rfc2616/unsuppExpect-100-continueing
rfc2616/unsuppExpect-expect=params
rfc2616/unsuppExpect-expect=quoted-100c

For RFC 2616 rejecting such requests was a MUST,
but RFC 7230 downgraded this to a MAY.

10 years agoAdd #134: Track the total number of bytes written to and received from a socket.
Fabian Keil [Fri, 25 Jul 2014 11:54:28 +0000 (11:54 +0000)]
Add #134: Track the total number of bytes written to and received from a socket.

10 years agoRegenerate docs
Fabian Keil [Fri, 18 Jul 2014 10:19:46 +0000 (10:19 +0000)]
Regenerate docs

10 years agoUpdate the forward-override{} example to be consistent with the tagging example
Fabian Keil [Fri, 18 Jul 2014 10:01:39 +0000 (10:01 +0000)]
Update the forward-override{} example to be consistent with the tagging example

10 years agoNote that invalid forward-override{} parameter syntax isn't detected until the parame...
Fabian Keil [Fri, 18 Jul 2014 10:01:20 +0000 (10:01 +0000)]
Note that invalid forward-override{} parameter syntax isn't detected until the parameter is used

10 years agoAdd another +redirect{} example: a shortcut for illumos bugs
Fabian Keil [Fri, 18 Jul 2014 10:00:11 +0000 (10:00 +0000)]
Add another +redirect{} example: a shortcut for illumos bugs

10 years agoMove a 'static' before the 'const'
Fabian Keil [Fri, 18 Jul 2014 09:59:51 +0000 (09:59 +0000)]
Move a 'static' before the 'const'

10 years agoClarify what Privoxy does if both +block{} and +redirect{} apply
Fabian Keil [Mon, 14 Jul 2014 13:37:08 +0000 (13:37 +0000)]
Clarify what Privoxy does if both +block{} and +redirect{} apply

10 years agoBlock '/.*DigiAd'
Fabian Keil [Mon, 14 Jul 2014 13:01:28 +0000 (13:01 +0000)]
Block '/.*DigiAd'

10 years agoMove a pattern below its tests
Fabian Keil [Mon, 14 Jul 2014 13:01:02 +0000 (13:01 +0000)]
Move a pattern below its tests

10 years agoAdd an external filter example to add '[citation needed]' tags to images
Fabian Keil [Mon, 14 Jul 2014 13:00:07 +0000 (13:00 +0000)]
Add an external filter example to add '[citation needed]' tags to images

Finding images where this may make sense and the coordinates
fit is left as an excercise for the reader.

10 years agoUse a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=
Fabian Keil [Mon, 14 Jul 2014 12:57:00 +0000 (12:57 +0000)]
Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=

Previously enabling the 'Advanced' settings (or manually enabling
+fast-redirects{}) prevented some images from being loaded properly.

As a side effect this commit expands Oleg's reach even further.

10 years agoNote that security issues shouldn't be reported using the bug tracker
Fabian Keil [Mon, 14 Jul 2014 12:56:30 +0000 (12:56 +0000)]
Note that security issues shouldn't be reported using the bug tracker

Add myself as security contact as discussed on ijbswa-devel@
months ago.

10 years agoNote that donations will fund work on the TODO list
Fabian Keil [Thu, 3 Jul 2014 10:19:47 +0000 (10:19 +0000)]
Note that donations will fund work on the TODO list

10 years agoAdd #133: Consider allowing bitcoin donations
Fabian Keil [Wed, 25 Jun 2014 10:09:57 +0000 (10:09 +0000)]
Add #133: Consider allowing bitcoin donations

At least one donor is interested in this.

10 years agoAdd #132: Provide a Tor hidden service to reach the Privoxy website
Fabian Keil [Wed, 25 Jun 2014 10:09:07 +0000 (10:09 +0000)]
Add #132: Provide a Tor hidden service to reach the Privoxy website

At least one donor is interested in this, it's not lot of work
and we can eat our own dogfood by putting Privoxy between the
Tor hidden service and the website to rewrite the requests.