From 01399cb12b53773fc9e3d4f82643434d24aba1e0 Mon Sep 17 00:00:00 2001
From: Francois Marier <francois@brave.com>
Date: Mon, 8 Nov 2021 19:11:17 -0800
Subject: [PATCH] Omit referrers on cross-origin requests from an .onion
 address (fixes #155)

---
 index.src.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/index.src.html b/index.src.html
index 2b76b31..3cf5ee0 100644
--- a/index.src.html
+++ b/index.src.html
@@ -848,6 +848,12 @@ <h3 id="determine-requests-referrer" dfn export>
       Let request's <dfn>referrerURL</dfn> be the result of <a href="#strip-url">stripping
       <var>referrerSource</var> for use as a referrer.</a>
     </li>
+    <li>
+      If the <a for=url>origin</a> of <a>referrerURL</a> is using the <code>.onion</code>
+      special-use domain name defined in [[!RFC7686]] and is not <a lt="same origin">the
+      same</a> as the <a for=url>origin</a> of <var>request</var>'s <a for=request>current
+      URL</a>, then return <code>no referrer</code>.
+    </li>
     <li>
       Let <var>referrerOrigin</var> be the result of
       <a href="#strip-url">stripping <var>referrerSource</var> for use as a