MISC-7: LoginRadius will redirect users back to WWW

Access blocked with the following location statement

    location ~ /shop {
        try_files /noexist /shpblock.html;
    }

Response is

ben@milleniumfalcon:~$ GET -Sse http://6zdgh5a5e6zpchdz.onion/shop
GET http://6zdgh5a5e6zpchdz.onion/shop
200 OK
Connection: close
Date: Fri, 22 May 2015 15:43:10 GMT
Accept-Ranges: bytes
Server: nginx
Content-Length: 1936
Content-Type: text/html
Last-Modified: Fri, 22 May 2015 15:37:26 GMT
Client-Date: Fri, 22 May 2015 15:43:10 GMT
Client-Peer: 10.247.221.99:80
Client-Response-Num: 1
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/main.css>; media="all"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/nav.css>; media="all"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/template.css>; media="all"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/media_queries.css>; media="screen"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/theme_blue.css>; media="all"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/print.css>; media="print"; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/custom.css>; rel="stylesheet"; type="text/css"
Link: <http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/custom_white.css>; rel="stylesheet"; type="text/css"
Title: .onion access to the shop temporarily suspended

<html>
<head>
<title>.onion access to the shop temporarily suspended</title>
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/main.css" type="text/css" media="all" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/nav.css" type="text/css" media="all" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/template.css" type="text/css" media="all" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/media_queries.css" type="text/css" media="screen" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/theme_blue.css" type="text/css" media="all" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/print.css" type="text/css" media="print" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/custom.css" type="text/css" />
<link rel="stylesheet" href="http://static.6zdgh5a5e6zpchdz.onion/templates/joomspirit_76/css/custom_white.css" type="text/css" />
</head>
<body> 
<h1>.onion access to the shop temporarily suspended</h1>
<img src="http://static.6zdgh5a5e6zpchdz.onion/images/eagle_black_large_trans.png" style="float: left; margin: 5px; max-width:100px; />
<div style="float: left"><p>The shop section isn't currently ready to work via the .onion address.</p>
<p>There are a few features within this section which may redirect you to the www. site without warning. As a precaution I've temporarily blocked access for the .onion site
(though you can still access across the www.)</p>
<p>For more information, see <a href="http://projects.bentasker.co.uk/jira_projects/browse/MISC-7.html">http://projects.bentasker.co.uk/jira_projects/browse/MISC-7.html</a>
</div>
<p><a href="/">Back to Site</a></p>

</body>
</html>

I suppose I should probably think about returning an appropriate response code as well though.

Before deciding how best to fix, it's probably worth deciding if it's worth fixing

I don't want to leave the shop section blocked indefinitely, but would unblocking it and disabling social media logins for the .onion be a better option? Not sure of the mechanism to do so yet, but if I could disable loginradius solely for the .onion it's probably a good improvement for privacy.

How many people are likely to visit the site via the .onion and yet be willing to let a 3rd party link their Twitter (or whatever) account to a visit to my site (onion or otherwise)?

On the other hand, though, disabling loginradius on the .onion means another difference between the onion and www-front that I'll need to maintain.

Needs thought.....

At the moment, this is probably largely moot.

The shop section has been read-only since the VAT MOSS changes earlier this year, so currently noone can log in, with social media or otherwise.

On the other hand, if the planned changes come into effect in January, I'll have to do MOSS stuff for offline sales/contracts anyway, so may look at re-opening the shop (as the extra MOSS overhead will be present and inavoidable at that point).

I'll leave this issue open for the time being, but can probably start to think about removing the block as the reason for it's implementation is no longer present. Just need to remember come January so that it can either be re-blocked, or the issue with LoginRadius resolved.

This has effectively been fixed.

I closed the shop section down quite some time ago, so have now moved it to being a collection of static pages, so loginradius isn't present on the site at all.

The archives can be accessed via Tor - http://6zdgh5a5e6zpchdz.onion/shoparchives