Block .onion addresses outside of Tor windows

[fmarier]

Resolves brave/brave-browser#14261

Submitter Checklist:

• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)
• Requested a security/privacy review as needed

Reviewer Checklist:

• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

0. Start wireshark and filter for dns.
1. Open a normal window and type https://brave5t5rjjg3s6k.onion/ in the URL bar.
2. Confirm that you get an error page and that the .onion didn't result in a DNS lookup.
3. Open a Tor window and type https://brave5t5rjjg3s6k.onion/ in the URL bar.
4. Confirm that it opens fine.
5. Open a normal window and type https://brave.com in the URL bar.
6. Click on the "Open in Tor" link.
7. Confirm that it opens a Tor window and displays the Brave website.

[darkdh]

This should be done in OnionLocationNavigationThrottle::WillStartRequest to prevent the request from being made

diff --git a/components/tor/onion_location_navigation_throttle.cc b/components/tor/onion_location_navigation_throttle.cc
index 482cea1bf2..cc030ca6da 100644
--- a/components/tor/onion_location_navigation_throttle.cc
+++ b/components/tor/onion_location_navigation_throttle.cc
@@ -97,10 +97,12 @@ OnionLocationNavigationThrottle::WillStartRequest() {
   // Open .onion site in Tor window
   if (!is_tor_profile_) {
     GURL url = navigation_handle()->GetURL();
-    if (url.SchemeIsHTTPOrHTTPS() && url.DomainIs("onion") &&
-        pref_service_->GetBoolean(prefs::kAutoOnionRedirect)) {
-      delegate_->OpenInTorWindow(navigation_handle()->GetWebContents(),
-                                 std::move(url));
+    if (url.SchemeIsHTTPOrHTTPS() && url.DomainIs("onion")) {
+      if (pref_service_->GetBoolean(prefs::kAutoOnionRedirect)) {
+        delegate_->OpenInTorWindow(navigation_handle()->GetWebContents(),
+                                   std::move(url));
+      }
+      return content::NavigationThrottle::BLOCK_REQUEST;
     }
   }
   return content::NavigationThrottle::PROCEED;

[darkdh]

directly adding .onion address doesn't have "Open in Tor" button currently(only onion-location header), we can add that button for this case though.

[darkdh]

superseded by #8040