Tips & Tricks
Using Tor Browser with the Development Environment
Since Tor Browser is based on an older version of Firefox (usually the current ESR release), it does not always render HTML/CSS the same as other browsers (especially more recent versions of browsers). Therefore, we recommend testing all changes to the web application in the Tor Browser instead of whatever browser you normally use for web development. Unfortunately, it is not possible to access the local development servers by default, due to Tor Browser’s proxy configuration.
To test the development environment in Tor Browser, you need to modify Tor Browser’s default settings to prevent localhost from being resolved by the proxy:
In a new tab, navigate to
Click “I accept the Risk!”
In the search bar, enter
The default value is true. Double-click to set it to false.
Now you should be able to navigate to
in Tor Browser. For some reason, you have to use
The modified value persists across restarts of Tor Browser.
Upgrading or Adding Python Dependencies
We use a pip-compile
based workflow for adding Python dependencies. If you would like to add a Python
dependency, instead of editing the
Edit the relevant
Use the following shell script to generate
Commit both the
Note that application dependency changes are subject to closer review, using diffoscope or a similar tool to compare the old and updated dependencies. You can request a review when submitting a PR.
Some helpful diagrams for getting a sense of the SecureDrop application architecture are stored here, including a high-level view of the SecureDrop database structure: