Onion service related changes to HTTPS handling (#15560)

* Enable secure cookie flag for https only * Disable force_ssl for .onion hosts only Co-authored-by: Aiden McClelland <me@drbonez.dev>
author: Cecylia Bocovich <cohosh@torproject.org> 2021-02-10 22:40:13 -0500
committer: GitHub <noreply@github.com> 2021-02-11 04:40:13 +0100
commit: e79f8dd85cb63125185fdf711f470c298a0b5dbc (patch)
tree: c27f1d0e2cd45262934fd5729e9ae3cd824747b3 /app/controllers
parent: d499bb031f0d20a5f27facfd57cf4e00f89003d7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 44616d6e5..c9311c1b6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -43,7 +43,7 @@ class ApplicationController < ActionController::Base
   private
 
   def https_enabled?
-    Rails.env.production? && !request.path.start_with?('/health')
+    Rails.env.production? && !request.path.start_with?('/health') && !request.headers["Host"].ends_with?(".onion")
   end
 
   def authorized_fetch_mode?
author	Cecylia Bocovich <cohosh@torproject.org>	2021-02-10 22:40:13 -0500
committer	GitHub <noreply@github.com>	2021-02-11 04:40:13 +0100
commit	e79f8dd85cb63125185fdf711f470c298a0b5dbc (patch)
tree	c27f1d0e2cd45262934fd5729e9ae3cd824747b3 /app/controllers
parent	d499bb031f0d20a5f27facfd57cf4e00f89003d7 (diff)