From e79f8dd85cb63125185fdf711f470c298a0b5dbc Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Wed, 10 Feb 2021 22:40:13 -0500 Subject: Onion service related changes to HTTPS handling (#15560) * Enable secure cookie flag for https only * Disable force_ssl for .onion hosts only Co-authored-by: Aiden McClelland --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 44616d6e5..c9311c1b6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -43,7 +43,7 @@ class ApplicationController < ActionController::Base private def https_enabled? - Rails.env.production? && !request.path.start_with?('/health') + Rails.env.production? && !request.path.start_with?('/health') && !request.headers["Host"].ends_with?(".onion") end def authorized_fetch_mode? -- cgit