From e79f8dd85cb63125185fdf711f470c298a0b5dbc Mon Sep 17 00:00:00 2001
From: Cecylia Bocovich <cohosh@torproject.org>
Date: Wed, 10 Feb 2021 22:40:13 -0500
Subject: Onion service related changes to HTTPS handling (#15560)

* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
---
 app/lib/webfinger.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'app/lib')

diff --git a/app/lib/webfinger.rb b/app/lib/webfinger.rb
index 702365939..40795a7aa 100644
--- a/app/lib/webfinger.rb
+++ b/app/lib/webfinger.rb
@@ -88,10 +88,18 @@ class Webfinger
   end
 
   def standard_url
-    "https://#{@domain}/.well-known/webfinger?resource=#{@uri}"
+    if @domain.ends_with? ".onion"
+      "http://#{@domain}/.well-known/webfinger?resource=#{@uri}"
+    else
+      "https://#{@domain}/.well-known/webfinger?resource=#{@uri}"
+    end
   end
 
   def host_meta_url
-    "https://#{@domain}/.well-known/host-meta"
+    if @domain.ends_with? ".onion"
+      "http://#{@domain}/.well-known/host-meta"
+    else
+      "https://#{@domain}/.well-known/host-meta"
+    end
   end
 end
-- 
cgit