sunoru/mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Onion service related changes to HTTPS handling (#15560)

Browse source 
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
This commit is contained in:
Cecylia Bocovich 2021-02-10 22:40:13 -05:00 committed by GitHub
parent d499bb031f
commit e79f8dd85c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 27 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/lib/webfinger.rb
View file

@ -88,10 +88,18 @@ class Webfinger
end
def standard_url
"https://#{@domain}/.well-known/webfinger?resource=#{@uri}"
if @domain.ends_with? ".onion"
"http://#{@domain}/.well-known/webfinger?resource=#{@uri}"
else
"https://#{@domain}/.well-known/webfinger?resource=#{@uri}"
end
end
def host_meta_url
"https://#{@domain}/.well-known/host-meta"
if @domain.ends_with? ".onion"
"http://#{@domain}/.well-known/host-meta"
else
"https://#{@domain}/.well-known/host-meta"
end
end
end