Created on 29 January 2024, 11 months ago
Updated 15 February 2024, 10 months ago

Problem/Motivation

My site runs both on the clear web and on the TOR network. SSL is not something generally used on TOR and Let's Encrypt does not offer support (as of writing). This results in the website not being visible in the Tor Browser.

Steps to reproduce

Enable HTTPS redirect and use the TOR to visit the website.

Proposed resolution

Would it be possible to add an exception field so the .onion domain is not redirected to HTTPS?

User interface changes

An exception field for domains to exclude.

✨ Feature request
Status

Fixed

Version

2.1

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium menteb

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @menteb
  • πŸ‡§πŸ‡ͺBelgium menteb
  • πŸ‡ΈπŸ‡ͺSweden enzipher

    Hi, thanks for the report.

    That is an interesting edge case. I suppose some kind of top-domain exclusion could be added, but I'm not convinced the featured would have enough usage to validate the implementation.

    I will think about this some more. What you can do in the meantime is to programmatically disable redirects for the .onion top domain. Programmatically setting any of the following module settings would allow for http traffic.

    * Set 'enabled' to false - disables all redirects
    * Set 'bypass httpswww redirect' permission to true - disables all redirects
    * Set 'scheme' to mixed - disables https redirect

    This is untested example code, but something like this in settings.php should work:

    if (str_ends_with($_SERVER['HTTP_HOST'], '.onion')) {
      $config['httpswww.settings']['enabled'] = FALSE;
    }
    

    Cheers,

  • Status changed to Fixed 11 months ago
  • πŸ‡§πŸ‡ͺBelgium menteb

    Works like a charm! Cheers

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024