From e7399a4d8e456557a261092fac3da7deabd4ca84 Mon Sep 17 00:00:00 2001
From: Benedek Nagy <nagybenedek@kumbatmo.hu>
Date: Sat, 15 Jan 2022 23:49:50 +0000
Subject: [PATCH] apache: Don't redirect to HTTPS for .onion domains

Tests:

- Without the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https happens.

- Without the patch, run curl -kv http://localhost. Observe that redirection to
https happens.

- With the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https does not happen.

- With the patch, run curl -kv http://localhost. Observe that redirection to
https happens.

[sunil: Perform case insensitive match]
[sunil: Remove capture of domain name match]
[sunil: Strictly check that domain ends with .onion]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 data/etc/apache2/sites-available/plinth-ssl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/etc/apache2/sites-available/plinth-ssl.conf b/data/etc/apache2/sites-available/plinth-ssl.conf
index a7831936c..202e1bf1b 100644
--- a/data/etc/apache2/sites-available/plinth-ssl.conf
+++ b/data/etc/apache2/sites-available/plinth-ssl.conf
@@ -10,6 +10,9 @@
 ##
 <Location /plinth>
     RewriteEngine on
+    # Don't redirect for onion sites as it is not needed and leads to
+    # unnecessary warning.
+    RewriteCond %{HTTP_HOST} !^.*\.onion$ [NC]
     ReWriteCond %{HTTPS} !=on
     RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </Location>