mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
4fc1844d89
Fixes: #2174. When HSTS is set, there is no way to override the certificate warnings. LE does not yet issue certificates for .onion domains. Certificate warnings are certainly show there. Although browsers don't accept HSTS headers when the certificate is invalid, it is best be safe and not set them for .onion domains. Tests: - Without the patch, on normal and .onion domains, HSTS is set only when using HTTPS. - With the patch, HSTS is set only when using HTTPS but only for normal domains but not .onion domains. - The patch works when tested with .onion and .ONION hosts. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>