[Tor] Treat .onion sites whose protocol is HTTP as if it was HTTPS.

3 files changed, 12 insertions, 3 deletions

diff --git a/src/bg/Settings.js b/src/bg/Settings.js
index 57e6067..d18419b 100644
--- a/src/bg/Settings.js
+++ b/src/bg/Settings.js
@@ -92,6 +92,8 @@ var Settings = {
       // Tor Browser-specific settings
       ns.defaults.local.isTorBrowser = true; // prevents reset from forgetting
       ns.defaults.sync.cascadeRestrictions = true; // we want this to be the default even on reset
+      Sites.onionSecure = true;
+
       if (!this.gotTorBrowserInit) {
         // First initialization message from the Tor Browser
         this.gotTorBrowserInit = true;
diff --git a/src/common/Policy.js b/src/common/Policy.js
index 401b19f..e7818d9 100644
--- a/src/common/Policy.js
+++ b/src/common/Policy.js
@@ -65,6 +65,9 @@ var {Permissions, Policy, Sites} = (() => {
         }
       }
       if (url) {
+        if (Sites.onionSecure && url.protocol === "http:" && url.hostname.endsWith(".onion")) {
+          url.protocol = "https:";
+        }
         let path = url.pathname;
         siteKey = url.origin;
         if (siteKey === "null") {
diff --git a/src/ui/ui.js b/src/ui/ui.js
index 5c358be..7025ce6 100644
--- a/src/ui/ui.js
+++ b/src/ui/ui.js
@@ -38,11 +38,15 @@ var UI = (() => {
             UI.xssUserChoices = m.xssUserChoices;
             UI.local = m.local;
             UI.sync = m.sync;
-            if (UI.local && !UI.local.debug) {
-              debug = () => {}; // be quiet!
-            }
+
             if (UI.local) {
+              if (!UI.local.debug) {
+                debug = () => {}; // be quiet!
+              }
               document.documentElement.classList.toggle("tor", !!UI.local.isTorBrowser);
+              if (UI.local.isTorBrowser) {
+                Sites.onionSecure = true;
+              }
             }
             resolve();
             if (UI.onSettings) UI.onSettings();