Radish alpha
r
radicle-explorer
rad:z4V1sjrXqjvFdnCUbxPFqd5p4DtH5
Radicle web interface
Radicle
Git
Patches 1be0bec8
Connect to `.onion` names via HTTP instead of HTTPS
Merged lorenz opened 1 year ago

While it is technically possible to serve onion services via HTTPS using TLS certificates that are signed by a “proper” CA, it is the exception, not the norm.

The benefit of TLS certificates for .onion is authentication: Users can (by trusting some CA) ensure that they are indeed communicating with the service they would like to. In Radicle, this is not that big of a deal, because we have DIDs and signatures in the application layer.

Also, setups I have seen so far are more “ad hoc”, and people would probably tend to self-sign their certificates, which would cause validation in browsers to fail anyway.

See also:

Activity Changes +9 -3
2 files changed +9 -3 bd551911 fb32e01a
modified src/lib/router.ts
@@ -169,9 +169,10 @@ function extractBaseUrl(hostAndPort: string): BaseUrl {
    return {

      hostname,

      port: Number(port),
- 
      scheme: utils.isLocal(hostname)
- 
        ? "http"
- 
        : config.nodes.defaultHttpdScheme,
+ 
      scheme:
+ 
        utils.isLocal(hostname) || utils.isOnion(hostname)
+ 
          ? "http"
+ 
          : config.nodes.defaultHttpdScheme,

    };

  } else {

    return {
modified src/lib/utils.ts
@@ -264,6 +264,11 @@ export function isLocal(addr: string): boolean {
  );

}
+ 
// Check whether the given domain name is an onion domain name.
+ 
export function isOnion(addr: string): boolean {
+ 
  return addr.endsWith(".onion");
+ 
}
+ 


// Get the gravatar URL of an email.

export function gravatarURL(email: string): string {

  const address = email.trim().toLowerCase();