URLs beginning with `view-source:http://` bypass HTTPS Everywhere
Even if "Block all unencrypted requests" is set, URLs beginning with view-[http://](http://`) still load.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information