fixup! Bug 23247: Communicating security expectations for .onion

Bug 41785: Show http onion resources as secure in network monitor

fixup! Bug 23247: Communicating security expectations for .onion
8cd7740e · cypherpunks1 · Pier Angelo Vendrame · ef4ff7f5 · 8cd7740e
Verified Commit 8cd7740e authored May 22, 2023 by cypherpunks1 Committed by Pier Angelo Vendrame Jun 29, 2023
--- a/devtools/shared/network-observer/NetworkHelper.sys.mjs
+++ b/devtools/shared/network-observer/NetworkHelper.sys.mjs
@@ -596,6 +596,9 @@ export var NetworkHelper = {

    // The request did not contain any security info.
    if (!securityInfo) {
+      if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+        info.state = "secure";
+      }
      return info;
    }

@@ -647,7 +650,11 @@ export var NetworkHelper = {
        // schemes other than https and wss are subject to
        // downgrade/etc at the scheme level and should always be
        // considered insecure
+        if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+          info.state = "secure";
+        } else {
          info.state = "insecure";
+        }
      } else if (state & wpl.STATE_IS_SECURE) {
        // The connection is secure if the scheme is sufficient
        info.state = "secure";