fixup! Bug 23247: Communicating security expectations for .onion

Bug 41785: Show http onion resources as secure in network monitor

fixup! Bug 23247: Communicating security expectations for .onion
dbec6cf6 · cypherpunks1 · 4c0986cb · dbec6cf6
Commit dbec6cf6 authored May 22, 2023 by cypherpunks1
--- a/devtools/shared/webconsole/network-helper.js
+++ b/devtools/shared/webconsole/network-helper.js
@@ -600,6 +600,9 @@ var NetworkHelper = {

    // The request did not contain any security info.
    if (!securityInfo) {
+      if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+        info.state = "secure";
+      }
      return info;
    }

@@ -651,7 +654,11 @@ var NetworkHelper = {
        // schemes other than https and wss are subject to
        // downgrade/etc at the scheme level and should always be
        // considered insecure
+        if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) {
+          info.state = "secure";
+        } else {
          info.state = "insecure";
+        }
      } else if (state & wpl.STATE_IS_SECURE) {
        // The connection is secure if the scheme is sufficient
        info.state = "secure";