test whether the instance configured to use HTTPS for the main and sandbox domains

2021-06-15 16:05:17 +05:30 · 2021-06-15 16:05:17 +05:30 · 2bd659a9b5
parent e2dfdad249
commit 2bd659a9b5
1 changed files with 34 additions and 0 deletions
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@ -687,6 +687,40 @@ define([
        });
    });

+    var isHTTPS = function (host) {
+        return /^https:\/\//.test(host);
+    };
+
+    var isOnion = function (host) {
+        return /\.onion$/.test(host);
+    };
+    assert(function (cb, msg) {
+        // provide an exception for development instances
+        if (/http:\/\/localhost/.test(trimmedUnsafe)) { return void cb(true); }
+
+        // if both the main and sandbox domains are onion addresses
+        // then the HTTPS requirement is unnecessary
+        if (isOnion(trimmedUnsafe) && isOnion(trimmedSafe)) { return void cb(true); }
+
+        // otherwise expect that both inner and outer domains use HTTPS
+        setWarningClass(msg);
+
+        msg.appendChild(h('span', [
+            "Both ",
+            code('httpUnsafeOrigin'),
+            ' and ',
+            code('httpSafeOrigin'),
+            ' should be accessed via HTTPS for production use. ',
+            "This can be configured via ",
+            CONFIG_PATH(),
+            '. ',
+            RESTART_WARNING(),
+        ]));
+
+        console.error("HTTPS?", trimmedUnsafe, trimmedSafe);
+        cb(isHTTPS(trimmedUnsafe) && isHTTPS(trimmedSafe));
+    });
+
    if (false) {
        assert(function (cb, msg) {
            msg.innerText = 'fake test to simulate failure';