Allow both http and https images over Tor?

I had to remove the force https function on the site to allow for alternate access. As soon as I did that all logos became broken. The logos cant load because they are being uploaded as http not https. Regular images in the posts seem fine. Its just the logos.

What kind of access did you need to have to disable the Force HTTPS setting from the site?

It was blocking my login access from a tor address. Even if the torrc file was changed to port 443.

Using TLS over Tor is indeed overkill (since Tor Hidden Services are already encrypted) but if your site has a DNS-visible domain, you should be able to add a Subject Alternate Name that matches .onion in your SSL certificate – except that LetsEncrypt does not support it yet.

If indeed you have both HTTPS and HTTP+Tor, it’s a bit of a problem. Maybe instead of force_https, Discourse could use the shortcut // like for assets, or use path_only so that the full URL is determined by the host, and thus always match the calling scheme.

1 Like