From 75992dfe62bc22d2fe6378995cb044ef6724d88a Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Tue, 25 Jun 2024 18:46:16 -1000
Subject: [PATCH] fix(api): :bug: Disable CSP upgrade-insecure-requests when
 using Tor

---
 index.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/index.ts b/index.ts
index 1961c2ea..a0987bb9 100644
--- a/index.ts
+++ b/index.ts
@@ -123,6 +123,16 @@ app.all("*", async (context) => {
         );
     }
 
+    // Disable CSP upgrade-insecure-requests if an .onion domain is used
+    if (new URL(context.req.url).hostname.endsWith(".onion")) {
+        proxy.headers.set(
+            "Content-Security-Policy",
+            proxy.headers
+                .get("Content-Security-Policy")
+                ?.replace("upgrade-insecure-requests;", "") ?? "",
+        );
+    }
+
     return proxy;
 });