From 7e35ad57e79a3fb82a621ca1364af692d8bceabd Mon Sep 17 00:00:00 2001
From: Matt Hill <mattnine@protonmail.com>
Date: Wed, 25 Mar 2026 13:31:53 -0600
Subject: [PATCH] tor http is secure

---
 web/projects/shared/src/types/workspace-config.ts   |  1 +
 .../ui/src/app/routes/login/login.component.html    | 10 +++++-----
 web/projects/ui/src/app/services/config.service.ts  | 13 +++++++------
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/web/projects/shared/src/types/workspace-config.ts b/web/projects/shared/src/types/workspace-config.ts
index a00d66050..ebc678ccd 100644
--- a/web/projects/shared/src/types/workspace-config.ts
+++ b/web/projects/shared/src/types/workspace-config.ts
@@ -1,4 +1,5 @@
 export type AccessType =
+  | 'tor'
   | 'mdns'
   | 'localhost'
   | 'ipv4'
diff --git a/web/projects/ui/src/app/routes/login/login.component.html b/web/projects/ui/src/app/routes/login/login.component.html
index 49a5b780a..2223fddc6 100644
--- a/web/projects/ui/src/app/routes/login/login.component.html
+++ b/web/projects/ui/src/app/routes/login/login.component.html
@@ -1,8 +1,5 @@
-@if (config.isLanHttp()) {
-  <!-- Local HTTP -->
-  <ca-wizard />
-} @else {
-  <!-- not Local HTTP -->
+@if (config.isSecureContext()) {
+  <!-- Secure context -->
   <div tuiCardLarge class="card">
     <img alt="StartOS Icon" class="logo" src="assets/img/icon.png" />
     <h1 class="header">{{ 'Login to StartOS' | i18n }}</h1>
@@ -23,4 +20,7 @@
       <button tuiButton class="button">{{ 'Login' | i18n }}</button>
     </form>
   </div>
+} @else {
+  <!-- Insecure context -->
+  <ca-wizard />
 }
diff --git a/web/projects/ui/src/app/services/config.service.ts b/web/projects/ui/src/app/services/config.service.ts
index 4e56e8e46..1f03046bb 100644
--- a/web/projects/ui/src/app/services/config.service.ts
+++ b/web/projects/ui/src/app/services/config.service.ts
@@ -32,6 +32,7 @@ export class ConfigService {
   private getAccessType = utils.once(() => {
     if (useMocks) return mocks.maskAs
     if (this.hostname === 'localhost') return 'localhost'
+    if (this.hostname.endsWith('.onion')) return 'tor'
     if (this.hostname.endsWith('.local')) return 'mdns'
     let ip = null
     try {
@@ -49,11 +50,11 @@ export class ConfigService {
     return this.getAccessType()
   }
 
-  isLanHttp(): boolean {
-    return !this.isHttps() && this.accessType !== 'localhost'
-  }
-
-  isHttps(): boolean {
-    return useMocks ? mocks.maskAsHttps : this.protocol === 'https:'
+  isSecureContext(): boolean {
+    return useMocks
+      ? mocks.maskAsHttps ||
+          mocks.maskAs === 'localhost' ||
+          mocks.maskAs === 'tor'
+      : window.isSecureContext
   }
 }