From 33b3f0650caf6ebf5b8858d63ece83b59e491ff2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20H=C3=A4ger?= <martin.haeger@gmail.com>
Date: Tue, 2 Mar 2021 01:50:25 +0100
Subject: [PATCH] Permit cleartext for .onion addresses
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Tor and Onion service protocols provide encryption and authentication
respectively. Since Domain Validation certificates aren't currently being
issued for .onion addresses, the HTTPS requirement makes Element practically
incompatible with homeservers operated by individuals on Tor.

Signed-off-by: Martin Häger <martin.haeger@gmail.com>
---
 CHANGES.md                                          | 1 +
 vector/src/main/res/xml/network_security_config.xml | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 5125d158ec..8ec0b79bfe 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,7 @@ Features ✨:
  -
 
 Improvements 🙌:
+ - Allow non-HTTPS connections to homeservers on Tor (#2941)
  - Fetch homeserver type and version and display in a new setting screen and add info in rageshakes (#2831)
  - Improve initial sync performance (#983)
  - PIP support for Jitsi call (#2418)
diff --git a/vector/src/main/res/xml/network_security_config.xml b/vector/src/main/res/xml/network_security_config.xml
index 1f323dffd1..4bf79f16ba 100644
--- a/vector/src/main/res/xml/network_security_config.xml
+++ b/vector/src/main/res/xml/network_security_config.xml
@@ -11,6 +11,8 @@
         <domain includeSubdomains="true">127.0.0.1</domain>
         <!-- Localhost for Android emulator -->
         <domain includeSubdomains="true">10.0.2.2</domain>
+        <!-- Onion services -->
+        <domain includeSubdomains="true">onion</domain>
     </domain-config>
 
     <debug-overrides>