paulchen
commented
2 years ago @pointydev Thanks for the suggestion. I agree that in that case linking to HTTPS does not make sense, considering that Tor comes with its own encryption for onion services anyway. I modified the header to show the text "Connection via onion service" in that case.
Hey there,
On the .onion version of the site, the prompt in the header bar to "Use an encrypted connection" leads to an SSL error as the domain isn't specified on the certificate (as seen below). As getting certs for .onion is a rather protracted process, it might be worth it to hide the prompt when usage of the onion service is detected instead, to prevent users from becoming desensitised to such warnings.
Thanks, Elliott