From ae7961ed495c4cacbf011a98ad6eb591c7b1a1bc Mon Sep 17 00:00:00 2001
From: Jan-Lukas Else <mail@jlelse.de>
Date: Mon, 2 Aug 2021 21:10:38 +0200
Subject: [PATCH] Fix Tor header on media requests

---
 http.go            | 7 +++++++
 httpMiddlewares.go | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/http.go b/http.go
index 050025c..ca27d60 100644
--- a/http.go
+++ b/http.go
@@ -157,6 +157,13 @@ func (a *goBlog) buildRouter() (http.Handler, error) {
 	r.Use(middleware.RedirectSlashes)
 	r.Use(middleware.CleanPath)
 	r.Use(middleware.GetHead)
+
+	// Tor
+	if a.cfg.Server.Tor {
+		r.Use(a.addOnionLocation)
+	}
+
+	// Cache
 	if cache := a.cfg.Cache; cache != nil && !cache.Enable {
 		r.Use(middleware.NoCache)
 	}
diff --git a/httpMiddlewares.go b/httpMiddlewares.go
index 247d23e..a58c479 100644
--- a/httpMiddlewares.go
+++ b/httpMiddlewares.go
@@ -42,6 +42,12 @@ func (a *goBlog) securityHeaders(next http.Handler) http.Handler {
 		w.Header().Set("X-Frame-Options", "SAMEORIGIN")
 		w.Header().Set("X-Xss-Protection", "1; mode=block")
 		w.Header().Set("Content-Security-Policy", "default-src 'self'"+cspDomains)
+		next.ServeHTTP(w, r)
+	})
+}
+
+func (a *goBlog) addOnionLocation(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if a.torAddress != "" {
 			w.Header().Set("Onion-Location", a.torAddress+r.RequestURI)
 		}