diff --git a/js/privatebin.js b/js/privatebin.js
index 2d330622..c2085f9b 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -4538,10 +4538,29 @@ jQuery.PrivateBin = (function($, RawDeflate) {
}
const url = new URL(window.location);
+
// HTTP is obviously insecure
if (url.protocol !== 'http:') {
return false;
}
+
+ // filter out actually secure connections over HTTP
+ if (
+ url.hostname.endsWith('.onion') ||
+ url.hostname.endsWith('.i2p')
+ ) {
+ return false;
+ }
+
+ // whitelist localhost for development
+ if (
+ url.hostname === 'localhost' ||
+ url.hostname === '127.0.0.1'
+ ) {
+ return false;
+ }
+
+ // totally INSECURE http protocol!
return true;
}
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index b60a9ce2..45b231e4 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ if ($MARKDOWN):
endif;
?>
-
+
diff --git a/tpl/page.php b/tpl/page.php
index 32e662b9..aaddba1f 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ if ($MARKDOWN):
endif;
?>
-
+