freedomofpress · harrislapiroff · Jun 24, 2020 · Jun 23, 2020 · Jun 23, 2020 · Jun 24, 2020
diff --git a/common/middleware.py b/common/middleware.py
@@ -0,0 +1,14 @@
+from common.models import FooterSettings
+
+
+class OnionLocationMiddleware(object):
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        footer_settings = FooterSettings.for_site(request.site)
+        if footer_settings.securedrop_onion_address:
+            response['Onion-Location'] = footer_settings.securedrop_onion_address
+        return response
diff --git a/common/migrations/0004_auto_20200624_1553.py b/common/migrations/0004_auto_20200624_1553.py
@@ -0,0 +1,19 @@
+# Generated by Django 2.2.12 on 2020-06-24 15:53
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('common', '0003_customimage_file_hash'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='footersettings',
+            name='securedrop_onion_address',
+            field=models.CharField(default='secrdrop5wyphb5x.onion', help_text='Address for the securedrop.org onion service. Displayed in the site footer and the Onion-Location header.  Must begin with http or https and end with .onion', max_length=255, validators=[django.core.validators.RegexValidator(message='Enter a valid .onion address.', regex='\\.onion$'), django.core.validators.URLValidator(message='Onion address must be a valid URL beginning with http or https', schemes=['http', 'https'])], verbose_name='SecureDrop Onion Address'),
+        ),
+    ]
diff --git a/common/models/settings.py b/common/models/settings.py
@@ -1,4 +1,4 @@
-from django.core.validators import RegexValidator
+from django.core.validators import RegexValidator, URLValidator
 from django.db import models
 
 from wagtail.contrib.settings.models import BaseSetting, register_setting
@@ -44,14 +44,19 @@ class FooterSettings(BaseSetting):
         'SecureDrop Onion Address',
         max_length=255,
         default='secrdrop5wyphb5x.onion',
-        validators=[RegexValidator(regex=r'\.onion$', message="Enter a valid .onion address.")]
+        validators=[
+            RegexValidator(regex=r'\.onion$', message="Enter a valid .onion address."),
+            URLValidator(schemes=['http', 'https'], message='Onion address must be a valid URL beginning with http or https'),
+        ],
+        help_text='Address for the securedrop.org onion service. Displayed in the site footer and the Onion-Location header.  Must begin with http or https and end with .onion',
     )
 
     panels = [
         FieldPanel('title'),
         SnippetChooserPanel('main_menu'),
         FieldPanel('donation_url'),
         PageChooserPanel('contribute_link'),
+        FieldPanel('securedrop_onion_address'),
         MultiFieldPanel(
             [
                 FieldPanel('release_key_description'),

diff --git a/securedrop/settings/base.py b/securedrop/settings/base.py
@@ -112,6 +112,7 @@
 
     # Middleware for content security policy
     'csp.middleware.CSPMiddleware',
+    'common.middleware.OnionLocationMiddleware',
 ]
 
 ROOT_URLCONF = 'securedrop.urls'