From b95f66a806c9d05f9edc905b6bd58be02e5f8b77 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 6 Nov 2019 09:00:32 +0100
Subject: [PATCH] scanner: only allow HTTPS versions of the whitelist

---
 fdroidserver/scanner.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fdroidserver/scanner.py b/fdroidserver/scanner.py
index acc19e72..94c8cf72 100644
--- a/fdroidserver/scanner.py
+++ b/fdroidserver/scanner.py
@@ -96,7 +96,7 @@ def scan_source(build_dir, build=metadata.Build()):
 
     gradle_mavenrepo = re.compile(r'maven *{ *(url)? *[\'"]?([^ \'"]*)[\'"]?')
 
-    allowed_repos = [re.compile(r'^https?://' + re.escape(repo) + r'/*') for repo in [
+    allowed_repos = [re.compile(r'^https://' + re.escape(repo) + r'/*') for repo in [
         'repo1.maven.org/maven2',  # mavenCentral()
         'jcenter.bintray.com',     # jcenter()
         'jitpack.io',