Gandalf/sofarr
Public Access
0
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases 39 Wiki Activity

fix: correct upgradeInsecureRequests in index.js (the actual production config)
Build and Push Docker Image / build (push) Successful in 26s
Details
CI / Security audit (push) Successful in 42s
Details
CI / Tests & coverage (push) Successful in 1m5s
Details

Browse Source 
The previous fix was applied to server/app.js (the test factory) but
index.js has its own independent Helmet configuration which is what the
production server actually executes. Both files now gate
upgrade-insecure-requests on TRUST_PROXY instead of NODE_ENV.
This commit is contained in:
Gronod
2026-05-17 09:36:26 +01:00
parent 94fe0dea4d
commit c3ae3a80de
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/index.js
+1 -1
View File
@@ -137,7 +137,7 @@ app.use((req, res, next) => {
baseUri: ["'self'"], baseUri: ["'self'"],
frameAncestors: ["'none'"], frameAncestors: ["'none'"],
formAction: ["'self'"], formAction: ["'self'"],
upgradeInsecureRequests: process.env.NODE_ENV === 'production' ? [] : null upgradeInsecureRequests: process.env.TRUST_PROXY ? [] : null
} }
}, },
hsts: { hsts: {