Gronod c3ae3a80de fix: correct upgradeInsecureRequests in index.js (the actual production config) ...

The previous fix was applied to server/app.js (the test factory) but
index.js has its own independent Helmet configuration which is what the
production server actually executes. Both files now gate
upgrade-insecure-requests on TRUST_PROXY instead of NODE_ENV.

2026-05-17 09:36:26 +01:00

11 KiB

Raw Blame History

View Raw