Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
7b4ba86435adbbdd2f0f6a3a3e0b3130eb547509
sofarr/server/app.js
Gronod 94fe0dea4d
Some checks failed
Build and Push Docker Image / build (push) Successful in 31s
Details
CI / Tests & coverage (push) Has been cancelled
Details
CI / Security audit (push) Has been cancelled
Details
fix: only emit upgrade-insecure-requests when TRUST_PROXY is set 
NODE_ENV=production enabled upgrade-insecure-requests unconditionally,
which instructed browsers to upgrade HTTP subresource requests to HTTPS.
When sofarr is accessed directly over HTTP (no reverse proxy), this
silently blocks all CSS, JS, and image loads — the page renders unstyled
with no functionality.

The correct signal for 'we are behind HTTPS' is TRUST_PROXY, not
NODE_ENV. upgrade-insecure-requests is now only emitted when a
TLS-terminating reverse proxy is confirmed to be in front.
2026-05-17 09:34:52 +01:00

3.7 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink