gronod
f41d14b2a9
Build and Push Docker Image / build (push) Successful in 36s
CI / Security audit (push) Successful in 49s
CI / Tests & coverage (push) Successful in 59s
secure:true cookies are only sent by browsers over HTTPS connections. When NODE_ENV=production (always set in the Docker container) but no TLS proxy is in front, the browser receives the cookie on login but refuses to send it on subsequent HTTP requests — causing every authenticated endpoint (/stream, /status, etc.) to return 401. The correct signal is TRUST_PROXY: it is only set when a TLS-terminating reverse proxy is confirmed to be in front. Affects emby_user and csrf_token cookies across login, /csrf refresh, and logout.
6.8 KiB
6.8 KiB