Modpol/LuHost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Modpol:deed72641089ea8f848c412c75f6f97bf45cc657
Branches Tags
Modpol:main
..
compare: Modpol:fb46519722c5c4b55361d811a72bbb420aee541e
Branches Tags
Modpol:main

2 Commits
deed726410 ... fb46519722

Author SHA1 Message Date
Nathan Schneider
fb46519722 Merge branch 'main' of https://git.medlab.host/Modpol/LuHost 2026-02-02 20:17:08 -07:00
Nathan Schneider
eebe0d8ac5 fix: disable upgrade-insecure-requests for local HTTP access 
Helmet's default CSP includes upgrade-insecure-requests, which causes
browsers to upgrade all resource requests (CSS, JS, etc.) to HTTPS.
This breaks LuHost when accessed over HTTP on the local network.

Explicitly disable it so HTTP-only deployments work correctly.
 2026-02-02 20:16:05 -07:00
1 changed files with 2 additions and 1 deletions
Expand all files Collapse all files

3
app.js
View File

@@ -55,7 +55,8 @@ app.use(helmet({
imgSrc: ["'self'", "data:", "https:"], imgSrc: ["'self'", "data:", "https:"],
connectSrc: ["'self'", "ws:", "wss:"], connectSrc: ["'self'", "ws:", "wss:"],
formAction: ["'self'"], formAction: ["'self'"],
frameAncestors: ["'none'"] frameAncestors: ["'none'"],
upgradeInsecureRequests: null // Disable for local HTTP access
} }
} }
})); }));