Modpol/LuHost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eebe0d8ac5285427099f5428f36dd2a3d8083baa
LuHost/app.js
Nathan Schneider eebe0d8ac5 fix: disable upgrade-insecure-requests for local HTTP access 
Helmet's default CSP includes upgrade-insecure-requests, which causes
browsers to upgrade all resource requests (CSS, JS, etc.) to HTTPS.
This breaks LuHost when accessed over HTTP on the local network.

Explicitly disable it so HTTP-only deployments work correctly.
2026-02-02 20:16:05 -07:00

8.6 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink