Modpol/LuHost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb46519722c5c4b55361d811a72bbb420aee541e
LuHost/app.js
Nathan Schneider eebe0d8ac5 fix: disable upgrade-insecure-requests for local HTTP access 
Helmet's default CSP includes upgrade-insecure-requests, which causes
browsers to upgrade all resource requests (CSS, JS, etc.) to HTTPS.
This breaks LuHost when accessed over HTTP on the local network.

Explicitly disable it so HTTP-only deployments work correctly.
2026-02-02 20:16:05 -07:00

8.6 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink