Fix: Add trust proxy for reverse proxy and fix asset paths for HTTPS

2025-11-11 06:05:12 +03:00
parent b7a8d142db
commit ed75f1bd10
2 changed files with 19 additions and 1 deletions
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -12,6 +12,10 @@ const { apiLimiter } = require('./middlewares/rateLimiter');
 const app = express();
 const PORT = process.env.PORT || 3000;

+// Trust proxy (for Nginx Proxy Manager / reverse proxy)
+// This allows Express to correctly handle X-Forwarded-* headers
+app.set('trust proxy', true);
+
 // Security middleware with relaxed CSP for SPA
 app.use(
  helmet({
@@ -32,7 +36,7 @@ app.use(
        connectSrc: ["'self'", "https:", "http:", "ws:", "wss:"], // Allow API calls
        frameSrc: ["'none'"],
        objectSrc: ["'none'"],
-        upgradeInsecureRequests: [], // Upgrade HTTP to HTTPS if needed
+        // upgradeInsecureRequests removed - causes issues with reverse proxy
      },
    },
    crossOriginEmbedderPolicy: false, // Disable for better compatibility