aheh/PrivyDrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(config): lan-tls without --enable-web-https must still use same-origin when Nginx is enabled

Browse Source 
- generate-config.sh: in lan-tls without HTTPS, set NEXT_PUBLIC_API_URL empty when WITH_NGINX=true so frontend uses relative /api and /socket.io; widen CORS origins to include http://localhost and http://<LOCAL_IP>
- deploy.sh: pass --with-nginx to config generator for consistency
This commit is contained in:
david_bai
2025-10-10 20:59:20 +08:00
parent 8ef43029d5
commit f0c4364dcd
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+1
View File
@@ -393,6 +393,7 @@ setup_environment() {
local detect_args=""
[[ -n "$DOMAIN_NAME" ]] && detect_args="--domain $DOMAIN_NAME"
[[ -n "$DEPLOYMENT_MODE" ]] && detect_args="$detect_args --mode $DEPLOYMENT_MODE"
[[ "$WITH_NGINX" == "true" ]] && detect_args="$detect_args --with-nginx"
[[ "$WITH_SNI443" == "true" ]] && detect_args="$detect_args --enable-sni443"
[[ "$DISABLE_SNI443" == "true" ]] && detect_args="$detect_args --no-sni443"
[[ "$ENABLE_WEB_HTTPS" == "true" ]] && detect_args="$detect_args --enable-web-https"
docker/scripts/generate-config.sh
+8
View File
@@ -210,6 +210,14 @@ generate_env_file() {
api_url="https://${LOCAL_IP}:${HTTPS_LISTEN_PORT}"
fi
ssl_mode="self-signed"
else
# No TLS enabled: use HTTP. When Nginx is enabled, enforce same-origin gateway.
cors_origin="http://${LOCAL_IP},http://localhost,http://${LOCAL_IP}:3002,http://localhost:3002"
if [[ "$WITH_NGINX" == "true" ]]; then
api_url=""
else
api_url="http://${LOCAL_IP}:3001"
fi
fi
;;
public)