From f0c4364dcd0e1a0ac99e611b1edd0c7a29a2f3c7 Mon Sep 17 00:00:00 2001 From: david_bai Date: Fri, 10 Oct 2025 20:59:20 +0800 Subject: [PATCH] fix(config): lan-tls without --enable-web-https must still use same-origin when Nginx is enabled - generate-config.sh: in lan-tls without HTTPS, set NEXT_PUBLIC_API_URL empty when WITH_NGINX=true so frontend uses relative /api and /socket.io; widen CORS origins to include http://localhost and http:// - deploy.sh: pass --with-nginx to config generator for consistency --- deploy.sh | 1 + docker/scripts/generate-config.sh | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/deploy.sh b/deploy.sh index 009aa89..f165c41 100644 --- a/deploy.sh +++ b/deploy.sh @@ -393,6 +393,7 @@ setup_environment() { local detect_args="" [[ -n "$DOMAIN_NAME" ]] && detect_args="--domain $DOMAIN_NAME" [[ -n "$DEPLOYMENT_MODE" ]] && detect_args="$detect_args --mode $DEPLOYMENT_MODE" + [[ "$WITH_NGINX" == "true" ]] && detect_args="$detect_args --with-nginx" [[ "$WITH_SNI443" == "true" ]] && detect_args="$detect_args --enable-sni443" [[ "$DISABLE_SNI443" == "true" ]] && detect_args="$detect_args --no-sni443" [[ "$ENABLE_WEB_HTTPS" == "true" ]] && detect_args="$detect_args --enable-web-https" diff --git a/docker/scripts/generate-config.sh b/docker/scripts/generate-config.sh index 0807c6e..e610f7a 100755 --- a/docker/scripts/generate-config.sh +++ b/docker/scripts/generate-config.sh @@ -210,6 +210,14 @@ generate_env_file() { api_url="https://${LOCAL_IP}:${HTTPS_LISTEN_PORT}" fi ssl_mode="self-signed" + else + # No TLS enabled: use HTTP. When Nginx is enabled, enforce same-origin gateway. + cors_origin="http://${LOCAL_IP},http://localhost,http://${LOCAL_IP}:3002,http://localhost:3002" + if [[ "$WITH_NGINX" == "true" ]]; then + api_url="" + else + api_url="http://${LOCAL_IP}:3001" + fi fi ;; public)