Fix: Add trust proxy for reverse proxy and fix asset paths for HTTPS

2025-11-11 06:05:12 +03:00
parent b7a8d142db
commit ed75f1bd10
2 changed files with 19 additions and 1 deletions
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -12,6 +12,10 @@ const { apiLimiter } = require('./middlewares/rateLimiter');
 const app = express();
 const PORT = process.env.PORT || 3000;

+// Trust proxy (for Nginx Proxy Manager / reverse proxy)
+// This allows Express to correctly handle X-Forwarded-* headers
+app.set('trust proxy', true);
+
 // Security middleware with relaxed CSP for SPA
 app.use(
  helmet({
@@ -32,7 +36,7 @@ app.use(
        connectSrc: ["'self'", "https:", "http:", "ws:", "wss:"], // Allow API calls
        frameSrc: ["'none'"],
        objectSrc: ["'none'"],
-        upgradeInsecureRequests: [], // Upgrade HTTP to HTTPS if needed
+        // upgradeInsecureRequests removed - causes issues with reverse proxy
      },
    },
    crossOriginEmbedderPolicy: false, // Disable for better compatibility
--- a/frontend/vite.config.js
+++ b/frontend/vite.config.js
@@ -4,4 +4,18 @@ import react from '@vitejs/plugin-react'
 // https://vite.dev/config/
 export default defineConfig({
  plugins: [react()],
+  // Use relative paths for assets (works with both HTTP and HTTPS)
+  base: '/',
+  build: {
+    // Ensure assets use relative paths
+    assetsDir: 'assets',
+    rollupOptions: {
+      output: {
+        // Use relative paths for asset imports
+        assetFileNames: 'assets/[name]-[hash][extname]',
+        chunkFileNames: 'assets/[name]-[hash].js',
+        entryFileNames: 'assets/[name]-[hash].js',
+      },
+    },
+  },
 })