monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(setup): add --no-https flag, ask about HTTPS during domain setup

Browse Source 
The wizard previously hardcoded https:// for APP_BASE_URL and
CORS_ORIGINS. LAN and dev deployments without TLS need http:// or
browsers silently drop Secure cookies, causing login to fail.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Staack
2026-03-21 16:30:34 -05:00
parent ddb4ce2512
commit cb2a311a1f
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
setup.py
View File

@@ -645,11 +645,21 @@ def wizard_domain(config: dict, args: argparse.Namespace) -> None:
domain = re.sub(r"^https?://", "", raw).rstrip("/") domain = re.sub(r"^https?://", "", raw).rstrip("/")
config["domain"] = domain config["domain"] = domain
config["app_base_url"] = f"https://{domain}"
config["cors_origins"] = f"https://{domain}"
ok(f"APP_BASE_URL=https://{domain}") # Determine protocol — default HTTPS for production, allow HTTP for LAN/dev
ok(f"CORS_ORIGINS=https://{domain}") if args.non_interactive:
use_https = not getattr(args, 'no_https', False)
else:
use_https = ask_yes_no("Use HTTPS? (disable for LAN/dev without TLS)", default=True)
protocol = "https" if use_https else "http"
config["app_base_url"] = f"{protocol}://{domain}"
config["cors_origins"] = f"{protocol}://{domain}"
ok(f"APP_BASE_URL={protocol}://{domain}")
ok(f"CORS_ORIGINS={protocol}://{domain}")
if not use_https:
warn("Running without HTTPS — cookies will not be Secure. Fine for LAN, not for public internet.")
# ── Reverse proxy ─────────────────────────────────────────────────────────── # ── Reverse proxy ───────────────────────────────────────────────────────────
@@ -1540,6 +1550,8 @@ def _build_parser() -> argparse.ArgumentParser:
help="Use TLS for SMTP (default: true in non-interactive)") help="Use TLS for SMTP (default: true in non-interactive)")
parser.add_argument("--no-smtp-tls", action="store_true", default=False, parser.add_argument("--no-smtp-tls", action="store_true", default=False,
help="Disable TLS for SMTP") help="Disable TLS for SMTP")
parser.add_argument("--no-https", action="store_true", default=False,
help="Use HTTP instead of HTTPS (for LAN/dev without TLS)")
parser.add_argument("--proxy", type=str, default=None, parser.add_argument("--proxy", type=str, default=None,
help="Reverse proxy type: caddy, nginx, apache, haproxy, traefik, skip") help="Reverse proxy type: caddy, nginx, apache, haproxy, traefik, skip")
parser.add_argument("--telemetry", action="store_true", default=False, parser.add_argument("--telemetry", action="store_true", default=False,