New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strange https redirect bug in prod mode only #964

Closed

kethinov opened this issue Oct 13, 2020 · 1 comment · Fixed by #1026

Assignees

Labels

bug P1

Member

kethinov commented Oct 13, 2020

Create sample app
Start it in prod mode
Instead of visiting http://localhost:43711, visit http://[your IP]:43711
You will be redirected to the same URL, but with HTTPS, and the page will not load because of a SSL error.

kethinov added bug P1 labels

kethinov assigned Autre31415

Member

Autre31415 commented Nov 12, 2020 •

edited

Loading

Helmet 4.0 changed the default settings to include a content security policy, so an app developer either needs to configure it for their domain, or disable csp via:

"helmet": {
  "contentSecurityPolicy": false
}

hudson-pace mentioned this issue

Remove upgrade-insecure-request from helmet config #1026

Merged

kethinov closed this as completed in #1026

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment