From fdb6789a63292801d247280d6f8c9e762ef483e7 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Fri, 19 Dec 2025 14:40:23 +0000 Subject: [PATCH] fix: respect X-Forwarded-Proto header for hasHTTPS in /api/security/status Fixes issue where /api/security/status reports hasHTTPS=false when accessed via HTTPS through a reverse proxy like Caddy. Resolves feedback from discussion #845 (clar2242). --- internal/api/router.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/router.go b/internal/api/router.go index eca4ad2..8748d12 100644 --- a/internal/api/router.go +++ b/internal/api/router.go @@ -549,7 +549,7 @@ func (r *Router) setupRoutes() { "configuredButPendingRestart": configuredButPendingRestart, "hasAuditLogging": hasAuditLogging, "credentialsEncrypted": credentialsEncrypted, - "hasHTTPS": req.TLS != nil, + "hasHTTPS": req.TLS != nil || strings.EqualFold(req.Header.Get("X-Forwarded-Proto"), "https"), "clientIP": clientIP, "isPrivateNetwork": isPrivateNetwork, "isTrustedNetwork": isTrustedNetwork,