mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-04-27 20:35:05 +02:00
ae3e1deece
Helmet's useDefaults adds upgrade-insecure-requests to the CSP, which forces browsers to upgrade all HTTP requests to HTTPS. Since most LXC users access Immich directly via HTTP, this breaks the web UI completely (CORS errors, spinning logo). Patch helmet.json after deploy to explicitly null out the directive, keeping CSP benefits while allowing HTTP access. Fixes #13597
17 KiB
17 KiB