lhumina_code/hero_office
0
0
Fork 0
Code Issues 5 Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix(office_ui): emit upgrade-insecure-requests CSP only when OO_SERVER_URL is https #7

Closed
mahmoud wants to merge 0 commits from development_fix_csp_only_when_https into development
pull from: development_fix_csp_only_when_https
merge into: lhumina_code:development
Conversation 0 Commits - Files changed - +18 -9
mahmoud commented 2026-04-26 13:16:18 +00:00
Owner
Copy link

Closing — PR was opened under the wrong forge user due to a token mix-up. Re-opening under the correct identity.

Closing — PR was opened under the wrong forge user due to a token mix-up. Re-opening under the correct identity.
Editor wrapper unconditionally set the CSP `upgrade-insecure-requests`
on both the meta tag and the response header. Browsers then forced
`http://` OnlyOffice URLs to `https://`, breaking HTTP-only dev setups
with SSL handshake errors and `DocsAPI is not defined`. Skip the CSP
when `OO_SERVER_URL` itself starts with `http://`.
zaelgohary closed this pull request 2026-04-26 13:19:06 +00:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_office!7
No description provided.