FORCE_HTTPS now documents all four effects (redirect, HSTS, CSP upgrade-insecure-requests, secure cookie flag) and is clearly marked optional. COOKIE_SECURE default updated to "auto" with explanation of auto-derivation logic. TRUST_PROXY clarifies it's off in dev unless set and is required for FORCE_HTTPS. charts/README.md gains FORCE_HTTPS and TRUST_PROXY entries. README prose expanded to explain all three vars and their interaction. |
||
|---|---|---|
| .. | ||
| public | ||
| scripts | ||
| src | ||
| tests | ||
| .env.example | ||
| package-lock.json | ||
| package.json | ||
| reset-admin.js | ||
| tsconfig.json | ||
| vitest.config.ts | ||