4aa1554f3a
Without nginx forwarding Host/X-Forwarded-Proto headers, fromExpressRequest() builds a wrong URL (e.g. http://127.0.0.1:3000/...) that Fedify doesn't recognise as its own base URL — so it calls next() and requests fall through to auth middleware, returning 302 to the login page. This breaks webfinger, actor lookups, and AP inbox delivery. The patch overrides the URL construction in createFedifyMiddleware() and fromExpressRequest() to use the configured publicationUrl as the base, bypassing the dependency on proxy headers entirely. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
6.0 KiB
6.0 KiB