Merge branch 'dev'

fix(rpast): always https for non-loopback hosts
Traefik → container hop in the rSpace stack sets x-forwarded-proto: http even when the real client request is https. That was leaking into the "Open in <rApp>" links emitted in chronicle.mw. Simplify: any non-local host gets https, period.
2026-04-16 17:06:50 -04:00 · 2026-04-16 17:06:25 -04:00
3 changed files with 5 additions and 6 deletions
--- a/n8n-style-automation-canvas-for-rSchedule.md
+++ b/n8n-style-automation-canvas-for-rSchedule.md
--- a/Add-local-first-client-to-rschedule.md
+++ b/Add-local-first-client-to-rschedule.md
--- a/modules/rpast/mod.ts
+++ b/modules/rpast/mod.ts
@ -51,14 +51,13 @@ async function buildProjection(c: any) {

 	// Derive the public base URL from the request so in-timeline "Open in
 	// rApp" links resolve against the same origin the user arrived from.
-	// Default to https — rSpace always runs behind Cloudflare/Traefik TLS in
-	// production. Only fall back to http for loopback dev hosts.
+	// rSpace production is always behind Cloudflare/Traefik TLS, so for any
+	// non-loopback host we always emit https — forwarded-proto headers can
+	// be `http` (internal Traefik→container hop) even though the real client
+	// request was https.
 	const host = c.req.header('x-forwarded-host') ?? c.req.header('host');
 	const isLocal = !host || /^(localhost|127\.|\[::1\])/i.test(host);
-	const forwardedProto = c.req.header('x-forwarded-proto');
-	const proto = forwardedProto === 'http' || forwardedProto === 'https'
-		? forwardedProto
-		: (isLocal ? 'http' : 'https');
+	const proto = isLocal ? 'http' : 'https';
 	const baseUrl = host ? `${proto}://${host}` : undefined;

 	const sources = await enumerateCreations(space, { modules, from, to });