From 273e50886e55d6cd4b9538de5f6cabcc8364d31d Mon Sep 17 00:00:00 2001 From: Ricel Leite Date: Wed, 18 Feb 2026 23:48:31 -0300 Subject: [PATCH] fix: add HTTPSRedirectMiddleware to prevent mixed content errors --- app/main.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/app/main.py b/app/main.py index 0fe2600..0731333 100644 --- a/app/main.py +++ b/app/main.py @@ -1,15 +1,27 @@ """JIRA AI Fixer - Enterprise Issue Analysis Platform.""" from contextlib import asynccontextmanager -from fastapi import FastAPI +from fastapi import FastAPI, Request from fastapi.middleware.cors import CORSMiddleware from fastapi.staticfiles import StaticFiles -from fastapi.responses import FileResponse +from fastapi.responses import FileResponse, RedirectResponse +from starlette.middleware.base import BaseHTTPMiddleware import os from app.core.config import settings from app.core.database import init_db from app.api import api_router +class HTTPSRedirectMiddleware(BaseHTTPMiddleware): + """Force HTTPS in redirects when behind reverse proxy.""" + async def dispatch(self, request: Request, call_next): + response = await call_next(request) + # Fix Location header to use HTTPS if behind proxy + if response.status_code in (301, 302, 303, 307, 308): + location = response.headers.get("location", "") + if location.startswith("http://"): + response.headers["location"] = location.replace("http://", "https://", 1) + return response + @asynccontextmanager async def lifespan(app: FastAPI): # Startup @@ -24,9 +36,13 @@ app = FastAPI( docs_url="/api/docs", redoc_url="/api/redoc", openapi_url="/api/openapi.json", - lifespan=lifespan + lifespan=lifespan, + redirect_slashes=False # Disable automatic slash redirects ) +# Add HTTPS redirect middleware +app.add_middleware(HTTPSRedirectMiddleware) + # CORS app.add_middleware( CORSMiddleware,