From 173c050f58ee222a3b4a4edad1848a2e422d0d12 Mon Sep 17 00:00:00 2001
From: Zimeng Xiong <zxzimeng@gmail.com>
Date: Sat, 7 Feb 2026 10:30:49 -0800
Subject: [PATCH] fix HTTPS reuqirement when frontend URL is nto HTTPS

---
 backend/src/index.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/backend/src/index.ts b/backend/src/index.ts
index a3f7f5f..adaaaf6 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -259,8 +259,12 @@ app.use((req, res, next) => {
   next();
 });
 
-// HTTPS enforcement in production
-if (config.nodeEnv === "production") {
+// HTTPS enforcement in production only when configured frontend origins use HTTPS.
+const shouldEnforceHttps =
+  config.nodeEnv === "production" &&
+  allowedOrigins.some((origin) => origin.toLowerCase().startsWith("https://"));
+
+if (shouldEnforceHttps) {
   app.use((req, res, next) => {
     if (req.header("x-forwarded-proto") !== "https") {
       res.redirect(`https://${req.header("host")}${req.url}`);