grabowski
6252041631
Deploy to LXC / deploy (push) Successful in 19s
Caddy sets X-Forwarded-Proto: https on all routes, making SvelteKit think the request is HTTPS. The session cookie got the Secure flag, but the browser on http://100.81.174.129 won't send Secure cookies over plain HTTP. Now checks the actual Origin header to determine if the connection is truly HTTPS. Tor works because .onion is treated as a secure context by Tor Browser. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>