fix: release v1.7.51-alpha install hardening

This commit is contained in:
archipelago
2026-05-01 05:02:39 -04:00
parent be9f9528c3
commit 05e6c2e738
13 changed files with 519 additions and 118 deletions

View File

@@ -83,9 +83,11 @@ const launchableApps = computed<KioskApp[]>(() => {
const pkgs = store.data?.['package-data'] || {}
const apps: KioskApp[] = []
// App URL mappings — use nginx proxy paths for local apps
// App URL mappings. Bitcoin UI uses its direct host-network port; loading it
// through /app/bitcoin-ui/ can render a blank shell because its assets are
// rooted at /.
const urlMap: Record<string, string> = {
'bitcoin-knots': '/app/bitcoin-ui/',
'bitcoin-knots': 'http://' + window.location.hostname + ':8334',
'lnd': '/app/lnd/',
'mempool': '/app/mempool/',
'btcpay-server': '/app/btcpay/',

View File

@@ -55,9 +55,6 @@ export const PROXY_APPS: Record<string, string> = {
/** Nginx proxy paths -- used on HTTPS to avoid mixed content (HTTPS parent + HTTP port iframe).
* On HTTP, direct port access is used instead (faster, no proxy). */
export const HTTPS_PROXY_PATHS: Record<string, string> = {
'bitcoin-knots': '/app/bitcoin-ui/',
'bitcoin-core': '/app/bitcoin-ui/',
'bitcoin-ui': '/app/bitcoin-ui/',
'lnd': '/app/lnd/',
'electrumx': '/app/electrumx/',
'electrs': '/app/electrumx/',
@@ -137,9 +134,11 @@ export function resolveAppUrl(id: string, routeQueryPath?: string): string {
const ext = EXTERNAL_URLS[id]
if (ext) return ext
// Bitcoin apps always go through nginx proxy so browser basic-auth prompts never appear.
// Bitcoin UI is a host-network companion on :8334. Do not launch it via
// /app/bitcoin-ui/: the static UI is built for root and renders a blank
// shell when proxied under a path prefix on some nodes.
if (id === 'bitcoin-knots' || id === 'bitcoin-core' || id === 'bitcoin-ui') {
return window.location.protocol + '//' + window.location.hostname + '/app/bitcoin-ui/'
return 'http://' + window.location.hostname + ':8334'
}
// HTTPS pages cannot embed plain HTTP port origins (mixed-content).