From ba5cce62fbb3d481031652f22779904149d357e6 Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Thu, 5 Mar 2026 23:11:00 +0000
Subject: [PATCH] Fix OIDC logout form posting to http:// behind reverse proxy

The oidc-provider generates form actions using http:// despite proxy
trust settings, causing an insecure form submission warning. Rewrite
the form action URL to https:// before rendering.
---
 server/utils/oidc-provider.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/utils/oidc-provider.ts b/server/utils/oidc-provider.ts
index 8a76ba8..63dd819 100644
--- a/server/utils/oidc-provider.ts
+++ b/server/utils/oidc-provider.ts
@@ -214,11 +214,13 @@ export async function getOidcProvider() {
       rpInitiatedLogout: {
         enabled: true,
         logoutSource: async (ctx: any, form: string) => {
+          // oidc-provider generates http:// form actions behind reverse proxy
+          const secureForm = form.replace('http://ghostguild.org', 'https://ghostguild.org');
           ctx.body = guildPageShell("Sign Out", `
             <h1>Sign Out</h1>
             <p>Do you want to sign out of your Ghost Guild session?</p>
             <p class="subtext">This will sign you out of the wiki and any other connected services.</p>
-            ${form}
+            ${secureForm}
             <div class="actions">
               <button class="btn-primary" form="op.logoutForm" type="submit" value="yes" name="logout">Yes, sign me out</button>
               <a class="btn-secondary" href="https://wiki.ghostguild.org">Stay signed in</a>