From 48e1b732d864d91913a5e3d03c7056fa0264f95e Mon Sep 17 00:00:00 2001
From: Maurice <mauriceboe@icloud.com>
Date: Sat, 28 Mar 2026 21:35:23 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20disable=20Helmet=20HSTS=20when=20FORCE?=
 =?UTF-8?q?=5FHTTPS=20is=20not=20set=20=E2=80=94=20fixes=20#58=20#59?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/src/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/src/index.ts b/server/src/index.ts
index 7b1b09a..74af704 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -63,6 +63,7 @@ app.use(helmet({
     }
   },
   crossOriginEmbedderPolicy: false,
+  hsts: process.env.FORCE_HTTPS === 'true' ? { maxAge: 31536000, includeSubDomains: false } : false,
 }));
 // Redirect HTTP to HTTPS (opt-in via FORCE_HTTPS=true)
 if (process.env.FORCE_HTTPS === 'true') {