From 68b7057a76b165ad3b0df89e2935a030b79aa33a Mon Sep 17 00:00:00 2001 From: Debanjum Date: Tue, 17 Jun 2025 14:08:45 -0700 Subject: [PATCH] Share https url unless explicitly disabled or on localhost --- src/khoj/routers/api_chat.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/khoj/routers/api_chat.py b/src/khoj/routers/api_chat.py index 8091a13d..adee186e 100644 --- a/src/khoj/routers/api_chat.py +++ b/src/khoj/routers/api_chat.py @@ -24,6 +24,7 @@ from khoj.database.adapters import ( ) from khoj.database.models import Agent, KhojUser from khoj.processor.conversation import prompts +from khoj.processor.conversation.openai.utils import is_local_api from khoj.processor.conversation.prompts import help_message, no_entries_found from khoj.processor.conversation.utils import ( OperatorRun, @@ -77,6 +78,7 @@ from khoj.utils.helpers import ( get_country_code_from_timezone, get_country_name_from_timezone, get_device, + is_env_var_true, is_none_or_empty, is_operator_enabled, ) @@ -432,6 +434,9 @@ def duplicate_chat_history_public_conversation( user = request.user.object domain = request.headers.get("host") scheme = request.url.scheme + # Force https upgrade if not explicitly disabled and not local host + if scheme == "http" and not is_env_var_true("KHOJ_NO_HTTPS") and not is_local_api(f"{request.base_url}"): + scheme = "https" # Throw unauthorized exception if domain not in ALLOWED_HOSTS host_domain = domain.split(":")[0]