diff --git a/client/components/ui/MultiSelect.vue b/client/components/ui/MultiSelect.vue index bf0d1ec99..c7572ba50 100644 --- a/client/components/ui/MultiSelect.vue +++ b/client/components/ui/MultiSelect.vue @@ -4,10 +4,11 @@
-
+ +
- +
{{ item }}
@@ -259,8 +260,9 @@ export default { } this.focus() }, - removeItem(item) { - var remaining = this.selected.filter((i) => i !== item) + removeItem(item, idx) { + var remaining = this.selected.slice() + remaining.splice(idx, 1) this.$emit('input', remaining) this.$emit('removedItem', item) this.$nextTick(() => { diff --git a/server/auth/OidcAuthStrategy.js b/server/auth/OidcAuthStrategy.js index 0780b7612..64ab82448 100644 --- a/server/auth/OidcAuthStrategy.js +++ b/server/auth/OidcAuthStrategy.js @@ -527,7 +527,16 @@ class OidcAuthStrategy { // For absolute URLs, ensure they point to the same origin const callbackUrlObj = new URL(callbackUrl) - const currentProtocol = req.secure || req.get('x-forwarded-proto') === 'https' ? 'https' : 'http' + // NPM appends both http and https in x-forwarded-proto sometimes, so we need to check for both + const xfp = (req.get('x-forwarded-proto') || '').toLowerCase() + const currentProtocol = + req.secure || + xfp + .split(',') + .map((s) => s.trim()) + .includes('https') + ? 'https' + : 'http' const currentHost = req.get('host') // Check if protocol and host match exactly