+
+
-
+
{{ item }}
@@ -259,8 +260,9 @@ export default {
}
this.focus()
},
- removeItem(item) {
- var remaining = this.selected.filter((i) => i !== item)
+ removeItem(item, idx) {
+ var remaining = this.selected.slice()
+ remaining.splice(idx, 1)
this.$emit('input', remaining)
this.$emit('removedItem', item)
this.$nextTick(() => {
diff --git a/server/auth/OidcAuthStrategy.js b/server/auth/OidcAuthStrategy.js
index 0780b7612..64ab82448 100644
--- a/server/auth/OidcAuthStrategy.js
+++ b/server/auth/OidcAuthStrategy.js
@@ -527,7 +527,16 @@ class OidcAuthStrategy {
// For absolute URLs, ensure they point to the same origin
const callbackUrlObj = new URL(callbackUrl)
- const currentProtocol = req.secure || req.get('x-forwarded-proto') === 'https' ? 'https' : 'http'
+ // NPM appends both http and https in x-forwarded-proto sometimes, so we need to check for both
+ const xfp = (req.get('x-forwarded-proto') || '').toLowerCase()
+ const currentProtocol =
+ req.secure ||
+ xfp
+ .split(',')
+ .map((s) => s.trim())
+ .includes('https')
+ ? 'https'
+ : 'http'
const currentHost = req.get('host')
// Check if protocol and host match exactly