From b1e1759f254b172069849fa858c7923c8da0f415 Mon Sep 17 00:00:00 2001
From: Nicolas Giard <github@ngpixel.com>
Date: Sun, 28 Jan 2024 20:03:06 -0500
Subject: [PATCH] fix: set securityTrustProxy to false by default

---
 client/components/admin/admin-security.vue | 2 +-
 server/app/data.yml                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/components/admin/admin-security.vue b/client/components/admin/admin-security.vue
index 7a8d305b..8c062c52 100644
--- a/client/components/admin/admin-security.vue
+++ b/client/components/admin/admin-security.vue
@@ -265,7 +265,7 @@ export default {
         securityOpenRedirect: true,
         securityIframe: true,
         securityReferrerPolicy: true,
-        securityTrustProxy: true,
+        securityTrustProxy: false,
         securitySRI: true,
         securityHSTS: false,
         securityHSTSDuration: 0,
diff --git a/server/app/data.yml b/server/app/data.yml
index 7c3d0803..0cd628a6 100644
--- a/server/app/data.yml
+++ b/server/app/data.yml
@@ -85,7 +85,7 @@ defaults:
       securityOpenRedirect: true
       securityIframe: true
       securityReferrerPolicy: true
-      securityTrustProxy: true
+      securityTrustProxy: false
       securitySRI: true
       securityHSTS: false
       securityHSTSDuration: 300