From 1165e52c92fec4fc6fd1d9a67eeabce1ef7d6059 Mon Sep 17 00:00:00 2001
From: Dorian <z00york@mac.com>
Date: Sun, 12 Apr 2026 07:05:32 -0400
Subject: [PATCH] fix: Gitea iframe uses proxy path, not direct port

Added gitea to PROXY_APPS so it always routes through /app/gitea/
nginx proxy (same origin as parent page). Fixes X-Frame-Options
SAMEORIGIN rejection when loading via direct port.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 neode-ui/src/views/appSession/appSessionConfig.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/neode-ui/src/views/appSession/appSessionConfig.ts b/neode-ui/src/views/appSession/appSessionConfig.ts
index 8eab5884..aae56c5c 100644
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@@ -51,7 +51,9 @@ export const APP_PORTS: Record<string, number> = {
 /** Apps that need nginx proxy for iframe embedding.
  *  IndeedHub loads via /app/indeedhub/ proxy for nostr-provider.js injection
  *  from the container's internal nginx so iframe works on all servers. */
-export const PROXY_APPS: Record<string, string> = {}
+export const PROXY_APPS: Record<string, string> = {
+  'gitea': '/app/gitea/',
+}
 
 /** Nginx proxy paths -- used on HTTPS to avoid mixed content (HTTPS parent + HTTP port iframe).
  *  On HTTP, direct port access is used instead (faster, no proxy). */
@@ -97,7 +99,6 @@ export const HTTPS_PROXY_PATHS: Record<string, string> = {
 
 /** External HTTPS apps -- always loaded directly */
 export const EXTERNAL_URLS: Record<string, string> = {
-  'gitea': 'http://23.182.128.160:3000',
   'nwnn': 'https://nwnn.l484.com',
   '484-kitchen': 'https://484.kitchen',
   'call-the-operator': 'https://cta.tx1138.com',